You could try examining both PEM-encoded certificates using an ASN.1 decoder, such as the one here - http://lapo.it/asn1js
-----Original Message----- From: owner-openssl-us...@openssl.org [mailto:owner-openssl-us...@openssl.org] On Behalf Of Barbe, Charles Sent: Sunday, July 6, 2014 8:42 PM To: openssl-users@openssl.org Subject: Certificate problem I'm having a problem with generating certificates and I'm wondering if anybody has any suggestions on where to look. I have the following certificates and associated private keys: A - certificate A generated with one version of my software not using openssl B - certificate B generated with a new version of my software that does use openssl CA - a local certificate authority whose private key is used to sign both A and B I can verify both A and B using openssl verify using CA as the cafile argument. However, when I install CA on a client and try to connect a web browser to my server running the two different versions of software, they complain that they cannot find the issuer with A but not with B. I have examined both certificates and cannot find anything different about them. As far as I can tell, the only difference is that B used openssl to generate the certificate and A used our own custom software. The odd thing to me is that openssl verify can verify both just fine. What are the web browsers doing different? I've tried chrome, Firefox and opera and all behave the same... Accepting B and rejecting A. Does anybody have any suggestions on where to look to figure this out? A tool to use? I realize that actually attaching the certa might be helpful but I do not have them handy as I write this. Please let me know if that might help somebody help me figure this out. Thanks! Chad. ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
smime.p7s
Description: S/MIME cryptographic signature
