[omniORB] SSL - unknown ca

Burton, Craig CBurton at verisign.com
Wed Nov 17 08:48:45 GMT 2004 

Hi Seb,

I'm not sure what you are recommending; which cert file must contain both certificates?

According to the example, it seems that the client/server pem files contained both their own private keys as well as their own (unique) certificates:

Root.pem
    -----BEGIN CERTIFICATE-----
    MIIC/jCCArugAwIBAgIBADALBgcqhkjOOAQDBQAwZDELMAkGA1UEBhMCVVMxHzAd
    <snip>
    -----END CERTIFICATE-----

Client.pem
    -----BEGIN DSA PRIVATE KEY-----
    Proc-Type: 4,ENCRYPTED
    DEK-Info: DES-EDE3-CBC,6C564F40B5DCAD05

    KX+eHTEYK7WnAyYm1Y3NFFeiw+wXhlfP2VM4xEw6udVfxBF2KXzsx8rqqGC8BYxs
    <snip>
    -----END DSA PRIVATE KEY-----
    -----BEGIN CERTIFICATE-----
    MIIC8jCCAq8CAgELMAsGByqGSM44BAMFADBkMQswCQYDVQQGEwJVUzEfMB0GA1UE
    <snip>
    -----END CERTIFICATE-----

Server.pem
    -----BEGIN DSA PRIVATE KEY-----
    Proc-Type: 4,ENCRYPTED
    DEK-Info: DES-EDE3-CBC,C5ED1167223F2F2F

    y5qH6Q0Nvb5SUcJEYYp6+V2YDK3uXwFsdEwz4YjvD73hwoE0kGpnxrvL1WNbftE9
    <snip>
    -----END DSA PRIVATE KEY-----
    -----BEGIN CERTIFICATE-----
    MIIDDzCCAs2gAwIBAgICAQwwCwYHKoZIzjgEAwUAMGQxCzAJBgNVBAYTAlVTMR8w
    <snip>
    -----END CERTIFICATE-----

I do not observe that any of the cert files contain two certs - it is either cert by itself, or key with cert, all unique.

I appreciate your advice, but could you be more specific as to which cert file requires two concatenated certificates?

Thanks,
Craig


-----Original Message-----
From: omniorb-list-bounces at omniorb-support.com [mailto:omniorb-list-bounces at omniorb-support.com] On Behalf Of Sébastien Bouchex
Sent: Tuesday, November 16, 2004 11:14 PM
To: 'omniorb-list at omniorb-support.com'
Subject: RE: [omniORB] SSL - unknown ca


Hi,

Make sure that your certificate file contains the certificate of the server
and the certificate of the ca. You just need to concatenate both into a
single file and it should work.

Seb

-----Original Message-----
From: Burton, Craig [mailto:CBurton at verisign.com] 
Sent: Wednesday, November 17, 2004 12:53 AM
To: omniORB
Subject: [omniORB] SSL - unknown ca

I am working through the ssl_echo example, and believe that everything is
compiled properly.  However, in attempting to generate a self-signed cert
along with client/server certs/keys, I have encountered the following
problem when the client attempts to work with the server (the following is
the server trace):

    omniORB: openSSL error detected in sslEndpoint::accept.
    Reason: error:14094418:SSL routines:SSL3_READ_BYTES:tlsv1 alert unknown
ca

Anyone have any suggestions on how to make valid, self-signed certificates?

Thanks,
Craig

Craig Burton
VeriSign Communication Services

_______________________________________________
omniORB-list mailing list
omniORB-list at omniorb-support.com
http://www.omniorb-support.com/mailman/listinfo/omniorb-list

_______________________________________________
omniORB-list mailing list
omniORB-list at omniorb-support.com
http://www.omniorb-support.com/mailman/listinfo/omniorb-list

More information about the omniORB-list mailing list