Community technical support mailing list was retired 2010 and replaced with a professional technical support team. For assistance please contact: Pre-sales Technical support via email to sales@march-hare.com.
On Wed, 7 May 2003 21:12:08 -0400, "Nate" <nath_meyer at hotmail.com> wrote: >Ok, now that the server is working, I can't get the client to verify the >server's certificate. As I understand, cvsnt client is verifying the servers >authenticity, so I have the CA cert and priv key on the client (generated by >OpenSSL 0.9.7b). On the server, I have the same CA cert (so the client can >verify). All I get is: Server certificate verification failed (error 18). I >also tried the default certificate/rsa private key that comes with the >installation, but that doesn't work either. Hopefully this should be it and >I'll be on my merry way =) > > If you're using a nonstandard CA then you'll have to put it in the ca.pem file on both the client and server so that it can be verified (the problem with this setup of course is you have to put it in all clients, which means extra work). The ca.pem file goes in the same place as the sserver_protocol.dll file. If you're not too worried about verification it's easiest to use a selfsign certificate, which is what is generated by default on installation (by default the server will work this way without any extra setup). Alternatively you can get a certificate that works with the default CA list from www.cacert.org (or verisign, etc. if you really want to). If you're having problems verify the certificate with openssl first.. eg: openssl verify -purpose sslserver -CAfile ca.pem cvsnt.pem Tony