> On Apr 25, 2017, at 4:41 PM, Blumenthal, Uri - 0553 - MITLL <u...@ll.mit.edu>
> wrote:
>
> Client objects to the server chain. Either does not trust the MiTM root
> CA, or
> is unhappy about its encoding (assuming tshark is not generating an FP
> warning).
>
> Thank you! So it is the *client* that breaks the connection, and it is
> unhappy either about MiTM, or the encoding. I will check for both (though not
> much I can do about either).
Well, if there is not facility to configure the client's trusted root CAs,
then of course it won't trust the MiTM root cert. Presumably you've added
that cert to some trust store on the system in question.
The support staff for the product should be able to tell you how to configure
trusted TLS CAs, if these are configurable.
If the product is not using OpenSSL, this question really is off topic for
this list. If it is using OpenSSL, there may be some place where it looks
for its CAfile or some CApath directory.
--
Viktor.
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
