<div dir="ltr">Hi all,<div><br></div><div>I've been having a stubborn problem with getting TLS distribution working and could use a hand.</div><div><br></div><div>I'm running a test CA and have a cert that works fine when using it for erlang cowboy serving TLS traffic, however using the same cert for TLS distribution is not working.</div><div><br></div><div>I've tried several different certs that I've generated (some generated with the dogtag CA, others with a testca using openssl), and none seem to be working.</div><div><br></div><div>I'm following the steps in the documentation, and have tried with versions 17/18 with identical results.</div><div><br></div><div>For v17, my .rel file:</div><div><br></div><div><div><font face="monospace, monospace" size="1">{release,{"start_clean",[]},</font></div><div><font face="monospace, monospace" size="1"> {erts,"6.4"},</font></div><div><font face="monospace, monospace" size="1"> [{kernel,"3.2"},</font></div><div><font face="monospace, monospace" size="1"> {stdlib,"2.4"},</font></div><div><font face="monospace, monospace" size="1"> {sasl,"2.4.1"},</font></div><div><font face="monospace, monospace" size="1"> {crypto,"3.5"},</font></div><div><font face="monospace, monospace" size="1"> {asn1,"3.0.4"},</font></div><div><font face="monospace, monospace" size="1"> {public_key,"0.23"},</font></div><div><font face="monospace, monospace" size="1"> {ssl,"6.0"}</font></div><div><font face="monospace, monospace" size="1"> ]}.</font></div></div><div><br></div><div>Here's what my session looks like. </div><div><br></div><div><div><font face="monospace, monospace" size="1">erl -boot start_clean -proto_dist inet_tls -ssl_dist_op server_certfile /tmp/server.pem server_keyfile /tmp/server.key </font><span style="font-family:monospace,monospace;font-size:x-small">client_certfile /tmp/server.pem client_keyfile /tmp/server.key </span><font face="monospace, monospace" size="1"> -name <a href="mailto:test1@192.168.101.1">test1@192.168.101.1</a></font></div><div><font face="monospace, monospace" size="1">Erlang/OTP 17 [erts-6.4] [source-2e19e2f] [64-bit] [smp:4:4] [async-threads:10] [hipe] [kernel-poll:false]</font></div><div><font face="monospace, monospace" size="1"><br></font></div><div><font face="monospace, monospace" size="1"><br></font></div><div><font face="monospace, monospace" size="1">=PROGRESS REPORT==== 9-Jan-2016::21:58:24 ===</font></div><div><font face="monospace, monospace" size="1"> supervisor: {local,sasl_safe_sup}</font></div><div><font face="monospace, monospace" size="1"> started: [{pid,<0.48.0>},</font></div><div><font face="monospace, monospace" size="1"> {name,alarm_handler},</font></div><div><font face="monospace, monospace" size="1"> {mfargs,{alarm_handler,start_link,[]}},</font></div><div><font face="monospace, monospace" size="1"> {restart_type,permanent},</font></div><div><font face="monospace, monospace" size="1"> {shutdown,2000},</font></div><div><font face="monospace, monospace" size="1"> {child_type,worker}]</font></div><div><font face="monospace, monospace" size="1"><br></font></div><div><font face="monospace, monospace" size="1">=PROGRESS REPORT==== 9-Jan-2016::21:58:24 ===</font></div><div><font face="monospace, monospace" size="1"> supervisor: {local,sasl_safe_sup}</font></div><div><font face="monospace, monospace" size="1"> started: [{pid,<0.49.0>},</font></div><div><font face="monospace, monospace" size="1"> {name,overload},</font></div><div><font face="monospace, monospace" size="1"> {mfargs,{overload,start_link,[]}},</font></div><div><font face="monospace, monospace" size="1"> {restart_type,permanent},</font></div><div><font face="monospace, monospace" size="1"> {shutdown,2000},</font></div><div><font face="monospace, monospace" size="1"> {child_type,worker}]</font></div><div><font face="monospace, monospace" size="1"><br></font></div><div><font face="monospace, monospace" size="1">=PROGRESS REPORT==== 9-Jan-2016::21:58:24 ===</font></div><div><font face="monospace, monospace" size="1"> supervisor: {local,sasl_sup}</font></div><div><font face="monospace, monospace" size="1"> started: [{pid,<0.47.0>},</font></div><div><font face="monospace, monospace" size="1"> {name,sasl_safe_sup},</font></div><div><font face="monospace, monospace" size="1"> {mfargs,</font></div><div><font face="monospace, monospace" size="1"> {supervisor,start_link,</font></div><div><font face="monospace, monospace" size="1"> [{local,sasl_safe_sup},sasl,safe]}},</font></div><div><font face="monospace, monospace" size="1"> {restart_type,permanent},</font></div><div><font face="monospace, monospace" size="1"> {shutdown,infinity},</font></div><div><font face="monospace, monospace" size="1"> {child_type,supervisor}]</font></div><div><font face="monospace, monospace" size="1"><br></font></div><div><font face="monospace, monospace" size="1">=PROGRESS REPORT==== 9-Jan-2016::21:58:24 ===</font></div><div><font face="monospace, monospace" size="1"> supervisor: {local,sasl_sup}</font></div><div><font face="monospace, monospace" size="1"> started: [{pid,<0.50.0>},</font></div><div><font face="monospace, monospace" size="1"> {name,release_handler},</font></div><div><font face="monospace, monospace" size="1"> {mfargs,{release_handler,start_link,[]}},</font></div><div><font face="monospace, monospace" size="1"> {restart_type,permanent},</font></div><div><font face="monospace, monospace" size="1"> {shutdown,2000},</font></div><div><font face="monospace, monospace" size="1"> {child_type,worker}]</font></div><div><font face="monospace, monospace" size="1"><br></font></div><div><font face="monospace, monospace" size="1">=PROGRESS REPORT==== 9-Jan-2016::21:58:24 ===</font></div><div><font face="monospace, monospace" size="1"> application: sasl</font></div><div><font face="monospace, monospace" size="1"> started_at: '<a href="mailto:test1@192.168.101.1">test1@192.168.101.1</a>'</font></div><div><font face="monospace, monospace" size="1"><br></font></div><div><font face="monospace, monospace" size="1">=PROGRESS REPORT==== 9-Jan-2016::21:58:24 ===</font></div><div><font face="monospace, monospace" size="1"> application: crypto</font></div><div><font face="monospace, monospace" size="1"> started_at: '<a href="mailto:test1@192.168.101.1">test1@192.168.101.1</a>'</font></div><div><font face="monospace, monospace" size="1"><br></font></div><div><font face="monospace, monospace" size="1">=PROGRESS