Welcome! Log In Create A New Profile

Advanced

Re: Thawte SSL with 3 certificates

June 06, 2011 07:59PM
So after playing around with this further and using the openssl client to see what is coming back it's still not working. For some reason the chain hierarchy isn't coming through to the client. Even with openssl client it can see there are three certificates but the one thing that stands out for me is that there is a line in the response saying "No client certificate CA names sent" which chimes with what I'm seeing on the Chrome side which is that the certificate itself is valid but there's no hierarchy that allows the certificate to become authorised.

Any ideas with this? I'm totally stumped - especially because I've dealt with 2 certificate set ups before with absolutely no problems once I realised I needed to concatenate them...

For what it's worth - this is the output of openssl client (obfuscated)

Cheers
ajfisher


CONNECTED(00000003)
depth=3 /C=ZA/ST=Western Cape/L=Cape Town/O=Thawte Consulting cc/OU=Certification Services Division/CN=Thawte Premium Server CA/emailAddress=premium-server@thawte.com
verify return:1
depth=2 /C=US/O=thawte, Inc./OU=Certification Services Division/OU=(c) 2006 thawte, Inc. - For authorized use only/CN=thawte Primary Root CA
verify return:1
depth=1 /C=US/O=Thawte, Inc./CN=Thawte SSL CA
verify return:1
depth=0 /C=AU/ST=Victoria/L=North Melbourne/O=My Bizg/OU=Marketing/CN=my.domain.com
verify return:1
---
Certificate chain
0 s:/C=AU/ST=Victoria/L=North Melbourne/O=My Biz/OU=Marketing/CN=my.domain.com
i:/C=US/O=Thawte, Inc./CN=Thawte SSL CA
1 s:/C=US/O=thawte, Inc./OU=Certification Services Division/OU=(c) 2006 thawte, Inc. - For authorized use only/CN=thawte Primary Root CA
i:/C=ZA/ST=Western Cape/L=Cape Town/O=Thawte Consulting cc/OU=Certification Services Division/CN=Thawte Premium Server CA/emailAddress=premium-server@thawte.com
2 s:/C=US/O=Thawte, Inc./CN=Thawte SSL CA
i:/C=US/O=thawte, Inc./OU=Certification Services Division/OU=(c) 2006 thawte, Inc. - For authorized use only/CN=thawte Primary Root CA
---
Server certificate
-----BEGIN CERTIFICATE-----
.. SNIP ..
-----END CERTIFICATE-----
subject=/C=AU/ST=Victoria/L=North Melbourne/O=My Biz/OU=Marketing/CN=my.domain.com
issuer=/C=US/O=Thawte, Inc./CN=Thawte SSL CA
---
No client certificate CA names sent
---
SSL handshake has read 3687 bytes and written 319 bytes
---
New, TLSv1/SSLv3, Cipher is DHE-RSA-AES256-SHA
Server public key is 1024 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
SSL-Session:
Protocol : TLSv1
Cipher : DHE-RSA-AES256-SHA
Session-ID: 87D1AEB1E1625530ACACB0E88458C0AB310A4C94A2DAA8E5F9F7C333747FBD2D
Session-ID-ctx:
Master-Key: ... SNIP ...
Key-Arg : None
Krb5 Principal: None
Start Time: 1307404193
Timeout : 300 (sec)
Verify return code: 0 (ok)
---
read:errno=0
Subject Author Posted

Thawte SSL with 3 certificates

ajfisher June 05, 2011 03:12AM

Re: Thawte SSL with 3 certificates

Igor Sysoev June 05, 2011 03:32AM

Re: Thawte SSL with 3 certificates

ajfisher June 05, 2011 08:04AM

Re: Thawte SSL with 3 certificates

ajfisher June 06, 2011 07:59PM

Re: Thawte SSL with 3 certificates

Maxim Dounin June 06, 2011 08:16PM



Sorry, only registered users may post in this forum.

Click here to login

Online Users

Guests: 71
Record Number of Users: 6 on February 13, 2018
Record Number of Guests: 421 on December 02, 2018
Powered by nginx      Powered by FreeBSD      PHP Powered      Powered by MariaDB      ipv6 ready