Demo Discussion
Forum Config Examples Contributions Vulnerabilities
  Discussion forum about ELOG  Not logged in ELOG logo
 Back  |  Find  |  Login  |  Help 
icon5.gif   chain.crt, posted by Gerhard Schneider on Thu Sep 3 21:55:52 2009 
    icon2.gif   Re: chain.crt, posted by Stefan Ritt on Fri Sep 4 08:33:16 2009 
    icon2.gif   Re: chain.crt, posted by Gerhard Schneider on Wed Oct 7 07:56:52 2009 
Message ID: 66556     Entry time: Wed Oct 7 07:56:52 2009     In reply to: 66525
Icon: Reply  Author: Gerhard Schneider  Author Email: gs@ilsb.tuwien.ac.at 
Category: Question  OS: Linux  ELOG Version: 2.7.7-2246 
Subject: Re: chain.crt  
> Like many educational institutions we get "educational certificates" that are chain certificates..
>  
> only shows: 
> 
> CONNECTED(00000003)
> 25523:error:14077410:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert handshake failure:s23_clnt.c:562:
> 
> What do I do wrong?
> 

After reading the OpenSSL Documentation:

The certificates must be in PEM format and must be sorted starting with the subject's certificate (actual client or
server certificate), followed by intermediate CA certificates if applicable, and ending at the highest level (root) CA.

The chain.crt has to be of the following format:

HOST CERTIFICATE
INTERMEDIATE CERTIFICATE
ROOT CERTIFICATE

Then it is working w/o problems

GS
ELOG V3.1.5-fe60aaf