Can't get Client certificates to work
|
2013-03-29, 09:58
Post: #11
|
|||
|
|||
RE: Can't get Client certificates to work
(2013-03-28 22:04)robinsmidsrod Wrote: Maybe I'm missing something here, but I can't see any indication that you've specified _intention_ for the server and client sertificates. Mustn't they be specified as TLS Server/Client-type certificates? I'm not exactly sure how that is done with openssl, but unless those flags aren't specified in a config file not included (like ca.cnf or something else) I'm going to assume that might be a possible problem. BTW: Using curl with the client certificates against your server (which has ssqlrequire set) should make it quicker to verify that your setup works. Hello Robin! Thank you for your answer. I have user the ca.cnf as specified here ipxe crypto with the exception of the parameter "default_md" which doesn't accept the value of "default", so i set it to sha1. Here is the ca.cnf I use: Code: [ ca ] I'm not that good in openSSL to find out where the problem may be but as far as I could find out using google this should be OK. In previous attempts to get it running I also tried md5 without success. Since Michael mentioned that the server sends two combined certs I also tried to use the CA Cert on the Server which also worked fine for SSL and Code Verification but not for Client Verification. I have never used curl (I'm a Windows Developer - eh - have been ;-) )but I will give it a try. Additional I have another question: Doesn't ipxe resolve server addresses? "Problem" is that I'm not able to specify a URL like https://ipxe.myserver.com in the script. I have to use the IP which causes me to use the IP as CommonName in the Certs which isn't really a problem but using a machine name would be nicer. But probably this is an dnsmask configuration issue. Thank you all for your trying to help me. Thorsten |
|||
« Next Oldest | Next Newest »
|
Messages In This Thread |
Can't get Client certificates to work - Viator - 2013-03-22, 18:42
RE: Can't get Client certificates to work - mcb30 - 2013-03-23, 22:02
RE: Can't get Client certificates to work - Viator - 2013-03-25, 09:56
RE: Can't get Client certificates to work - mcb30 - 2013-03-25, 11:57
RE: Can't get Client certificates to work - Viator - 2013-03-25, 13:20
RE: Can't get Client certificates to work - mcb30 - 2013-03-25, 13:50
RE: Can't get Client certificates to work - robinsmidsrod - 2013-03-28, 22:04
RE: Can't get Client certificates to work - Viator - 2013-03-29 09:58
RE: Can't get Client certificates to work - robinsmidsrod - 2013-03-29, 17:19
RE: Can't get Client certificates to work - Viator - 2013-04-02, 14:43
|
User(s) browsing this thread: 1 Guest(s)