<div dir="ltr">Hi ,<div><br></div><div>Please see in attach the files that I'm using.</div><div>I generate the certificates with the following commands:</div><div><br></div><div><ol class="gmail-bash" style="color:rgb(172,172,172);background:rgb(247,247,247);margin:0px;padding:0px 0px 0px 55px;font-family:Consolas,Menlo,Monaco,"Lucida Console","Liberation Mono","DejaVu Sans Mono","Bitstream Vera Sans Mono",monospace,serif;font-size:12px"><li class="gmail-li1" style="background:rgb(255,255,255)"><div class="gmail-de1" style="padding:0px 8px;vertical-align:top;color:rgb(51,51,51);border-left:1px solid rgb(221,221,221);background:rgb(248,248,248)"><span class="gmail-co0" style="color:rgb(102,102,102);font-style:italic">## Create CA</span></div></li><li class="gmail-li1" style="background:rgb(255,255,255)"><div class="gmail-de1" style="padding:0px 8px;vertical-align:top;color:rgb(51,51,51);border-left:1px solid rgb(221,221,221);background-image:initial;background-position:initial;background-size:initial;background-repeat:initial;background-origin:initial;background-clip:initial">openssl genrsa <span class="gmail-re5" style="color:rgb(102,0,51)">-out</span> ca.key <span class="gmail-nu0" style="color:rgb(0,0,0)">4096</span></div></li><li class="gmail-li1" style="background:rgb(255,255,255)"><div class="gmail-de1" style="padding:0px 8px;vertical-align:top;color:rgb(51,51,51);border-left:1px solid rgb(221,221,221);background-image:initial;background-position:initial;background-size:initial;background-repeat:initial;background-origin:initial;background-clip:initial">openssl req <span class="gmail-re5" style="color:rgb(102,0,51)">-new</span> <span class="gmail-re5" style="color:rgb(102,0,51)">-x509</span> <span class="gmail-re5" style="color:rgb(102,0,51)">-days</span> <span class="gmail-nu0" style="color:rgb(0,0,0)">365</span> <span class="gmail-re5" style="color:rgb(102,0,51)">-key</span> ca.key <span class="gmail-re5" style="color:rgb(102,0,51)">-out</span> ca.crt</div></li><li class="gmail-li2" style="background:rgb(255,255,255)"><div class="gmail-de2" style="padding:0px 8px;vertical-align:top;color:rgb(51,51,51);border-left:1px solid rgb(221,221,221);background-image:initial;background-position:initial;background-size:initial;background-repeat:initial;background-origin:initial;background-clip:initial">openssl x509 <span class="gmail-re5" style="color:rgb(102,0,51)">-in</span> ca.crt <span class="gmail-re5" style="color:rgb(102,0,51)">-out</span> ca.pem <span class="gmail-re5" style="color:rgb(102,0,51)">-outform</span> PEM</div></li><li class="gmail-li2" style="background:rgb(255,255,255)"><div class="gmail-de2" style="padding:0px 8px;vertical-align:top;color:rgb(51,51,51);border-left:1px solid rgb(221,221,221);background-image:initial;background-position:initial;background-size:initial;background-repeat:initial;background-origin:initial;background-clip:initial"><br></div></li></ol><div><ol class="gmail-bash" style="color:rgb(172,172,172);background:rgb(247,247,247);margin:0px;padding:0px 0px 0px 55px;font-family:Consolas,Menlo,Monaco,"Lucida Console","Liberation Mono","DejaVu Sans Mono","Bitstream Vera Sans Mono",monospace,serif;font-size:12px"><li class="gmail-li1" style="background:rgb(255,255,255)"><div class="gmail-de1" style="padding:0px 8px;vertical-align:top;color:rgb(51,51,51);border-left:1px solid rgb(221,221,221);background:rgb(248,248,248)"><span class="gmail-co0" style="color:rgb(102,102,102);font-style:italic">## Create the Server Key and CSR</span></div></li><li class="gmail-li1" style="background:rgb(255,255,255)"><div class="gmail-de1" style="padding:0px 8px;vertical-align:top;color:rgb(51,51,51);border-left:1px solid rgb(221,221,221);background-image:initial;background-position:initial;background-size:initial;background-repeat:initial;background-origin:initial;background-clip:initial">openssl genrsa <span class="gmail-re5" style="color:rgb(102,0,51)">-out</span> server.key <span class="gmail-nu0" style="color:rgb(0,0,0)">4096</span></div></li><li class="gmail-li1" style="background:rgb(255,255,255)"><div class="gmail-de1" style="padding:0px 8px;vertical-align:top;color:rgb(51,51,51);border-left:1px solid