[Users] certificate recommendations
Klaus Darilion
klaus.mailinglists at pernau.at
Fri Nov 10 12:06:18 CET 2006
Hi Mark!
If I understand it correctly, the problem is on the phone. Which phone
do you use?
How does the phone handle the CA certs? Can you specify multiple files?
Can you upload the intermediate CA instead of the root CA to the phone?
How is your openser configured? Have you added the intermediate
certificate into the CA file? I think if you will it it to the CA file,
openssl will send not only the server certificate to the client, but the
whole certificate chain.
regards
klaus
Mark Price wrote:
> Can I have some recommendations about what company and what package to go
> with for a certificate to work with openser?
> I have a cert from godaddy, and it seems that it won't work with openser
> because of the intermediate certificate that they require you to use.
>
> Godaddy issues a certificate, a private key and an intermediate certificate
> (the intermediate certificate
> So openser loads just fine if I set:
> tls_certifcate=cert.pem
> tls_preivate_key=cert.key
>
> but the phone still fails to validate the certificate, because there is no
> place to specify the intermediate certificate.
> The intermediate certificate is the one that corresponds to the apache2 ssl
> directive SSLCertificateChainFile.
>
> The phone says:
> Registration Error: 503 - Certificate Validation Failure
>
> and the openser logs say:
> 7(7201) tls_accept: Error in SSL:
> 7(7201) tls_error: error:14094418:SSL routines:SSL3_READ_BYTES:tlsv1 alert
> unknown ca
>
> Thanks,
> Mark Price
>
>
> ------------------------------------------------------------------------
>
> _______________________________________________
> Users mailing list
> Users at openser.org
> http://openser.org/cgi-bin/mailman/listinfo/users
--
Klaus Darilion
nic.at
More information about the Users
mailing list