REPORT==== 9-Jan-2016::21:58:24 ===</font></div><div><font face="monospace, monospace" size="1"> application: asn1</font></div><div><font face="monospace, monospace" size="1"> started_at: '<a href="mailto:test1@192.168.101.1">test1@192.168.101.1</a>'</font></div><div><font face="monospace, monospace" size="1"><br></font></div><div><font face="monospace, monospace" size="1">=PROGRESS REPORT==== 9-Jan-2016::21:58:24 ===</font></div><div><font face="monospace, monospace" size="1"> application: public_key</font></div><div><font face="monospace, monospace" size="1"> started_at: '<a href="mailto:test1@192.168.101.1">test1@192.168.101.1</a>'</font></div><div><font face="monospace, monospace" size="1"><br></font></div><div><font face="monospace, monospace" size="1">=PROGRESS REPORT==== 9-Jan-2016::21:58:24 ===</font></div><div><font face="monospace, monospace" size="1"> supervisor: {local,ssl_sup}</font></div><div><font face="monospace, monospace" size="1"> started: [{pid,<0.59.0>},</font></div><div><font face="monospace, monospace" size="1"> {name,ssl_manager},</font></div><div><font face="monospace, monospace" size="1"> {mfargs,{ssl_manager,start_link,[[]]}},</font></div><div><font face="monospace, monospace" size="1"> {restart_type,permanent},</font></div><div><font face="monospace, monospace" size="1"> {shutdown,4000},</font></div><div><font face="monospace, monospace" size="1"> {child_type,worker}]</font></div><div><font face="monospace, monospace" size="1"><br></font></div><div><font face="monospace, monospace" size="1">=PROGRESS REPORT==== 9-Jan-2016::21:58:24 ===</font></div><div><font face="monospace, monospace" size="1"> supervisor: {local,ssl_sup}</font></div><div><font face="monospace, monospace" size="1"> started: [{pid,<0.60.0>},</font></div><div><font face="monospace, monospace" size="1"> {name,tls_connection},</font></div><div><font face="monospace, monospace" size="1"> {mfargs,{tls_connection_sup,start_link,[]}},</font></div><div><font face="monospace, monospace" size="1"> {restart_type,permanent},</font></div><div><font face="monospace, monospace" size="1"> {shutdown,4000},</font></div><div><font face="monospace, monospace" size="1"> {child_type,supervisor}]</font></div><div><font face="monospace, monospace" size="1"><br></font></div><div><font face="monospace, monospace" size="1">=PROGRESS REPORT==== 9-Jan-2016::21:58:24 ===</font></div><div><font face="monospace, monospace" size="1"> supervisor: {local,ssl_sup}</font></div><div><font face="monospace, monospace" size="1"> started: [{pid,<0.61.0>},</font></div><div><font face="monospace, monospace" size="1"> {name,ssl_socket},</font></div><div><font face="monospace, monospace" size="1"> {mfargs,{ssl_listen_tracker_sup,start_link,[]}},</font></div><div><font face="monospace, monospace" size="1"> {restart_type,permanent},</font></div><div><font face="monospace, monospace" size="1"> {shutdown,4000},</font></div><div><font face="monospace, monospace" size="1"> {child_type,supervisor}]</font></div><div><font face="monospace, monospace" size="1"><br></font></div><div><font face="monospace, monospace" size="1">=PROGRESS REPORT==== 9-Jan-2016::21:58:24 ===</font></div><div><font face="monospace, monospace" size="1"> application: ssl</font></div><div><font face="monospace, monospace" size="1"> started_at: '<a href="mailto:test1@192.168.101.1">test1@192.168.101.1</a>'</font></div><div><font face="monospace, monospace" size="1">Eshell V6.4 (abort with ^G)</font></div><div><font face="monospace, monospace" size="1">(<a href="mailto:test1@192.168.101.1">test1@192.168.101.1</a>)1> net_adm:ping('<a href="mailto:test2@192.168.101.1">test2@192.168.101.1</a>').</font></div><div><font face="monospace, monospace" size="1"><br></font></div><div><font face="monospace, monospace" size="1">=PROGRESS REPORT==== 9-Jan-2016::21:58:37 ===</font></div><div><font face="monospace, monospace" size="1"> supervisor: {local,inet_gethost_native_sup}</font></div><div><font face="monospace, monospace" size="1"> started: [{pid,<0.68.0>},{mfa,{inet_gethost_native,init,[[]]}}]</font></div><div><font face="monospace, monospace" size="1"><br></font></div><div><font face="monospace, monospace" size="1">=PROGRESS REPORT==== 9-Jan-2016::21:58:37 ===</font></div><div><font face="monospace, monospace" size="1"> supervisor: {local,kernel_safe_sup}</font></div><div><font face="monospace, monospace" size="1"> started: [{pid,<0.67.0>},</font></div><div><font face="monospace, monospace" size="1"> {name,inet_gethost_native_sup},</font></div><div><font face="monospace, monospace" size="1"> {mfargs,{inet_gethost_native,start_link,[]}},</font></div><div><font face="monospace, monospace" size="1"> {restart_type,temporary},</font></div><div><font face="monospace, monospace" size="1"> {shutdown,1000},</font></div><div><font face="monospace, monospace" size="1"> {child_type,worker}]</font></div><div><font face="monospace, monospace" size="1"><br></font></div><div><font face="monospace, monospace" size="1">=ERROR REPORT==== 9-Jan-2016::21:58:37 ===</font></div><div><font face="monospace, monospace" size="1">SSL: certify: ssl_alert.erl:92:Fatal error: internal error</font></div><div><font face="monospace, monospace" size="1">pang</font></div><div><font face="monospace, monospace" size="1">(<a href="mailto:test1@192.168.101.1">test1@192.168.101.1</a>)2></font></div></div><div><br></div><div>From the other shell:</div><div><br></div><div><div><font face="monospace, monospace" size="1">erl -boot start_clean -proto_dist inet_tls -ssl_dist_op server_certfile /tmp/server.pem server_keyfile /tmp/server.key </font><span style="font-family:monospace,monospace;font-size:x-small">client_certfile /tmp/server.pem client_keyfile /tmp/server.key </span><font face="monospace, monospace" size="1"> -name <a href="mailto:test2@192.168.101.1">test2@192.168.101.1</a></font><br></div><div><font face="monospace, monospace" size="1">Erlang/OTP 17 [erts-6.4] [source-2e19e2f] [64-bit] [smp:4:4] [async-threads:10] [hipe] [kernel-poll:false]</font></div><div><font face="monospace, monospace" size="1"><br></font></div><div><font face="monospace, monospace" size="1"><br></font></div><div><font face="monospace, monospace" size="1">=PROGRESS REPORT==== 9-Jan-2016::21:58:12 ===</font></div><div><font face="monospace, monospace" size="1"> supervisor: {local,sasl_safe_sup}</font></div><div><font