I am trying to set up a peer-authentication mechanism using X509 certs/SSL using M2Crypto.
I generate a root CA (issuer & subject = ca_hostC...) on the client (hostC)
I sign the client Cert locally with this CA (issuer: ca_hostC, subject: hostC) and generate a csr on hostS, copy it to hostC, sign it using the root CA, ca_hostc and move the ca_cert and the signed cert to the hostS.
I generate context:
I connect:
but on the client I get
however when I print the subject and issuer of the cert received from the server, I see correct info. Also, the cert is verifiable from the openssl command line util.
Any thoughts??
I generate a root CA (issuer & subject = ca_hostC...) on the client (hostC)
I sign the client Cert locally with this CA (issuer: ca_hostC, subject: hostC) and generate a csr on hostS, copy it to hostC, sign it using the root CA, ca_hostc and move the ca_cert and the signed cert to the hostS.
I generate context:
Code:
import M2Crypto.SSL as SSL
ctx = SSL.Context('tlsv1')
ctx.load_cert('x.crt', 'private/x.key')
ctx.load_verify_locations(cafile='ca.crt')
Code:
s = SSL.Connection(ctx) s.connect(server_address)
Code:
ERROR: 20 unable to get local issuer certificate
Any thoughts??