rgb(221,221,221);background-image:initial;background-position:initial;background-size:initial;background-repeat:initial;background-origin:initial;background-clip:initial">openssl req <span class="gmail-re5" style="color:rgb(102,0,51)">-new</span> <span class="gmail-re5" style="color:rgb(102,0,51)">-key</span> server.key <span class="gmail-re5" style="color:rgb(102,0,51)">-out</span> server.csr</div></li><li class="gmail-li2" style="background:rgb(255,255,255)"><div class="gmail-de2" style="padding:0px 8px;vertical-align:top;color:rgb(51,51,51);border-left:1px solid rgb(221,221,221);background-image:initial;background-position:initial;background-size:initial;background-repeat:initial;background-origin:initial;background-clip:initial">openssl x509 <span class="gmail-re5" style="color:rgb(102,0,51)">-req</span> <span class="gmail-re5" style="color:rgb(102,0,51)">-days</span> <span class="gmail-nu0" style="color:rgb(0,0,0)">365</span> <span class="gmail-re5" style="color:rgb(102,0,51)">-in</span> server.csr <span class="gmail-re5" style="color:rgb(102,0,51)">-CA</span> ca.crt <span class="gmail-re5" style="color:rgb(102,0,51)">-CAkey</span> ca.key -set_serial 01 <span class="gmail-re5" style="color:rgb(102,0,51)">-out</span> server.crt</div></li><li class="gmail-li2" style="background:rgb(255,255,255)"><div class="gmail-de2" style="padding:0px 8px;vertical-align:top;color:rgb(51,51,51);border-left:1px solid rgb(221,221,221);background-image:initial;background-position:initial;background-size:initial;background-repeat:initial;background-origin:initial;background-clip:initial"><span style="background-color:rgb(248,248,248)">openssl x509 </span><span class="gmail-re5" style="color:rgb(102,0,51)">-in</span><span style="background-color:rgb(248,248,248)"> server.crt </span><span class="gmail-re5" style="color:rgb(102,0,51)">-out</span><span style="background-color:rgb(248,248,248)"> server.pem </span><span class="gmail-re5" style="color:rgb(102,0,51)">-outform</span><span style="background-color:rgb(248,248,248)"> PEM</span><br></div></li><li class="gmail-li2" style="background:rgb(255,255,255)"><div class="gmail-de2" style="padding:0px 8px;vertical-align:top;color:rgb(51,51,51);border-left:1px solid rgb(221,221,221);background-image:initial;background-position:initial;background-size:initial;background-repeat:initial;background-origin:initial;background-clip:initial"><span style="background-color:rgb(248,248,248)"><br></span></div></li></ol><div><ol class="gmail-bash" style="color:rgb(172,172,172);background:rgb(247,247,247);margin:0px;padding:0px 0px 0px 55px;font-family:Consolas,Menlo,Monaco,"Lucida Console","Liberation Mono","DejaVu Sans Mono","Bitstream Vera Sans Mono",monospace,serif;font-size:12px"><li class="gmail-li1" style="background:rgb(255,255,255)"><div class="gmail-de1" style="padding:0px 8px;vertical-align:top;color:rgb(51,51,51);border-left:1px solid rgb(221,221,221);background:rgb(248,248,248)"><span class="gmail-co0" style="color:rgb(102,102,102);font-style:italic">## Create the Client Key and CSR</span></div></li><li class="gmail-li1" style="background:rgb(255,255,255)"><div class="gmail-de1" style="padding:0px 8px;vertical-align:top;color:rgb(51,51,51);border-left:1px solid rgb(221,221,221);background-image:initial;background-position:initial;background-size:initial;background-repeat:initial;background-origin:initial;background-clip:initial">openssl genrsa <span class="gmail-re5" style="color:rgb(102,0,51)">-out</span> client.key <span class="gmail-nu0" style="color:rgb(0,0,0)">4096</span></div></li><li class="gmail-li1" style="background:rgb(255,255,255)"><div class="gmail-de1" style="padding:0px 8px;vertical-align:top;color:rgb(51,51,51);border-left:1px solid rgb(221,221,221);background-image:initial;background-position:initial;background-size:initial;background-repeat:initial;background-origin:initial;background-clip:initial">openssl req <span class="gmail-re5" style="color:rgb(102,0,51)">-new</span> <span class="gmail-re5" style="color:rgb(102,0,51)">-key</span> client.key <span class="gmail-re5" style="color:rgb(102,0,51)">-out</span> client.csr</div></li><li class="gmail-li1" style="background:rgb(255,255,255)"><div class="gmail-de1" style="padding:0px 8px;vertical-align:top;color:rgb(51,51,51);border-left:1px solid