[Mono-bugs] [Bug 76279][Nor] Changed - CERT_E_CHAINING problem for server certificate

Mon Oct 3 06:47:32 EDT 2005

Please do not reply to this email- if you want to comment on the bug, go to the
URL shown below and enter your comments there.

Changed by yngve.zackrisson at mobila-kontoret.se.

http://bugzilla.ximian.com/show_bug.cgi?id=76279

--- shadow/76279	2005-09-29 17:13:20.000000000 -0400
+++ shadow/76279.tmp.1840	2005-10-03 06:47:32.000000000 -0400
@@ -144,6 +144,43 @@
 that this second root certificate is being installed in the trusted
 root on the server. Is it ?
 
 If not, it should. Because when the server receive the client
 certificate it will try to validate it and, if no trusted root is
 found, an error will occur.
+
+------- Additional Comments From yngve.zackrisson at mobila-kontoret.se  2005-10-03 06:47 -------
+The 'second root' certificate I have created should - 
+according to openssl: http://www.openssl.org/docs/apps/x509.html - 
+add trust to a certificate.
+If I compare the content of cacert16.pem with 
+the 'trusted' cacert16t.pem.
+The previous have a '-----BEGIN CERTIFICATE-----' 
+at the beginning and the latter have 
+'-----BEGIN TRUSTED CERTIFICATE-----' at the beginning. 
+The 'key' content part seems to be the same in the beginning 
+but the 'trusted' root cert have additional code at the end.
+
+---
+
+Since I have been uncertain about where to place the CA 
+in Mono's store I have tried different approaches.
+AFAIK, I have it *BOTH* in the CA and Trust stores now.
+According to certmgr -list -m -c Trust it seems to be there.
+To be realy shure i have added the CA to the Mono store 
+a second time with: 
+
+certmgr -add -m -c Trust cacert16t.cer 
+
+I still get the same error (error #-2146762486).
+
+I will try to redo the whole procedure and create a cacert17.cer 
+- without openssl -trustout - and add to the Trust store and 
+to the client and server .p12 files.
+
+Regards 
+
+
+Yngve Zackrisson.
+
+
+