face="monospace, monospace" size="1"> started: [{pid,<0.48.0>},</font></div><div><font face="monospace, monospace" size="1"> {name,alarm_handler},</font></div><div><font face="monospace, monospace" size="1"> {mfargs,{alarm_handler,start_link,[]}},</font></div><div><font face="monospace, monospace" size="1"> {restart_type,permanent},</font></div><div><font face="monospace, monospace" size="1"> {shutdown,2000},</font></div><div><font face="monospace, monospace" size="1"> {child_type,worker}]</font></div><div><font face="monospace, monospace" size="1"><br></font></div><div><font face="monospace, monospace" size="1">=PROGRESS REPORT==== 9-Jan-2016::21:58:12 ===</font></div><div><font face="monospace, monospace" size="1"> supervisor: {local,sasl_safe_sup}</font></div><div><font face="monospace, monospace" size="1"> started: [{pid,<0.49.0>},</font></div><div><font face="monospace, monospace" size="1"> {name,overload},</font></div><div><font face="monospace, monospace" size="1"> {mfargs,{overload,start_link,[]}},</font></div><div><font face="monospace, monospace" size="1"> {restart_type,permanent},</font></div><div><font face="monospace, monospace" size="1"> {shutdown,2000},</font></div><div><font face="monospace, monospace" size="1"> {child_type,worker}]</font></div><div><font face="monospace, monospace" size="1"><br></font></div><div><font face="monospace, monospace" size="1">=PROGRESS REPORT==== 9-Jan-2016::21:58:12 ===</font></div><div><font face="monospace, monospace" size="1"> supervisor: {local,sasl_sup}</font></div><div><font face="monospace, monospace" size="1"> started: [{pid,<0.47.0>},</font></div><div><font face="monospace, monospace" size="1"> {name,sasl_safe_sup},</font></div><div><font face="monospace, monospace" size="1"> {mfargs,</font></div><div><font face="monospace, monospace" size="1"> {supervisor,start_link,</font></div><div><font face="monospace, monospace" size="1"> [{local,sasl_safe_sup},sasl,safe]}},</font></div><div><font face="monospace, monospace" size="1"> {restart_type,permanent},</font></div><div><font face="monospace, monospace" size="1"> {shutdown,infinity},</font></div><div><font face="monospace, monospace" size="1"> {child_type,supervisor}]</font></div><div><font face="monospace, monospace" size="1"><br></font></div><div><font face="monospace, monospace" size="1">=PROGRESS REPORT==== 9-Jan-2016::21:58:12 ===</font></div><div><font face="monospace, monospace" size="1"> supervisor: {local,sasl_sup}</font></div><div><font face="monospace, monospace" size="1"> started: [{pid,<0.50.0>},</font></div><div><font face="monospace, monospace" size="1"> {name,release_handler},</font></div><div><font face="monospace, monospace" size="1"> {mfargs,{release_handler,start_link,[]}},</font></div><div><font face="monospace, monospace" size="1"> {restart_type,permanent},</font></div><div><font face="monospace, monospace" size="1"> {shutdown,2000},</font></div><div><font face="monospace, monospace" size="1"> {child_type,worker}]</font></div><div><font face="monospace, monospace" size="1"><br></font></div><div><font face="monospace, monospace" size="1">=PROGRESS REPORT==== 9-Jan-2016::21:58:12 ===</font></div><div><font face="monospace, monospace" size="1"> application: sasl</font></div><div><font face="monospace, monospace" size="1"> started_at: '<a href="mailto:test2@192.168.101.1">test2@192.168.101.1</a>'</font></div><div><font face="monospace, monospace" size="1"><br></font></div><div><font face="monospace, monospace" size="1">=PROGRESS REPORT==== 9-Jan-2016::21:58:12 ===</font></div><div><font face="monospace, monospace" size="1"> application: crypto</font></div><div><font face="monospace, monospace" size="1"> started_at: '<a href="mailto:test2@192.168.101.1">test2@192.168.101.1</a>'</font></div><div><font face="monospace, monospace" size="1"><br></font></div><div><font face="monospace, monospace" size="1">=PROGRESS REPORT==== 9-Jan-2016::21:58:12 ===</font></div><div><font face="monospace, monospace" size="1"> application: asn1</font></div><div><font face="monospace, monospace" size="1"> started_at: '<a href="mailto:test2@192.168.101.1">test2@192.168.101.1</a>'</font></div><div><font face="monospace, monospace" size="1"><br></font></div><div><font face="monospace, monospace" size="1">=PROGRESS REPORT==== 9-Jan-2016::21:58:12 ===</font></div><div><font face="monospace, monospace" size="1"> application: public_key</font></div><div><font face="monospace, monospace" size="1"> started_at: '<a href="mailto:test2@192.168.101.1">test2@192.168.101.1</a>'</font></div><div><font face="monospace, monospace" size="1"><br></font></div><div><font face="monospace, monospace" size="1">=PROGRESS REPORT==== 9-Jan-2016::21:58:12 ===</font></div><div><font face="monospace, monospace" size="1"> supervisor: {local,ssl_sup}</font></div><div><font face="monospace, monospace" size="1"> started: [{pid,<0.59.0>},</font></div><div><font face="monospace, monospace" size="1"> {name,ssl_manager},</font></div><div><font face="monospace, monospace" size="1"> {mfargs,{ssl_manager,start_link,[[]]}},</font></div><div><font face="monospace, monospace" size="1"> {restart_type,permanent},</font></div><div><font face="monospace, monospace" size="1"> {shutdown,4000},</font></div><div><font face="monospace, monospace" size="1"> {child_type,worker}]</font></div><div><font face="monospace, monospace" size="1"><br></font></div><div><font face="monospace, monospace" size="1">=PROGRESS REPORT==== 9-Jan-2016::21:58:12 ===</font></div><div><font face="monospace, monospace" size="1"> supervisor: {local,ssl_sup}</font></div><div><font face="monospace, monospace" size="1"> started: [{pid,<0.60.0>},</font></div><div><font face="monospace, monospace" size="1"> {name,tls_connection},</font></div><div><font face="monospace, monospace" size="1"> {mfargs,{tls_connection_sup,start_link,[]}},</font></div><div><font face="monospace, monospace" size="1"> {restart_type,permanent},</font></div><div><font face="monospace, monospace" size="1"> {shutdown,4000},</font></div><div><font face="monospace, monospace" size="1"> {child_type,supervisor}]</font></div><div><font face="monospace, monospace" size="1"><br></font></div><div><font face="monospace, monospace" size="1">=PROGRESS REPORT==== 9-Jan-2016::21:58:12 ===</font></div><div><font face="monospace, monospace" size="1"> supervisor: {local,ssl_sup}</font></div><div><font