rgb(221,221,221);background-image:initial;background-position:initial;background-size:initial;background-repeat:initial;background-origin:initial;background-clip:initial">openssl x509 <span class="gmail-re5" style="color:rgb(102,0,51)">-req</span> <span class="gmail-re5" style="color:rgb(102,0,51)">-days</span> <span class="gmail-nu0" style="color:rgb(0,0,0)">365</span> <span class="gmail-re5" style="color:rgb(102,0,51)">-in</span> client.csr <span class="gmail-re5" style="color:rgb(102,0,51)">-CA</span> ca.crt <span class="gmail-re5" style="color:rgb(102,0,51)">-CAkey</span> ca.key -set_serial 01 <span class="gmail-re5" style="color:rgb(102,0,51)">-out</span> client.crt</div></li><li class="gmail-li2" style="background:rgb(255,255,255)"><div class="gmail-de2" style="padding:0px 8px;vertical-align:top;color:rgb(51,51,51);border-left:1px solid rgb(221,221,221);background-image:initial;background-position:initial;background-size:initial;background-repeat:initial;background-origin:initial;background-clip:initial">openssl x509 <span class="gmail-re5" style="color:rgb(102,0,51)">-in</span> client.crt <span class="gmail-re5" style="color:rgb(102,0,51)">-out</span> client.pem <span class="gmail-re5" style="color:rgb(102,0,51)">-outform</span> PEM</div></li></ol></div></div></div><div><font color="#333333" face="Consolas, Menlo, Monaco, Lucida Console, Liberation Mono, DejaVu Sans Mono, Bitstream Vera Sans Mono, monospace, serif"><span style="font-size:12px"><br></span></font></div><div><font color="#333333" face="Consolas, Menlo, Monaco, Lucida Console, Liberation Mono, DejaVu Sans Mono, Bitstream Vera Sans Mono, monospace, serif"><span style="font-size:12px">I left the default value of each question that openssl ask when it's creating the certificates like Country, City, CN, etc. Like this way:</span></font></div><blockquote style="margin:0 0 0 40px;border:none;padding:0px"><div><font color="#333333" face="Consolas, Menlo, Monaco, Lucida Console, Liberation Mono, DejaVu Sans Mono, Bitstream Vera Sans Mono, monospace, serif"><span style="font-size:12px"><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">openssl req -new -key server.key -out server.csr</blockquote></span></font></div><div><font color="#333333" face="Consolas, Menlo, Monaco, Lucida Console, Liberation Mono, DejaVu Sans Mono, Bitstream Vera Sans Mono, monospace, serif"><span style="font-size:12px"><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">You are about to be asked to enter information that will be incorporated</blockquote></span></font></div><div><font color="#333333" face="Consolas, Menlo, Monaco, Lucida Console, Liberation Mono, DejaVu Sans Mono, Bitstream Vera Sans Mono, monospace, serif"><span style="font-size:12px"><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">into your certificate request.</blockquote></span></font></div><div><font color="#333333" face="Consolas, Menlo, Monaco, Lucida Console, Liberation Mono, DejaVu Sans Mono, Bitstream Vera Sans Mono, monospace, serif"><span style="font-size:12px"><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">What you are about to enter is what is called a Distinguished Name or a DN.</blockquote></span></font></div><div><font color="#333333" face="Consolas, Menlo, Monaco, Lucida Console, Liberation Mono, DejaVu Sans Mono, Bitstream Vera Sans Mono, monospace, serif"><span style="font-size:12px"><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">There are quite a few fields but you can leave some blank</blockquote></span></font></div><div><font color="#333333" face="Consolas, Menlo, Monaco, Lucida Console, Liberation Mono, DejaVu Sans Mono, Bitstream Vera Sans Mono, monospace, serif"><span style="font-size:12px"><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">For some fields there will be a default value,</blockquote></span></font></div><div><font color="#333333" face="Consolas, Menlo, Monaco, Lucida Console, Liberation Mono, DejaVu Sans Mono, Bitstream Vera Sans Mono, monospace, serif"><span style="font-size:12px"><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">If you enter '.', the field will be left blank.