--On Monday, July 28, 2008 11:30 AM -0700 John Oliver joliver@john-oliver.net wrote:
On Mon, Jul 28, 2008 at 09:20:23AM +0200, Buchan Milne wrote:
Or, ensure that the "CA certificate" that the clients use contains the certificates of the issuer of both of the server certificates, and that the value of the subject CN on both certificates matches the name you use to connect to the servers.
I've tried:
openssl req -newkey rsa:1024 -x509 -nodes -out server.pem -keyout server.pem -days 3650
This generates a self-signed cert without a CA. That's part of the root of your problem. By your own email, you have no concept of how SSL signing and authority works. Yet you reject the advice that's been given out of hand. Go back to the link I sent you, and set up your certs correctly, which a valid self-generated CA, or do as others have suggested, stop using SSL until you understand how it works.
--Quanah
--
Quanah Gibson-Mount Principal Software Engineer Zimbra, Inc -------------------- Zimbra :: the leader in open source messaging and collaboration