face="monospace, monospace" size="1"> started: [{pid,<0.61.0>},</font></div><div><font face="monospace, monospace" size="1"> {name,ssl_socket},</font></div><div><font face="monospace, monospace" size="1"> {mfargs,{ssl_listen_tracker_sup,start_link,[]}},</font></div><div><font face="monospace, monospace" size="1"> {restart_type,permanent},</font></div><div><font face="monospace, monospace" size="1"> {shutdown,4000},</font></div><div><font face="monospace, monospace" size="1"> {child_type,supervisor}]</font></div><div><font face="monospace, monospace" size="1"><br></font></div><div><font face="monospace, monospace" size="1">=PROGRESS REPORT==== 9-Jan-2016::21:58:12 ===</font></div><div><font face="monospace, monospace" size="1"> application: ssl</font></div><div><font face="monospace, monospace" size="1"> started_at: '<a href="mailto:test2@192.168.101.1">test2@192.168.101.1</a>'</font></div><div><font face="monospace, monospace" size="1">Eshell V6.4 (abort with ^G)</font></div><div><font face="monospace, monospace" size="1">(<a href="mailto:test2@192.168.101.1">test2@192.168.101.1</a>)1></font></div><div><font face="monospace, monospace" size="1">=ERROR REPORT==== 9-Jan-2016::21:58:37 ===</font></div><div><font face="monospace, monospace" size="1">SSL: hello: ssl_handshake.erl:167:Fatal error: internal error</font></div></div><div><br></div><div>The errors are the same between v17 and v18 (same error message).</div><div><br></div><div>The cert:</div><div><div><font face="monospace, monospace" size="1">-----BEGIN CERTIFICATE-----</font></div><div><font face="monospace, monospace" size="1">MIIE7jCCA9agAwIBAgIBBzANBgkqhkiG9w0BAQsFADBPMSwwKgYDVQQKDCNjb250</font></div><div><font face="monospace, monospace" size="1">cm9sLWFsdC1kZWwub3JnIFNlY3VyaXR5IERvbWFpbjEfMB0GA1UEAwwWQ0EgU2ln</font></div><div><font face="monospace, monospace" size="1">bmluZyBDZXJ0aWZpY2F0ZTAeFw0xNTA5MzAwMTQ1MzBaFw0xNzA5MTkwMTQ1MzBa</font></div><div><font face="monospace, monospace" size="1">MIGFMQswCQYDVQQGEwJDQTEQMA4GA1UECAwHT250YXJpbzEQMA4GA1UEBwwHVG9y</font></div><div><font face="monospace, monospace" size="1">b250bzEcMBoGA1UECgwTQ29udHJvbC1hbHQtZGVsLm9yZzERMA8GA1UECwwIU2Vj</font></div><div><font face="monospace, monospace" size="1">dXJpdHkxITAfBgNVBAMMGGRldjEuY29udHJvbC1hbHQtZGVsLm9yZzCCAiIwDQYJ</font></div><div><font face="monospace, monospace" size="1">KoZIhvcNAQEBBQADggIPADCCAgoCggIBAMRWGZVic7I8GxviniEkDkgyd8yQFgtT</font></div><div><font face="monospace, monospace" size="1">Cg9o7JFuZ8Mfr8hvvVpBvxT2lYCU4e/x3314ATB0avDy6ZFQtRNHgF9r88+dPTxp</font></div><div><font face="monospace, monospace" size="1">muMOTJV8iJCW1eelFS6HpO+78kZDZ3CAwbUd7Sn92FsCg9m2O0Ad4NIQjCE9lRb7</font></div><div><font face="monospace, monospace" size="1">qDkg99u82SBBSIQs0f62fSlqttlgjXbNYtGHnuiTPPFIgBFAEAffTjgxggwDFKO9</font></div><div><font face="monospace, monospace" size="1">0b1hSsA4m9s1E7kQDSQ+lNb0Acx/2px1lpUpAilhy3oHKcD6iaIz9eC0awC/7bkb</font></div><div><font face="monospace, monospace" size="1">nGAf+oSoMQxANivMHhRUJqzgXplbvxGbmCRVaznSSkLIAlhKmjBM26IOIi7DbN42</font></div><div><font face="monospace, monospace" size="1">kD9Auzo007gnrdELVgoLXSty/lNmQkU3RxBRYIKxm9EKF96B4/kwDUNcxTA3h2OR</font></div><div><font face="monospace, monospace" size="1">rKgxhfxoqTQ3thBuSkdPiEzRiHdisbDccoRUnERxOIaH25Ui56X82xJPGVD69pkJ</font></div><div><font face="monospace, monospace" size="1">E8h8dwze8eEU7M2woGXBsC3RjEgJc8hAaTYxULv6U/ayJl5ubgvZm8taBPcP9B6t</font></div><div><font face="monospace, monospace" size="1">xX5tiPHA0wvLJZAW0yHsLrK+lYeJVWDllgnUgYrBuBktSRTSonvNX6rz4ay2GuJM</font></div><div><font face="monospace, monospace" size="1">FKPb4miRn0MR+si+S8qBRWGsd72C8Hff5JU1UlZhS8XZgmWM24oYAjHRwGlirrqS</font></div><div><font face="monospace, monospace" size="1">KE2/xTmqXPIpAgMBAAGjgZ0wgZowHwYDVR0jBBgwFoAU+hEBZGlQeoMP90iO3cdq</font></div><div><font face="monospace, monospace" size="1">EzWfY7UwSAYIKwYBBQUHAQEEPDA6MDgGCCsGAQUFBzABhixodHRwOi8vZGV2MS5j</font></div><div><font face="monospace, monospace" size="1">b250cm9sLWFsdC1kZWwub3JnOjgwODAvY2Evb2NzcDAOBgNVHQ8BAf8EBAMCBPAw</font></div><div><font face="monospace, monospace" size="1">HQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMA0GCSqGSIb3DQEBCwUAA4IB</font></div><div><font face="monospace, monospace" size="1">AQAY/D3vEcUH1lzuDOmcBkREdwPRaoK5Md6K1wRZpWNrgH31Hr0e4xssGqkh9pTR</font></div><div><font face="monospace, monospace" size="1">GdEi/9KSjk6gLLm2ZvzvZ9xynAO45xOuAHQoO5iU0lCj/HA+Qorf8DdFIC7ExtPg</font></div><div><font face="monospace, monospace" size="1">+q8D83q4pZaICOlMt8Po42YJnM2P/A9actneou1CvETEHsiGxNYG7H5Md7jG3/ss</font></div><div><font face="monospace, monospace" size="1">hr4RmmHr8x9n3tPFry3+iWbCGuj+gHeQaf75Y/Sk9UZYqOgFWOTANF8M/dgiGT6t</font></div><div><font face="monospace, monospace" size="1">dC+RNIDO4FGJqd/y8EYPEwgTtxBj/pOPvNQsbNf9WEe2RAV+Lw4A9XSk+hMCTzjd</font></div><div><font face="monospace, monospace" size="1">mqNOAQclbr/xGsLHVa77m+lZ</font></div><div><font face="monospace, monospace" size="1">-----END CERTIFICATE-----</font></div></div><div><br></div><div>Key (just using for internal testing no security concern in sharing this):</div><div><div><font face="monospace, monospace" size="1"><br></font></div><div><font face="monospace, monospace" size="1">-----BEGIN RSA PRIVATE KEY-----</font></div><div><font face="monospace, monospace" size="1">MIIJKgIBAAKCAgEAxFYZlWJzsjwbG+KeISQOSDJ3zJAWC1MKD2jskW5nwx+vyG+9</font></div><div><font face="monospace, monospace" size="1">WkG/FPaVgJTh7/HffXgBMHRq8PLpkVC1E0eAX2vzz509PGma4w5MlXyIkJbV56UV</font></div><div><font face="monospace, monospace" size="1">Loek77vyRkNncIDBtR3tKf3YWwKD2bY7QB3g0hCMIT2VFvuoOSD327zZIEFIhCzR</font></div><div><font face="monospace, monospace" size="1">/rZ9KWq22WCNds1i0Yee6JM88UiAEUAQB99OODGCDAMUo73RvWFKwDib2zUTuRAN</font></div><div><font face="monospace, monospace" size="1">JD6U1vQBzH/anHWWlSkCKWHLegcpwPqJojP14LRrAL/tuRucYB/6hKgxDEA2K8we</font></div><div><font face="monospace, monospace" size="1">FFQmrOBemVu/EZuYJFVrOdJKQsgCWEqaMEzbog4iLsNs3jaQP0C7OjTTuCet0QtW</font></div><div><font face="monospace, monospace" size="1">CgtdK3L+U2ZCRTdHEFFggrGb0QoX3oHj+TANQ1zFMDeHY5GsqDGF/GipNDe2EG5K</font></div><div><font face="monospace, monospace" size="1">R0+ITNGId2KxsNxyhFScRHE4hofblSLnpfzbEk8ZUPr2mQkTyHx3DN7x4RTszbCg</font></div><div><font face="monospace, monospace" size="1">ZcGwLdGMSAlzyEBpNjFQu/pT9rImXm5uC9mby1oE9w/0Hq3Ffm2I8cDTC8slkBbT</font></div><div><font face="monospace, monospace" size="1">Iewusr6Vh4lVYOWWCdSBisG4GS1JFNKie81fqvPhrLYa4kwUo9viaJGfQxH6yL5L</font></div><div><font face="monospace, monospace" size="1">yoFFYax3vYLwd9/klTVSVmFLxdmCZYzbihgCMdHAaWKuupIoTb/FOapc8ikCAwEA</font></div><div><font face="monospace, monospace" size="1">AQKCAgEAuKM/6/xqUXO1CsRTcVc3Fy5e+0GFeaDeFR/XWe06J4XlCdoLeJXb3RsH</font></div><div><font face="monospace, monospace" size="1">/aQF1mDgjF4OwEK7T10hykbcAwV69EHRR63XqLinsGACJZK320H+Z5oYEWn+8nUN</font></div><div><font face="monospace, monospace" size="1">ooZBAMwVXv6Fyreuf+gdluCJWALBKsvk/F2tl6+SxCb88OjoSC0cxTBhS+jSS+DP</font></div><div><font face="monospace, monospace" size="1">lB3464C7LdEc4BuXdFF6Hr7gVIbsSGxGoIVFI7efRzn30k1qRPvlUGSH903jK0LN</font></div><div><font face="monospace, monospace" size="1">bkPOktUCh8PJBKGzeU7DNXhnduLmmCsTdeEI7svIg52POrHxblP0nbuXjgaVWH6o</font></div><div><font face="monospace, monospace" size="1">eBCP3z80FPc/n2Dj9WmiyuVdm46r/FURMgmnP/UtY7qHEqxZy2ZHYCHpdohEDXm5</font></div><div><font face="monospace, monospace" size="1">aGWK61dU7c8XbAcm/3t4nwnW/IplT+p1x9175lZqNy19TrZthwenYm/lVyP7yd0+</font></div><div><font face="monospace, monospace" size="1">nezsYoeXa29mrIrsmBX/2uuQaa8okzmktjYNHh5y/o4tGvHS+VQcqWV8ZUgmQ6S8</font></div><div><font face="monospace, monospace" size="1">cVneUgIGrppJwRcT9Tni4kCUHxESI6Kjf7QvWEA/O0YpTh8QP9/9BPrHDCqyDdLo</font></div><div><font face="monospace, monospace" size="1">cKA+Gl+w4RQQaTVZMBUil2gdFnsNiSPRLcygL2ZT421lvIQN6laZVImEBGWvZBog</font></div><div><font face="monospace, monospace" size="1">zdU3rh071ZnVepbzycJzIUjfmit3ewZaOazBre9q3wBoceTBgwECggEBAOQpLg4F</font></div><div><font face="monospace, monospace" size="1">PEY8ZX5EDJZJzdCExrW5MKp+o+wGmCGjUVaeOiS0nsx0HTtJNvuLVZ8mVkO1gl/g</font></div><div><font face="monospace, monospace" size="1">pD9JGiV1foO4gFQzOQJesK6WM9JsLLkgwkAhy+uSHTTGAOoVYM2kRExW0JjQEugL</font></div><div><font face="monospace, monospace" size="1">lVuTfnIOAIaxwvpJb4cq2SEw6FqwLit6PT+wjbadGkOCDhz6VvffK2PriOo9df42</font></div><div><font face="monospace, monospace" size="1">ioejvBOjXA8nbJ60sCdQl/c7FKWGCXIeRxbwjTNXU9N491TBJI4+aseyE+K87JsW</font></div><div><font face="monospace, monospace" size="1">iWIxDUIj9lvGsljRKwZ/lGOO7qkKTttcr97UUwV+nXRQwvkBNBgOyfIQiFOGHN5B</font></div><div><font face="monospace, monospace" size="1">6Aknu4r+0FpPHfsCggEBANxK2cj4vTOpWKnUspbpHnGqedBjl8a09/wsOa1ptx/t</font></div><div><font face="monospace, monospace" size="1">ZqO+hN1d58S8/8WoGO1FuGWZLEzejpkIURJ+CC4PjNsT0CW1EBO1S+7b+rsRiFBP</font></div><div><font face="monospace, monospace" size="1">tf1NByE6SP60dMA3EJyAynm1gTgfCNBBKma9acpegm181PtQBZA7szV2uc7BzQ/F</font></div><div><font face="monospace, monospace" size="1">e2qEdwtEstOLFN+acS+RvDxxfxwttbZiHC5p4wR8LKntqgFFXicztxDcK+lMH8w1</font></div><div><font face="monospace, monospace" size="1">CPhrWw93VX3Nqxr34IouPL5b+JrTczRPNhjGg1Dq+yv9CtTwCpyRMQvp8XzBObHv</font></div><div><font face="monospace, monospace" size="1">nYtciwRygGRfSJm/UC9w1m2oWtfqt79lQ1bFZ6mxaysCggEBAJOZ5FZjoquZVNtL</font></div><div><font face="monospace, monospace" size="1">cI0lL8VusBJNvKL/jFIbrf1M50jO0bR/OJ/xmhuJcM1oRTrRFUt2N+KItBjQ1N5Y</font></div><div><font face="monospace, monospace" size="1">1UCncjWGcaIL2ecH+nxtSL126NOOSZqbCtPiKCNHMzm1xA1SuF2zdhexrqzwjQOB</font></div><div><font face="monospace, monospace" size="1">9WstwoIiUckyugbT2e0ZPrUXvlnegL8bgSsdDr5GYU63jB12+Tr4CcYsSJAZJ4nY</font></div><div><font face="monospace, monospace" size="1">y6xuB8HgCHlWlQj2qpOuU5wE5F59vgrxuqP7BJ5K2LhAvtlzZZPwPmzSNoxUSUx5</font></div><div><font face="monospace, monospace" size="1">cV3L/AKjRl9M15VUmSa4KW2V15yi5RaP45Kk0I0/7xCFOLWlZlwKTdCm+FI75wKz</font></div><div><font face="monospace, monospace" size="1">d9yEhFMCggEBAIMKv5yuYpY9sbFtBkOBLwv8lfPhmqKoei/2+uRuU3HZncngBldM</font></div><div><font face="monospace, monospace" size="1">ihddOmUQxqs2YyeEw3aCmZ7s9JUkhacotuiHU7VqjMK8gQv4raDkIAtuL1sbnBcm</font></div><div><font face="monospace, monospace" size="1">/c8N97lzyBzg/BEEaHbC91IywY9WM30fVUTeEi/g/T48VTGDi6ozXNF57x2A6PO6</font></div><div><font face="monospace, monospace" size="1">DQqL3IHa9GOQtMHb3focMtDocc0mTdYYK9V1vEB/TC/Tsp2D61cfYnbuQYTND+EW</font></div><div><font face="monospace, monospace" size="1">YrOwSY2EUHzCXn36Zdtr10cRq6N3Sxwye/FB2FSs6hMSx3NH2dAVfUWcvUHubf/a</font></div><div><font face="monospace, monospace" size="1">QQf0KlLTHFbsL5IRqOByDpX7HeCbEzw9fvsCggEAGX3QAjCGkfpZeMxx9HYlUVeV</font></div><div><font face="monospace, monospace" size="1">Ntbc1eHiCzeLs4dLUnAmPx5FaEV8njmyIiylC95wYQ9YfmUb2BoQku1jhlDGk/NN</font></div><div><font face="monospace, monospace" size="1">XqEi0BqyAihN3dFJeG2WLPT5Ve4PNaYdJwe5Qvn58+Jee15lkeznAMg5GUxHpU5O</font></div><div><font face="monospace, monospace" size="1">MmrJi3LA/JFPSOnXBWVPW4gzH4ZRaiJQqJKoCH228uA/ve/NFvGa0vOHmYA2nYhh</font></div><div><font face="monospace, monospace" size="1">+GwkQ+K/XqvqT1pH/yM+2NfKMbtbgd6azwTrRfcfzqhO6UV/ef2FaYc9xjJDre6B</font></div><div><font face="monospace, monospace" size="1">x6M2+vVZ7094C7shX49/n0JGmOd6l5fshPCVXk+5YG8uEMYQr3LEOhH61cphLg==</font></div><div><font face="monospace, monospace" size="1">-----END RSA PRIVATE KEY-----</font></div></div><div><br></div><div><br></div><div>CA cert:</div><div><div><font face="monospace, monospace" size="1">-----BEGIN CERTIFICATE-----</font></div><div><font face="monospace, monospace" size="1">MIIDyDCCArCgAwIBAgIBATANBgkqhkiG9w0BAQsFADBPMSwwKgYDVQQKDCNjb250</font></div><div><font face="monospace, monospace" size="1">cm9sLWFsdC1kZWwub3JnIFNlY3VyaXR5IERvbWFpbjEfMB0GA1UEAwwWQ0EgU2ln</font></div><div><font face="monospace, monospace" size="1">bmluZyBDZXJ0aWZpY2F0ZTAeFw0xNTA5MjkwMjQ4MTlaFw0zNTA5MjkwMjQ4MTla</font></div><div><font face="monospace, monospace" size="1">ME8xLDAqBgNVBAoMI2NvbnRyb2wtYWx0LWRlbC5vcmcgU2VjdXJpdHkgRG9tYWlu</font></div><div><font face="monospace, monospace" size="1">MR8wHQYDVQQDDBZDQSBTaWduaW5nIENlcnRpZmljYXRlMIIBIjANBgkqhkiG9w0B</font></div><div><font face="monospace, monospace" size="1">AQEFAAOCAQ8AMIIBCgKCAQEAxf3rfwJvl6vJ58OnTEkSYzxkGpuZB9A6ybPM0gMV</font></div><div><font face="monospace, monospace" size="1">s/4ME+gbdgxa8oq92pc9TRo1kmUrrrKKMHfK8xVmLx0DSvMgoLscMmuxwWybD43n</font></div><div><font face="monospace, monospace" size="1">QpThnM+bzQmiPiUuulIMpeSCzOVX+3Ry3pasVTVWBxKublVOL9degZko0T/UyKWj</font></div><div><font face="monospace, monospace" size="1">l1om4V1N8miE4wHNqQq0+0jT9bPF+E0ts6hKMQ3g3lA1N1UnAtYFWAhsYDe3ELvR</font></div><div><font