[openssl-users] Hardware client certificates moving to Centos 7
Kyle Hamilton
aerowolf at gmail.com
Wed Sep 27 00:04:34 UTC 2017
openssl x509 -noout -text -in clientcertificate.pem
You may need to extract the client certificate from wireshark, but you
could also get it from openssl s_server.
Specifically, that error message is suggesting that there's a message
digest encoded into the certificate which is unknown to the trust
path.
Chances are, it's probably MD5. MD5 was broken a long time ago, and
is no longer trustworthy. (SHA1 is also a possibility, but it was
made unacceptable a lot more recently.)
-Kyle H
On Tue, Sep 26, 2017 at 8:56 AM, Stuart Marsden <stuart at myphones.com> wrote:
> Sorry how can I tell ?
>
> I can run a wireshark if necessary
>
> thanks
>
>
>> On 26 Sep 2017, at 16:36, Wouter Verhelst <wouter.verhelst at fedict.be> wrote:
>>
>> On 26-09-17 17:26, Stuart Marsden wrote:
>>> [ssl:info] [pid 1611] SSL Library Error: error:0D0C50A1:asn1 encoding routines:ASN1_item_verify:unknown message digest algorithm
>>
>> So which message digest algorithm is the client trying to use?
>>
>> --
>> Wouter Verhelst
>> --
>> openssl-users mailing list
>> To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
>>
>
>
> --
> openssl-users mailing list
> To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
More information about the openssl-users
mailing list