CA for IIS-issued certificate?

classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|

CA for IIS-issued certificate?

Charles Mills
Please bear with me; I'm a real SSL newbie. I am attempting to develop my first SSL program, an SSL/TLS client that will communicate with a commercial SSL server product (Kiwi Server) that is running on a VM on my system.

Kiwi *only* accepts IIS-issued certificates. I issued a certificate using IIS 7.5 Manager "Issue Self-Signed Certificate." Windows 7 says "This certificate is OK."

My client follows the general scheme of the client in Chapter 5 of the O'Reilly OpenSSL book. I know am getting the certificate back correctly from the server because the FQDN in the certificate is correct.

But if I turn on SSL_CTX_set_verify(SslCtx, SSL_VERIFY_PEER, NULL) in my client then SSL_connect(SslObj) fails with 8140:error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed:.\ssl\s3_clnt.c:1166:

In my context setup I am doing SSL_CTX_load_verify_locations(SslCtx, "path of IIS certficate in PEM format", NULL) and SSL_CTX_set_default_verify_paths(SslCtx) with no error. Obviously that is incorrect or insufficient.

Can anyone point me at what I should be doing differently? Thanks much,
Reply | Threaded
Open this post in threaded view
|

Re: CA for IIS-issued certificate?

Charles Mills
Sorry. This went to the wrong list. I will re-post in users. I'm posting from a forum and missed the relevant description.

CharlesTSR wrote
Please bear with me; I'm a real SSL newbie. I am attempting to develop my first SSL program, an SSL/TLS client that will communicate with a commercial SSL server product (Kiwi Server) that is running on a VM on my system.