Community technical support mailing list was retired 2010 and replaced with a professional technical support team. For assistance please contact: Pre-sales Technical support via email to sales@march-hare.com.
Richard Wirth wrote: > DS> Or rather, the protocol is the same, but he's now trying to do a bit > more at DS> the application level (validation of server/client > certificates by the DS> looks of it). > > Looks like he is currently modifying the server -- now I get: > > Server certificate verification failed: self signed certificate in > certificate chain > > BTW. Why is a self signed certificate a cause for failing?? At the > moment at one of my customers I use a self signed certificate > exlusively :( IIRC, you have to tell SSL explicitly to allow a self-sigined cert (or rather code the logic to allow this into your app)... my guess is that this option hasn't been set (which is why you are getting a message complaining about a self-signed cert.). BTW, rather than using self-signed certs, get your certs from cacert.org (which is included in cvsnt's ca.pem so that's one less thing to worry about). I'm not a great fan of self-signed certs, well, not unless you also have setup a CA to go with them to deal with CRLs, etc. Tony: what changes are you making to SSL/sserver: Checking peer certificates? Checking CRLs? It might be handy if cvs info could also provide some of the info from the server's certificate too -- David Somers VoIP: FWD 622885 PGP Key = 7E613D4E Fingerprint = 53A0 D84B 7F90 F227 2EAB 4FD7 6278 E2A8 7E61 3D4E