[cvsnt-dev] Re: Re[2]: cvs.cvsnt.org is down??

David Somers dsomers at omz13.com
Mon Aug 1 14:24:21 BST 2005

Community technical support mailing list was retired 2010 and replaced with a professional technical support team. For assistance please contact: Pre-sales Technical support via email to sales@march-hare.com.

Richard Wirth wrote:
> DS> Or rather, the protocol is the same, but he's now trying to do a bit
> more at DS> the application level (validation of server/client
> certificates by the DS> looks of it).
> Looks like he is currently modifying the server -- now I get:
> Server certificate verification failed: self signed certificate in
> certificate chain
> BTW. Why is a self signed certificate a cause for failing?? At the
> moment at one of my customers I use a self signed certificate
> exlusively :(

IIRC, you have to tell SSL explicitly to allow a self-sigined cert (or
rather code the logic to allow this into your app)... my guess is that this
option hasn't been set (which is why you are getting a message complaining
about a self-signed cert.).

BTW, rather than using self-signed certs, get your certs from cacert.org
(which is included in cvsnt's ca.pem so that's one less thing to worry

I'm not a great fan of self-signed certs, well, not unless you also have
setup a CA to go with them to deal with CRLs, etc.

Tony: what changes are you making to SSL/sserver: Checking peer
certificates? Checking CRLs? It might be handy if cvs info could also
provide some of the info from the server's certificate too

David Somers
VoIP: FWD 622885
PGP Key = 7E613D4E
Fingerprint = 53A0 D84B 7F90 F227 2EAB  4FD7 6278 E2A8 7E61 3D4E

More information about the cvsnt-dev mailing list