![]() Not sure if this will help anyone else, but for our case of this issue everything was working when running locally in Visual Studio and in IIS, but when deployed to a real server, we were hitting a certificate issue during 2-way SSL as described above and verified in Wireshark.Īnyway, on that server we have also have a. If intermediate CA certificates are necessary and not available on the client side, you may need to configure your server to accept them and advertise them in the Certificate Request too. (How this is done depends on the client's configuration mechanisms.) Otherwise, the client could have to build a chain from a client cert to such a DN, it would need to have the necessary intermediate CA certificates to do so. In the simplest case, a client certificate issued by such a DN is available. One way or another, the client will need to find a client certificate with which it can build a chain towards of those DNs. This is a list of the CA Distinguished Names (DNs) that the server is willing to accept. Look at the Certificate Request packet and check its certificate_authorities list. Either it's not configured properly to make use of any certificate, or it can't find one that is issued by one of the acceptable CAs. Typically, this happens when the client was unable to select a client certificate to use. Here, the server sends its Certificate Request message and the client sends its Certificate message in response, but that message contains 0 certificates.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |