What do I need to add to my OpenSSL TLS client side in order to support intermediate certificates?

Posted by rursw1 on Stack Overflow See other posts from Stack Overflow or by rursw1
Published on 2010-04-15T15:00:26Z Indexed on 2010/04/15 15:03 UTC
Read the original article Hit count: 199

Filed under:

openssl

|

certificate

|

authentication

Hi all,

I have an OpenSSL client-side implementation that establishes a TLS (v1) connection successfully.

It works fine, untill I'm trying to use a subordinate CA certificate and not a root CA one. What do I need to add to the code?

I use OpenSSL 00.9.8k.

Thanks.

© Stack Overflow or respective owner

Related posts about openssl

Redhat | Openssl installation error

as seen on Server Fault - Search for 'Server Fault'
make -f objs/Makefile make[1]: Entering directory `/root/fuse-ssh/nginx-0.7.65' cd /usr/bin/openssl \ && make clean \ && ./config --prefix=/usr/bin/openssl/.openssl no-shared no-threads \ && make \ && make install /bin/sh: line 0: cd:… >>> More
Redhat | Openssl installation error

as seen on Stack Overflow - Search for 'Stack Overflow'
make -f objs/Makefile make[1]: Entering directory `/root/fuse-ssh/nginx-0.7.65' cd /usr/bin/openssl \ && make clean \ && ./config --prefix=/usr/bin/openssl/.openssl no-shared no-threads \ && make \ && make install /bin/sh: line 0: cd:… >>> More
Upgrade OpenSSL 0.9.8k to OpenSSL 1.0.1c on Ubuntu 10.04

as seen on Server Fault - Search for 'Server Fault'
We're currently using Ubuntu 10.04 and based on the PCI Compliance results, we're told to upgrade our OpenSSL. I attempted to do this using this reference: http://sandilands.info/sgordon/upgrade-latest-version-openssl-on-ubuntu and http://www.lunarforums.com/dedicated_web_hosting_at_lunarpages/upgrading_openssl-t35015… >>> More
Installing OpenSSL that supports SNI along with previous version of OpenSSL

as seen on Server Fault - Search for 'Server Fault'
So I learned that to host multiple HTTPS websites on the same IP address you need an OpenSSL version that supports SNI (0.9.8f and higher). My RHEL5 box currently has 0.9.8e and Apache version httpd-2.2.26-2.el5. According to a same question here it's not a good idea to replace the original version… >>> More
Solaris X86 AESNI OpenSSL Engine

as seen on Oracle Blogs - Search for 'Oracle Blogs'
Solaris X86 AESNI OpenSSL Engine Cryptography is a major component of secure e-commerce. Since cryptography is compute intensive and adds a significant load to applications, such as SSL web servers (https), crypto performance is an important factor. Providing accelerated crypto hardware greatly… >>> More

Related posts about certificate

IIS SSL Certificate Renewal Pain

as seen on West-Wind - Search for 'West-Wind'
I’m in the middle of my annual certificate renewal for the West Wind site and I can honestly say that I hate IIS’s certificate system. When it works it’s fine, but when it doesn’t man can it be a pain. Because I deal with public certificates on my site merely once a year, and you have to perform… >>> More
apache Client Certificate Authentication errors: Certificate Verification: Error (18): self signed certificate

as seen on Server Fault - Search for 'Server Fault'
So I have been following instructions on setting up Client Certificate Authentication in Apache2 w/ mod_ssl. This is solely for the purpose of testing an application against CAA, not for any sort of production use. So far I've followed http://www.impetus.us/~rjmooney/projects/misc/clientcertauth… >>> More
Nginx and client certificates from hierarchical OpenSSL-based certification authorities

as seen on Server Fault - Search for 'Server Fault'
I'm trying to set up root certification authority, subordinate certification authority and to generate the client certificates signed by any of this CA that nginx 0.7.67 on Debian Squeeze will accept. My problem is that root CA signed client certificate works fine while subordinate CA signed one results… >>> More
How to find, whether the certificate is a private certificate or a public certificate

as seen on Stack Overflow - Search for 'Stack Overflow'
I have to write a MSI, where in i have to give only the public certicate. In case the user gives a private certificate, it should pop up an error message. >>> More
Developer certificate vs purchased certificate for WCF

as seen on Stack Overflow - Search for 'Stack Overflow'
I understsand that if I want to use authentication in WCF then I need to install a certificate on my server which WCF will use to encrypt data passing between my server and client. For development purposes I believe I can use the makecert.exe util. to make a development certificate. What is the… >>> More