face="monospace, monospace" size="1">TzVMkLT/UaIqv6//V8SmpPFJh1E0Hly+/mmyGv9vIaZmwu1CdpMHfU9r+1aoP0ln</font></div><div><font face="monospace, monospace" size="1">Qzee2BFYC95Z/N7KVZGlBaF3DiBfu9y8GLv1xa06Zb0qCwIDAQABo4GuMIGrMB8G</font></div><div><font face="monospace, monospace" size="1">A1UdIwQYMBaAFPoRAWRpUHqDD/dIjt3HahM1n2O1MA8GA1UdEwEB/wQFMAMBAf8w</font></div><div><font face="monospace, monospace" size="1">DgYDVR0PAQH/BAQDAgHGMB0GA1UdDgQWBBT6EQFkaVB6gw/3SI7dx2oTNZ9jtTBI</font></div><div><font face="monospace, monospace" size="1">BggrBgEFBQcBAQQ8MDowOAYIKwYBBQUHMAGGLGh0dHA6Ly9kZXYxLmNvbnRyb2wt</font></div><div><font face="monospace, monospace" size="1">YWx0LWRlbC5vcmc6ODA4MC9jYS9vY3NwMA0GCSqGSIb3DQEBCwUAA4IBAQAfvDWt</font></div><div><font face="monospace, monospace" size="1">shNfLp+5iFqTm2DqnSzND+oh+BR5CLw0/N/2vEaxY6pBXwormVdfIwqoWTsmkXb3</font></div><div><font face="monospace, monospace" size="1">uJ5rjvbTlHt2lnT3wz0Amy/UgW55tHUr/g+4dCtoVedLX8IQmX1201DIpabPcVB+</font></div><div><font face="monospace, monospace" size="1">0j9eiJ1GisM30heKf0M5JtMTtZpGkUTsPXgsyEW8dgHwQO1alR8HnG3ZAeM2zbPT</font></div><div><font face="monospace, monospace" size="1">/BzLgptDt4mJlYtLrtrqhzEcfWWFthdWxTqyR5Rj9ncsPR2+evQraMNfoPQCbLFj</font></div><div><font face="monospace, monospace" size="1">9VupHLt5w3ml/xu5D3bV+3WRJZC73bj6cJ55DySuWnl5LD5HRxv2KeCZMw/gn6dy</font></div><div><font face="monospace, monospace" size="1">TkemFdOW2XcVSI5K</font></div><div><font face="monospace, monospace" size="1">-----END CERTIFICATE-----</font></div></div><div><br></div><div>Testing with the openssl command line appears to work just fine:</div><div><br></div><div><font face="monospace, monospace" size="1">openssl s_server -cert cert.pem -key key_clear.pem -CAfile cacert.pem -Verify 1 -www<br></font></div><div><div><font face="monospace, monospace" size="1">verify depth is 1, must return a certificate</font></div><div><font face="monospace, monospace" size="1">Using default temp DH parameters</font></div><div><font face="monospace, monospace" size="1">Using default temp ECDH parameters</font></div><div><font face="monospace, monospace" size="1">ACCEPT</font></div><div><font face="monospace, monospace" size="1">depth=1 O = <a href="http://control-alt-del.org">control-alt-del.org</a> Security Domain, CN = CA Signing Certificate</font></div><div><font face="monospace, monospace" size="1">verify return:1</font></div><div><font face="monospace, monospace" size="1">depth=0 C = CA, ST = Ontario, L = Toronto, O = Control-alt-del.org, OU = Security, CN = <a href="http://dev1.control-alt-del.org">dev1.control-alt-del.org</a></font></div><div><font face="monospace, monospace" size="1">verify return:1</font></div><div><font face="monospace, monospace" size="1">ACCEPT</font></div></div><div><br></div><div><font face="monospace, monospace" size="1"><br></font></div><div><div><font face="monospace, monospace" size="1"> openssl s_client -cert cert.pem -key key_clear.pem -CAfile cacert.pem -connect localhost:4433</font></div><div><font face="monospace, monospace" size="1">CONNECTED(00000003)</font></div><div><font face="monospace, monospace" size="1">depth=1 O = <a href="http://control-alt-del.org">control-alt-del.org</a> Security Domain, CN = CA Signing Certificate</font></div><div><font face="monospace, monospace" size="1">verify return:1</font></div><div><font face="monospace, monospace" size="1">depth=0 C = CA, ST = Ontario, L = Toronto, O = Control-alt-del.org, OU = Security, CN = <a href="http://dev1.control-alt-del.org">dev1.control-alt-del.org</a></font></div><div><font face="monospace, monospace" size="1">verify return:1</font></div><div><font face="monospace, monospace" size="1">---</font></div><div><font face="monospace, monospace" size="1">Certificate chain</font></div><div><font face="monospace, monospace" size="1"> 0 s:/C=CA/ST=Ontario/L=Toronto/O=Control-alt-del.org/OU=Security/CN=<a href="http://dev1.control-alt-del.org">dev1.control-alt-del.org</a></font></div><div><font face="monospace, monospace" size="1"> i:/O=<a href="http://control-alt-del.org">control-alt-del.org</a> Security Domain/CN=CA Signing Certificate</font></div><div><font face="monospace, monospace" size="1"> 1 s:/O=<a href="http://control-alt-del.org">control-alt-del.org</a> Security Domain/CN=CA Signing Certificate</font></div><div><font face="monospace, monospace" size="1"> i:/O=<a href="http://control-alt-del.org">control-alt-del.org</a> Security Domain/CN=CA Signing Certificate</font></div><div><font face="monospace, monospace" size="1">---</font></div><div><font face="monospace, monospace" size="1">Server certificate</font></div><div><font face="monospace, monospace" size="1">-----BEGIN CERTIFICATE-----</font></div><div><font face="monospace, monospace" size="1">MIIE7jCCA9agAwIBAgIBBzANBgkqhkiG9w0BAQsFADBPMSwwKgYDVQQKDCNjb250</font></div><div><font face="monospace, monospace" size="1">cm9sLWFsdC1kZWwub3JnIFNlY3VyaXR5IERvbWFpbjEfMB0GA1UEAwwWQ0EgU2ln</font></div><div><font face="monospace, monospace" size="1">bmluZyBDZXJ0aWZpY2F0ZTAeFw0xNTA5MzAwMTQ1MzBaFw0xNzA5MTkwMTQ1MzBa</font></div><div><font face="monospace, monospace" size="1">MIGFMQswCQYDVQQGEwJDQTEQMA4GA1UECAwHT250YXJpbzEQMA4GA1UEBwwHVG9y</font></div><div><font face="monospace, monospace" size="1">b250bzEcMBoGA1UECgwTQ29udHJvbC1hbHQtZGVsLm9yZzERMA8GA1UECwwIU2Vj</font></div><div><font face="monospace, monospace" size="1">dXJpdHkxITAfBgNVBAMMGGRldjEuY29udHJvbC1hbHQtZGVsLm9yZzCCAiIwDQYJ</font></div><div><font face="monospace, monospace" size="1">KoZIhvcNAQEBBQADggIPADCCAgoCggIBAMRWGZVic7I8GxviniEkDkgyd8yQFgtT</font></div><div><font face="monospace, monospace" size="1">Cg9o7JFuZ8Mfr8hvvVpBvxT2lYCU4e/x3314ATB0avDy6ZFQtRNHgF9r88+dPTxp</font></div><div><font face="monospace, monospace" size="1">muMOTJV8iJCW1eelFS6HpO+78kZDZ3CAwbUd7Sn92FsCg9m2O0Ad4NIQjCE9lRb7</font></div><div><font face="monospace, monospace" size="1">qDkg99u82SBBSIQs0f62fSlqttlgjXbNYtGHnuiTPPFIgBFAEAffTjgxggwDFKO9</font></div><div><font face="monospace, monospace" size="1">0b1hSsA4m9s1E7kQDSQ+lNb0Acx/2px1lpUpAilhy3oHKcD6iaIz9eC0awC/7bkb</font></div><div><font face="monospace, monospace" size="1">nGAf+oSoMQxANivMHhRUJqzgXplbvxGbmCRVaznSSkLIAlhKmjBM26IOIi7DbN42</font></div><div><font face="monospace, monospace" size="1">kD9Auzo007gnrdELVgoLXSty/lNmQkU3RxBRYIKxm9EKF96B4/kwDUNcxTA3h2OR</font></div><div><font face="monospace, monospace" size="1">rKgxhfxoqTQ3thBuSkdPiEzRiHdisbDccoRUnERxOIaH25Ui56X82xJPGVD69pkJ</font></div><div><font