OK, the certificate authority (CA) is missing in your client command:
openssl s_client ... -CAfile name_of_cafile.pem In my opinion a client should use a different certificate/private key pair but signed by the same CA. Best regards, Steffen 2006/12/29, Ncheeku Baranov <[EMAIL PROTECTED]>:
You are correct, so just for the trial purposes if I want the TLS handshake to be successful what credentials for the client should I use? i.e. can I do something like: openssl s_client -cert user-cert.pem -key user-privkey.pem -state -connect 10.30.00.41:5061 on doing this it comes back with an error saying Verify Return Code: 21 (Unable to verify the first certificate), Should I be using new certificates or with the same set of certificates I can achive a successful handshake? Thanks a lot.. Ncheeku
_______________________________________________ Users mailing list [email protected] http://openser.org/cgi-bin/mailman/listinfo/users
