[Mono-bugs] [Bug 76279][Nor] Changed - CERT_E_CHAINING problem for server certificate

Mon Oct 3 10:01:26 EDT 2005

Please do not reply to this email- if you want to comment on the bug, go to the
URL shown below and enter your comments there.

Changed by yngve.zackrisson at mobila-kontoret.se.

http://bugzilla.ximian.com/show_bug.cgi?id=76279

--- shadow/76279	2005-10-03 09:34:09.000000000 -0400
+++ shadow/76279.tmp.3291	2005-10-03 10:01:26.000000000 -0400
@@ -211,6 +211,40 @@
 * Is there any reason why you want to have two separate roots for
 issuing SSL server certificates and SSL client certificates ? This
 seems only more work (in particular for client configuration) and
 doesn't help security (as your system will fail if either root is
 compromised).
 
+
+------- Additional Comments From yngve.zackrisson at mobila-kontoret.se  2005-10-03 10:01 -------
+Hi.
+
+I have simplyfied the procedure for creating the certificates, 
+and will attach a tar file for the sslcert17 certificate directory.
+I have taken Your comments in consideration when creating the certs.
+I now have only one root CA 'cacert17'.
+I use 2 configuration files for the creation to allow 
+the 'usr_cert' section to be different between the client 
+and server certs. Everything else should be equal 
+in the configuration files.
+
+The changed procedure and config files is in the 'docs' directory.
+
+The logg of the server run is in: 
+'mssslserver2-run-with-server17-cert-p12-20051003.txt'.
+
+The logg of the client run is in: 
+'Win32SslHttpClient-client17-cert-p12-20051003.txt'.
+
+I still get the error 
+V5
+        error #-2146762486
+V9
+during the server run.
+
+Do You mean that this error message should not be shown if 
+I have created the certs (cacert16.cer, server16-cert.p12 and
+client16-cert.p12) with makecert instead?.
+
+Could it have anything to do with the Org.Mentalis.Security.dll?.
+
+