face="monospace, monospace" size="1">E8h8dwze8eEU7M2woGXBsC3RjEgJc8hAaTYxULv6U/ayJl5ubgvZm8taBPcP9B6t</font></div><div><font face="monospace, monospace" size="1">xX5tiPHA0wvLJZAW0yHsLrK+lYeJVWDllgnUgYrBuBktSRTSonvNX6rz4ay2GuJM</font></div><div><font face="monospace, monospace" size="1">FKPb4miRn0MR+si+S8qBRWGsd72C8Hff5JU1UlZhS8XZgmWM24oYAjHRwGlirrqS</font></div><div><font face="monospace, monospace" size="1">KE2/xTmqXPIpAgMBAAGjgZ0wgZowHwYDVR0jBBgwFoAU+hEBZGlQeoMP90iO3cdq</font></div><div><font face="monospace, monospace" size="1">EzWfY7UwSAYIKwYBBQUHAQEEPDA6MDgGCCsGAQUFBzABhixodHRwOi8vZGV2MS5j</font></div><div><font face="monospace, monospace" size="1">b250cm9sLWFsdC1kZWwub3JnOjgwODAvY2Evb2NzcDAOBgNVHQ8BAf8EBAMCBPAw</font></div><div><font face="monospace, monospace" size="1">HQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMA0GCSqGSIb3DQEBCwUAA4IB</font></div><div><font face="monospace, monospace" size="1">AQAY/D3vEcUH1lzuDOmcBkREdwPRaoK5Md6K1wRZpWNrgH31Hr0e4xssGqkh9pTR</font></div><div><font face="monospace, monospace" size="1">GdEi/9KSjk6gLLm2ZvzvZ9xynAO45xOuAHQoO5iU0lCj/HA+Qorf8DdFIC7ExtPg</font></div><div><font face="monospace, monospace" size="1">+q8D83q4pZaICOlMt8Po42YJnM2P/A9actneou1CvETEHsiGxNYG7H5Md7jG3/ss</font></div><div><font face="monospace, monospace" size="1">hr4RmmHr8x9n3tPFry3+iWbCGuj+gHeQaf75Y/Sk9UZYqOgFWOTANF8M/dgiGT6t</font></div><div><font face="monospace, monospace" size="1">dC+RNIDO4FGJqd/y8EYPEwgTtxBj/pOPvNQsbNf9WEe2RAV+Lw4A9XSk+hMCTzjd</font></div><div><font face="monospace, monospace" size="1">mqNOAQclbr/xGsLHVa77m+lZ</font></div><div><font face="monospace, monospace" size="1">-----END CERTIFICATE-----</font></div><div><font face="monospace, monospace" size="1">subject=/C=CA/ST=Ontario/L=Toronto/O=Control-alt-del.org/OU=Security/CN=<a href="http://dev1.control-alt-del.org">dev1.control-alt-del.org</a></font></div><div><font face="monospace, monospace" size="1">issuer=/O=<a href="http://control-alt-del.org">control-alt-del.org</a> Security Domain/CN=CA Signing Certificate</font></div><div><font face="monospace, monospace" size="1">---</font></div><div><font face="monospace, monospace" size="1">Acceptable client certificate CA names</font></div><div><font face="monospace, monospace" size="1">/O=<a href="http://control-alt-del.org">control-alt-del.org</a> Security Domain/CN=CA Signing Certificate</font></div><div><font face="monospace, monospace" size="1">Server Temp Key: ECDH, prime256v1, 256 bits</font></div><div><font face="monospace, monospace" size="1">---</font></div><div><font face="monospace, monospace" size="1">SSL handshake has read 4547 bytes and written 3156 bytes</font></div><div><font face="monospace, monospace" size="1">---</font></div><div><font face="monospace, monospace" size="1">New, TLSv1/SSLv3, Cipher is ECDHE-RSA-AES256-GCM-SHA384</font></div><div><font face="monospace, monospace" size="1">Server public key is 4096 bit</font></div><div><font face="monospace, monospace" size="1">Secure Renegotiation IS supported</font></div><div><font face="monospace, monospace" size="1">Compression: NONE</font></div><div><font face="monospace, monospace" size="1">Expansion: NONE</font></div><div><font face="monospace, monospace" size="1">SSL-Session:</font></div><div><font face="monospace, monospace" size="1"> Protocol : TLSv1.2</font></div><div><font face="monospace, monospace" size="1"> Cipher : ECDHE-RSA-AES256-GCM-SHA384</font></div><div><font face="monospace, monospace" size="1"> Session-ID: AAF2D6ACAF687FD0079806B7F19BDC1F9FFF1A6AE4F5FFEAE39184A33160923B</font></div><div><font face="monospace, monospace" size="1"> Session-ID-ctx:</font></div><div><font face="monospace, monospace" size="1"> Master-Key: 155BE3B00A85F909004AB1F8F7F8FC337DE87BF296CBF90EC68F0517D25AC075EA52DCC5EACCCD2D0706B6982210ADE8</font></div><div><font face="monospace, monospace" size="1"> Key-Arg : None</font></div><div><font face="monospace, monospace" size="1"> Krb5 Principal: None</font></div><div><font face="monospace, monospace" size="1"> PSK identity: None</font></div><div><font face="monospace, monospace" size="1"> PSK identity hint: None</font></div><div><font face="monospace, monospace" size="1"> TLS session ticket lifetime hint: 300 (seconds)</font></div><div><font face="monospace, monospace" size="1"> TLS session ticket:</font></div><div><font face="monospace, monospace" size="1"> 0000 - 9c f2 94 4d a2 11 1e 10-44 a7 55 ae 4b 2b e6 c1 ...M....D.U.K+..</font></div><div><font face="monospace, monospace" size="1"> 0010 - 4d e2 85 24 61 7c 9c 79-05 85 d3 28 cc f8 7a d1 M..$a|.y...(..z.</font></div><div><font face="monospace, monospace" size="1"> 0020 - 48 52 c3 56 02 86 61 f4-1e 09 42 d5 0a c9 f4 76 HR.V..a...B....v</font></div><div><font face="monospace, monospace" size="1"> 0030 - 78 73 0e 89 e6 0f 16 e3-8e b5 f2 53 65 45 45 8f xs.........SeEE.</font></div><div><font face="monospace, monospace" size="1"> 0040 - 43 40 a2 61 84 a1 bd af-54 4c 3f 6b c2 5c e7 66 C@.a....TL?k.\.f</font></div><div><font face="monospace, monospace" size="1"> 0050 - 56 95 5b c6 6d cc 0e 57-3a 92 50 85 3c f4 b5 94 V.[.m..W:.P.<...</font></div><div><font face="monospace, monospace" size="1"> 0060 - 46 84 06 6b 25 d4 ca a0-17 f6 40 1d 46 3d 68 26 F..k%.....@.F=h&</font></div><div><font face="monospace, monospace" size="1"> 0070 - f0 32 62 ff 1f e5 84 f6-c7 42 58 a3 2e df d1 a7 .2b......BX.....</font></div><div><font face="monospace, monospace" size="1"> 0080 - 2c fd 8c 4f 69 49 d1 67-a2 5e 23 4b 83 0b d1 0d ,..OiI.g.^#K....</font></div><div><font face="monospace, monospace" size="1"> 0090 - 8e 2a 0e f0 0a 35 cc 4c-5a 7e 41 08 e2 04 36 a8 .*...5.LZ~A...6.</font></div><div><font face="monospace, monospace" size="1"> 00a0 - f6 41 10 c9 6b 67 c0 df-0a 9e c5 e1 df 9e 2f f1 .A..kg......../.</font></div><div><font face="monospace, monospace" size="1"> 00b0 - 5b 2b a0 b5 f1 44 2c b5-d4 b8 ac 4d 71 4d e1 38 [+...D,....MqM.8</font></div><div><font face="monospace, monospace" size="1"> 00c0 - b0 db b9 30 11 48 d9 71-b1 c8 ed 59 e8 74 0e 5b ...0.H.q...Y.t.[</font></div><div><font face="monospace, monospace" size="1"> 00d0 - 8c fb 77 45 c1 d1 77 01-a4 13 41 9a 73 8c 86 4b ..wE..w...A.s..K</font></div><div><font face="monospace, monospace" size="1"> 00e0 - e1 04 ed 1b 09 1d ca 1d-fd 7a 54 02 c9 46 3c 3a .........zT..F<:</font></div><div><font face="monospace, monospace" size="1"> 00f0 - 92 af 83 f9 98 37 23 cb-95 ed 21 98 22 45 0c ca .....7#...!."E..