Hi Mark!
If I understand it correctly, the problem is on the phone. Which phone
do you use?
How does the phone handle the CA certs? Can you specify multiple files?
Can you upload the intermediate CA instead of the root CA to the phone?
How is your openser configured? Have you added the intermediate
certificate into the CA file? I think if you will it it to the CA file,
openssl will send not only the server certificate to the client, but the
whole certificate chain.
regards
klaus
Mark Price wrote:
Can I have some recommendations about what company and
what package to go
with for a certificate to work with openser?
I have a cert from godaddy, and it seems that it won't work with openser
because of the intermediate certificate that they require you to use.
Godaddy issues a certificate, a private key and an intermediate certificate
(the intermediate certificate
So openser loads just fine if I set:
tls_certifcate=cert.pem
tls_preivate_key=cert.key
but the phone still fails to validate the certificate, because there is no
place to specify the intermediate certificate.
The intermediate certificate is the one that corresponds to the apache2 ssl
directive SSLCertificateChainFile.
The phone says:
Registration Error: 503 - Certificate Validation Failure
and the openser logs say:
7(7201) tls_accept: Error in SSL:
7(7201) tls_error: error:14094418:SSL routines:SSL3_READ_BYTES:tlsv1 alert
unknown ca
Thanks,
Mark Price
------------------------------------------------------------------------
_______________________________________________
Users mailing list
Users(a)openser.org
http://openser.org/cgi-bin/mailman/listinfo/users
--
Klaus Darilion
nic.at