</blockquote></span></font></div><div><font color="#333333" face="Consolas, Menlo, Monaco, Lucida Console, Liberation Mono, DejaVu Sans Mono, Bitstream Vera Sans Mono, monospace, serif"><span style="font-size:12px"><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">-----</blockquote></span></font></div><div><font color="#333333" face="Consolas, Menlo, Monaco, Lucida Console, Liberation Mono, DejaVu Sans Mono, Bitstream Vera Sans Mono, monospace, serif"><span style="font-size:12px"><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">Country Name (2 letter code) [AU]:</blockquote></span></font></div><div><font color="#333333" face="Consolas, Menlo, Monaco, Lucida Console, Liberation Mono, DejaVu Sans Mono, Bitstream Vera Sans Mono, monospace, serif"><span style="font-size:12px"><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">State or Province Name (full name) [Some-State]:</blockquote></span></font></div><div><font color="#333333" face="Consolas, Menlo, Monaco, Lucida Console, Liberation Mono, DejaVu Sans Mono, Bitstream Vera Sans Mono, monospace, serif"><span style="font-size:12px"><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">Locality Name (eg, city) []:</blockquote></span></font></div><div><font color="#333333" face="Consolas, Menlo, Monaco, Lucida Console, Liberation Mono, DejaVu Sans Mono, Bitstream Vera Sans Mono, monospace, serif"><span style="font-size:12px"><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">Organization Name (eg, company) [Internet Widgits Pty Ltd]:</blockquote></span></font></div><div><font color="#333333" face="Consolas, Menlo, Monaco, Lucida Console, Liberation Mono, DejaVu Sans Mono, Bitstream Vera Sans Mono, monospace, serif"><span style="font-size:12px"><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">Organizational Unit Name (eg, section) []:</blockquote></span></font></div><div><font color="#333333" face="Consolas, Menlo, Monaco, Lucida Console, Liberation Mono, DejaVu Sans Mono, Bitstream Vera Sans Mono, monospace, serif"><span style="font-size:12px"><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">Common Name (e.g. server FQDN or YOUR name) []:</blockquote></span></font></div><div><font color="#333333" face="Consolas, Menlo, Monaco, Lucida Console, Liberation Mono, DejaVu Sans Mono, Bitstream Vera Sans Mono, monospace, serif"><span style="font-size:12px"><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">Email Address []:</blockquote></span></font></div><div><font color="#333333" face="Consolas, Menlo, Monaco, Lucida Console, Liberation Mono, DejaVu Sans Mono, Bitstream Vera Sans Mono, monospace, serif"><span style="font-size:12px"><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">Please enter the following 'extra' attributes</blockquote></span></font></div><div><font color="#333333" face="Consolas, Menlo, Monaco, Lucida Console, Liberation Mono, DejaVu Sans Mono, Bitstream Vera Sans Mono, monospace, serif"><span style="font-size:12px"><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">to be sent with your certificate request</blockquote></span></font></div><div><font color="#333333" face="Consolas, Menlo, Monaco, Lucida Console, Liberation Mono, DejaVu Sans Mono, Bitstream Vera Sans Mono, monospace, serif"><span style="font-size:12px"><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">A challenge password []:</blockquote></span></font></div><div><font color="#333333" face="Consolas, Menlo, Monaco, Lucida Console, Liberation Mono, DejaVu Sans Mono, Bitstream Vera Sans Mono, monospace, serif"><span style="font-size:12px"><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">An optional company name []:</blockquote></span></font></div></blockquote><div><font color="#333333" face="Consolas, Menlo, Monaco, Lucida Console, Liberation Mono, DejaVu Sans Mono, Bitstream Vera Sans Mono, monospace, serif"><span style="font-size:12px"><div> </div><div>Thanks.</div><div>Kind regards.</div><div><br></div></span></font></div></div><div class="gmail_extra"><br><div class="gmail_quote">On Thu, Nov 30, 2017 at 2:45 PM, Jan Just Keijser <span dir="ltr"><<a href="mailto:janjust@nikhef.nl" target="_blank">janjust@nikhef.nl</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div text="#000000" bgcolor="#FFFFFF">
<div class="m_-6643648392479011571moz-cite-prefix">Hi,<span class=""><br>
<br>
