2 Certificate problems

    OpenSSL used with CRLs and for some CA in the certificate chain its CRL is not included in TLSCRLFile

    In TLS server log in case of GnuTLS peer:

    1. failed to accept an incoming connection: from 127.0.0.1: TLS handshake with 127.0.0.1 returned error code 1: \

    CRL expired or expires during server operation

    OpenSSL, in server log:

    • before expiration:
    • after expiration:
    1. cannot connect to proxy "proxy-openssl-1.0.1e": TCP successful, cannot establish TLS to [[127.0.0.1]:20004]:\
    2.            SSL routines:ssl3_get_server_certificate:certificate verify failed:\

    GnuTLS, in server log:

    • before and after expiration the same:

    Self-signed certificate, unknown CA

    OpenSSL, in log:

    1. error:'self signed certificate: SSL_connect() set result code to SSL_ERROR_SSL: file ../ssl/statem/statem_clnt.c\
    2.              TLS write fatal alert "unknown CA"'

    To check whether a certificate contains the same Issuer and Subject entries, run:

    It is acceptable for the root (top-level) certificate to have identical values for Issuer and Subject.