> > The key here is the "unknown ca", failing the handshake, either because > > the trust chain is broken somehow or the certs need to be generated now > > in a different way with OpenSSL 3.2.
I looked at ./t/conf/ssl/ca/asf/certs/ca.crt on the last system I ran the framework on, and it seems to be missing the most "basic" (pun intended) CA extensions. Can you try getting it to create a CA cert [v3] with a critical Basic Constraints and isCA: TRUE? --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org