Hi,

both with openssl, I am trying to have a server and client that perform
client certificate authentication.

So, I start the server as follows:
openssl s_server -www -key /dir/server-key.pem -cert /dir/server-cert.pem
-CAfile /dir/cacert.pem -state

and as per the previous posts on the list, the CAfile is not empty since
openssl x509 -in /dir/cacert.pem -noout -text
gives nice output.

Then, I connect from a different shell window on the same server with

openssl s_client -connect localhost:4433 -cert /dir/clientCert.pem -key
/dir/ClientCertKey.pem -CAfile /dir/server-cert.pem

and I get asked for my key's password.

/dir/cacert.pem and /dir/clientCert.pem are identical since it is a
self-signed client certificate.

Then a connection is established successfully, but I see the

"No client certificate CA names sent"

Then I do a
R
on the client side since that ought request the client certificate as per
http://openssl.org/docs/apps/s_serve...ECTED_COMMANDS, but no
change.

Also, when doing "GET /" there is not hint a client certificate
authentication has happened.

Is there any other option I have overlooked to tell s_server it really
should ask for a client certificate?

Many thanks for any hints in advance!

Ralf

__________________________________________________ ____________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager majordomo@openssl.org