[gnutls-help] Verifying Client Certificate

Mandar Joshi emailmandar at gmail.com
Fri Jan 27 11:48:21 CET 2017


Hello everyone,

There is a problem with my certificate.  I was using my CA Cert to
connect to a server.

gnutls-serv reported "Key usage violation detected."  which probably
means that I cannot use a signing certificate for establishing a TLS
connection.

I have now generated server and client certificates and will be
testing them with gnutls-serv and gnutls-cli
With the first client certs that I generated, gnutls-cli give me an error
-----------------------------------------------------------------------------
 Status: The certificate is NOT trusted. The certificate issuer is
unknown. The name in the certificate does not match the expected.
*** PKI verification of server certificate failed...
*** Fatal error: Error in the certificate.
*** handshake has failed: Error in the certificate.
-----------------------------------------------------------------------------

and gnutls-serv gave this error message
-----------------------------------------------------------------------------
* Accepted connection from IPv4 127.0.0.1 port 53074 on Fri Jan 27 15:58:58 2017
* Received alert '42': Certificate is bad.
Error in handshake
Error: A TLS fatal alert has been received.
-----------------------------------------------------------------------------

So, I guess the problem is with my certificate templates.

My requirement is that I should have a Certificate Authority that
generates certificates for Servers.
Each of there Servers will have multiple clients. The client
certificates should only work with their respective servers.

Are there any templates out there which have the right config for this
kind of setup?

Thanks
Mandar Joshi



More information about the Gnutls-help mailing list