On 29/11/17 14:37, <a class="m_-6643648392479011571moz-txt-link-abbreviated" href="mailto:wizard2010@gmail.com" target="_blank">wizard2010@gmail.com</a> wrote:<br>
</span></div><span class="">
<blockquote type="cite">
<div dir="ltr">Hi JJK,
<div><br>
</div>
<div>I test you function and I've got this result:</div>
<div>
<blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">ok = 0<br>
cert DN: /C=AU/ST=Some-State/O=Internet Widgits Pty Ltd<br>
ok = 1<br>
cert DN: /C=AU/ST=Some-State/O=Internet Widgits Pty Ltd</blockquote>
</div>
<div><br>
</div>
<div>Why I see this 2 time?</div>
<div>When I create the certificates I didn't fill with any
special information, just type enter in every question that is
made. Did you think this could cause this issue?</div>
<div><br>
</div>
</div>
</blockquote>
<br></span>
what you should have seen is the certificate stack, starting with
the CA, and then the client cert, e.g.<br>
<br>
Connection accept...<br>
ok = 1<br>
cert DN: /C=US/O=Cookbook 2.4/CN=Cookbook 2.4
<a class="m_-6643648392479011571moz-txt-link-abbreviated" href="mailto:CA/emailAddress=openvpn@example.com" target="_blank">CA/emailAddress=openvpn@<wbr>example.com</a><br>
ok = 1<br>
cert DN: /C=US/O=Cookbook 2.4/CN=client1<br>
<br>
<br>
so I suspect that your ca.crt on the server side is not specified
correctly. <br>
You may also send me your ca.crt, server.{crt,key} and
client.{crt,key} files privately, and I will run the same test using
your set of certificates.<br>
<br>
HTH,<br>
<br>
JJK<div><div class="h5"><br>
<br>
<br>
<blockquote type="cite">
<div class="gmail_extra"><br>
<div class="gmail_quote">On Wed, Nov 29, 2017 at 8:56 AM, Jan
Just Keijser <span dir="ltr"><<a href="mailto:janjust@nikhef.nl" target="_blank">janjust@nikhef.nl</a>></span>
wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div text="#000000" bgcolor="#FFFFFF">
<div class="m_-6643648392479011571m_-2945823362963703202moz-cite-prefix">Hi,<span><br>
<br>
On 28/11/17 11:03, <a class="m_-6643648392479011571m_-2945823362963703202moz-txt-link-abbreviated" href="mailto:wizard2010@gmail.com" target="_blank">wizard2010@gmail.com</a>
wrote:<br>
</span></div>
<blockquote type="cite">
<div dir="ltr">Hi there.
<div><br>
</div>
<span>
<div>I guess my problem is really related to <span style="font-size:12.8px">verify callback
on SSL_CTX_set_verify function.</span></div>
<div><span style="font-size:12.8px">I just add to my
code a dummy callback returning 1 and everything
works properly.</span><span style="font-size:12.8px"><br>
</span></div>
<div><span style="font-size:12.8px"><br>
</span></div>
<div>
<blockquote style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex" class="gmail_quote"><span style="font-size:12.8px"><br>
</span><span style="font-size:12.8px">int
verify_callback (int ok, X509_STORE_CTX *ctx);</span><br>
<span style="font-size:12.8px">int
verify_callback (int ok, X509_STORE_CTX *ctx)<br>
</span><span style="font-size:12.8px">{<br>
</span><span style="font-size:12.8px">
printf("Verification callback OK!\n");<br>
</span><span style="font-size:12.8px"> return
1;<br>
</span><span style="font-size:12.8px">}</span><span style="font-size:12.8px"><br>
</span>...<br>
<span style="font-size:12.8px">SSL_CTX_set_verify(ssl_server_<wbr>ctx,
SSL_VERIFY_PEER | SSL_VERIFY_FAIL_IF_NO_PEER_CER<wbr>T,
dtls_verify_callback);<br>
</span>...</blockquote>
</div>
<div style="font-size:12.8px"><br>
</div>
<div>The problem is that error don't tell much
information about what's really going on or what's
really missing.</div>
<div>Thanks for your help.</div>
<div><br>
</div>
</span></div>
</blockquote>
Now you've effectively disabled all security :)<br>
<br>
Try adding this to the verify_callback<br>
<br>
<br>
static int verify_callback(int ok, X509_STORE_CTX *ctx)<br>
{<br>
X509 *cert = NULL;<br>
char *cert_DN = NULL;<br>
<br>
printf("ok = %d\n", ok);<br>
cert = X509_STORE_CTX_get_current_cer<wbr>t(ctx);<br>
cert_DN = X509_NAME_oneline( X509_get_subject_name(
cert ), NULL, 0 ); <br>
printf( "cert DN: %s\n", cert_DN);<br>
<br>
} <br>
<br>
<br>
that way, you will know whether your server is processing
the right certificate chain.<br>
<br>
HTH,<br>
<br>
JJK<br>
<br>
</div>
</blockquote>
</div>
<br>
</div>
</blockquote>
<br>
</div></div></div>
</blockquote></div><br></div>