Hello Vladimir, It's worth trying to reproduce the situation using openssl s_client/s_server command-line apps.
On Fri, Feb 7, 2020 at 9:25 PM Bashin, Vladimir <vbas...@empirix.com> wrote: > Hello, OpenSSL experts ! > > > > We need your help in better understanding a below behavior - > > > > We are experiencing issue during the initial TLS handshake : > > We have the customer-issued TLS certificate that we deploy on our TLS > client system > > The certs have been generated with a CSR that was generated on customer’s > FIPS compliant server > > The CSR was then signed by CA hosted on SMGR > > > > During the endpoint registration with the server we have an endpoint > initiated TLS handshake – during that handshake the TLS server requests the > client Certificate but our TLS client responds with the Certificates Length > 0 that causes the TLS server to respond with the Handshake Failure. > > > > > > The Google search gives some generic ideas on why that might be happening > – something along the following lines - that could be happening in case the > client’s certificate does not match the server certificate – for example, > due to a signing authority mismatch, or due to the encryption cipher type > mismatch, or maybe due to some other factors. > > > > Could you please help us in better understanding this issue – what else > could be wrong or missing in the Server and Client certificates ? > > > > > > > > > > > > > > > > Thanks, > > Vladimir Bashin > > > -- SY, Dmitry Belyavsky