RE: Re: Totoise SVN and non-public certificate

From: Frank Breedijk <fbreedijk_at_schubergphilis.com>
Date: Fri, 25 Nov 2011 02:36:08 -0800 (PST)

O.K. we found out what the problem was. Apparently OpenSSL uses the Windows Root CA list to validate the chain, but NOT the windows intermediate CA list.

Windows will assemble the chain for you if you have a server certificate, and have the intermediate CA certificate in the Intermediate CA store and the root certificate in the Root CA store.

OpenSSL on the other hand will not assemble the chain. Thus the chain will be incomplete and not validate.

On the server we have chained server certificate with the intermediate certificate. The server now offers both the server and the intermediate to OpenSSL and OpenSSL is able to verify it using the Root CA certificate in the Root CA store.

------------------------------------------------------
http://tortoisesvn.tigris.org/ds/viewMessage.do?dsForumId=4061&dsMessageId=2886773

To unsubscribe from this discussion, e-mail: [users-unsubscribe_at_tortoisesvn.tigris.org].
Received on 2011-11-25 11:36:15 CET

This message: [ Message body ]
Next message: Jean-Pierre Bergamin: "Re: TSVNCache and TGitCache using 100% CPU"
Previous message: javier.jarava_at_rsa.com: "RE: TortoiseSVN - Issues when working in a sub-dir within a WC - "svn: warning: W155007: '.' is not a working copy""
In reply to: Stefan Küng: "Re: Totoise SVN and non-public certificate"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]