</font></div><div><font face="monospace, monospace" size="1"> 0100 - c9 dc 27 82 c1 02 56 d2-f2 41 d0 a6 84 25 df 6c ..'...V..A...%.l</font></div><div><font face="monospace, monospace" size="1"> 0110 - bc 3d 24 7e bb a6 58 2c-a0 54 40 f0 73 dc 19 cf .=$~..X,.T@.s...</font></div><div><font face="monospace, monospace" size="1"> 0120 - a3 2e f8 ea bd e1 85 5b-d1 7c 0c a4 9d 57 40 d3 .......[.|...W@.</font></div><div><font face="monospace, monospace" size="1"> 0130 - 06 b5 1c bd 1b 5f 19 ae-c3 9f ee e7 97 4c 3b 4c ....._.......L;L</font></div><div><font face="monospace, monospace" size="1"> 0140 - 2d 31 fc 85 be b4 2e 0a-9a 75 63 60 b0 fe 02 67 -1.......uc`...g</font></div><div><font face="monospace, monospace" size="1"> 0150 - 7e 81 5e 5e b4 7c 15 c5-95 13 5f d9 8d de 03 54 ~.^^.|...._....T</font></div><div><font face="monospace, monospace" size="1"> 0160 - cc 02 6b 70 e2 91 5e eb-d5 ea 79 12 ca d8 90 44 ..kp..^...y....D</font></div><div><font face="monospace, monospace" size="1"> 0170 - e6 27 1e 5d 5a 6d 0f 2a-f7 bf 7e ff 5b 62 4e 23 .'.]Zm.*..~.[bN#</font></div><div><font face="monospace, monospace" size="1"> 0180 - 42 9d 4e 69 83 89 d6 6f-11 cf bd ab fb 9d ab 8b B.Ni...o........</font></div><div><font face="monospace, monospace" size="1"> 0190 - 44 88 bf e9 b7 d0 41 9a-33 a9 ab 2c d4 84 82 1c D.....A.3..,....</font></div><div><font face="monospace, monospace" size="1"> 01a0 - c5 2f 24 bb 0f 01 cd ad-af 18 57 bc 6d e2 ec cb ./$.......W.m...</font></div><div><font face="monospace, monospace" size="1"> 01b0 - 7a 3b db 1c 8b 4d fe 38-6d 10 12 ad a4 e1 f7 da z;...M.8m.......</font></div><div><font face="monospace, monospace" size="1"> 01c0 - 0a 61 cb da d9 89 85 2f-6b e6 ec 31 27 e3 04 96 .a...../k..1'...</font></div><div><font face="monospace, monospace" size="1"> 01d0 - 0d ad 65 2e 17 10 c9 ff-36 64 2c 9a b2 5c fe f1 ..e.....6d,..\..</font></div><div><font face="monospace, monospace" size="1"> 01e0 - 28 79 1d e7 f3 e9 92 f4-57 ea bd 27 e0 9c 7b bd (y......W..'..{.</font></div><div><font face="monospace, monospace" size="1"> 01f0 - c3 6a 08 f1 d4 70 19 81-43 9a 5b 9a 99 d0 ff 04 .j...p..C.[.....</font></div><div><font face="monospace, monospace" size="1"> 0200 - 3e d5 fe 36 df c6 71 cc-93 08 af ab f7 8d b0 30 >..6..q........0</font></div><div><font face="monospace, monospace" size="1"> 0210 - 39 d8 0b 26 a9 01 be c1-d9 1e d5 96 ae 4c 44 0b 9..&.........LD.</font></div><div><font face="monospace, monospace" size="1"> 0220 - 18 99 ee ab 20 ba 8c fc-9b 1e 49 9e c6 cd ce b9 .... .....I.....</font></div><div><font face="monospace, monospace" size="1"> 0230 - b9 23 5e 50 f2 8c e7 e8-21 ff cb 00 ea 4b fb 68 .#^P....!....K.h</font></div><div><font face="monospace, monospace" size="1"> 0240 - 20 75 3d 61 f7 d5 c1 77-f1 65 bb bf 8e ae c6 94 u=a...w.e......</font></div><div><font face="monospace, monospace" size="1"> 0250 - 6d cb 8d 50 02 7d 4d cb-32 f3 2a ce 2b e3 2a 5a m..P.}M.2.*.+.*Z</font></div><div><font face="monospace, monospace" size="1"> 0260 - 15 1b 54 3c ba a2 5c 3f-02 f8 1b e3 af 4f fa f9 ..T<..\?.....O..</font></div><div><font face="monospace, monospace" size="1"> 0270 - 5a 30 af 0e 01 af d6 f1-a6 8d eb b2 2b 04 59 88 Z0..........+.Y.</font></div><div><font face="monospace, monospace" size="1"> 0280 - 83 60 03 dd e5 b8 60 b2-f7 9f 7a e6 e7 ee b2 a1 .`....`...z.....</font></div><div><font face="monospace, monospace" size="1"> 0290 - 97 89 21 36 f3 e0 ae 27-39 1b 0b af 65 e8 0d 0e ..!6...'9...e...</font></div><div><font face="monospace, monospace" size="1"> 02a0 - 4b 23 f4 7a 9f e8 7b 18-d9 2c 69 da 2e 6e 9e 21 K#.z..{..,i..n.!</font></div><div><font face="monospace, monospace" size="1"> 02b0 - 6b ef a0 2e a8 ae 9e 96-1b 77 f1 ca 1c df a7 cc k........w......</font></div><div><font face="monospace, monospace" size="1"> 02c0 - 34 ee 34 7c 8f de 2c ab-06 29 75 8e 0c 6e d3 84 4.4|..,..)u..n..</font></div><div><font face="monospace, monospace" size="1"> 02d0 - 35 9f 85 69 99 84 7b 74-c4 09 40 57 61 1f ea 14 5..i..{t..@Wa...</font></div><div><font face="monospace, monospace" size="1"> 02e0 - ab a2 4c 5e f8 f1 a1 cb-d9 b8 ce 56 19 12 27 eb ..L^.......V..'.</font></div><div><font face="monospace, monospace" size="1"> 02f0 - 99 97 cb fe 6c a0 00 01-10 db d3 ab 38 1d de da ....l.......8...</font></div><div><font face="monospace, monospace" size="1"> 0300 - ed 4b fe c0 8a 80 ef 76-9d 62 d6 ff 9a 98 78 04 .K.....v.b....x.</font></div><div><font face="monospace, monospace" size="1"> 0310 - e6 14 66 42 1c 6e 4e c4-90 09 03 93 3b e5 87 fa ..fB.nN.....;...</font></div><div><font face="monospace, monospace" size="1"> 0320 - 54 cc 0f 34 68 ce b8 f8-68 ad 62 f7 07 7f 1f 62 T..4h...h.b....b</font></div><div><font face="monospace, monospace" size="1"> 0330 - 6b 63 ec b2 b9 40 a2 20-8f 10 d4 18 b9 e5 71 90 kc...@. ......q.</font></div><div><font face="monospace, monospace" size="1"> 0340 - f6 4c 31 e5 e0 68 3d 68-c1 18 2f 2a 48 4a 34 7f .L1..h=h../*HJ4.</font></div><div><font face="monospace, monospace" size="1"> 0350 - ff 08 3f 5a d0 72 dc 79-aa 86 c3 47 bd 07 15 ad ..?Z.r.y...G....</font></div><div><font face="monospace, monospace" size="1"> 0360 - d9 91 58 bf f4 c2 bc e4-7b dc 21 ff 6e 35 46 b0 ..X.....{.!.n5F.</font></div><div><font face="monospace, monospace" size="1"> 0370 - fe 16 e1 43 1b a8 c3 33-cb 03 2e 9a 86 85 71 7a ...C...3......qz</font></div><div><font face="monospace, monospace" size="1"> 0380 - af be 31 c2 6e 01 97 5c-74 9c ec 11 cc e9 94 3d ..1.n..\t......=</font></div><div><font face="monospace, monospace" size="1"> 0390 - c5 92 ee 45 ba 0d 41 a4-c3 55 9f dc cd d5 30 f7 ...E..A..U....0.</font></div><div><font face="monospace, monospace" size="1"> 03a0 - ba 78 41 3e b9 48 02 64-e8 cc 51 c9 20 00 13 1f .xA>.H.d..Q. ...</font></div><div><font face="monospace, monospace" size="1"> 03b0 - 17 b9 24 83 c0 ab 84 dd-8b e2 eb 84 6b e9 78 17 ..$.........k.x.</font></div><div><font face="monospace, monospace" size="1"> 03c0 - 0c 9d 78 17 a1 58 e6 09-9b ee 0e 3e 39 be 17 e1 ..x..X.....>9...</font></div><div><font face="monospace, monospace" size="1"> 03d0 - f2 d9 da c4 8f 45 07 91-6a 3c d4 ca 7b dc 6b 24 .....E..j<..{.k$</font></div><div><font face="monospace, monospace" size="1"> 03e0 - b2 03 92 1a ea 96 4f 85-67 4b a7 17 2b 61 c4 2a ......O.gK..+a.*</font></div><div><font face="monospace, monospace" size="1"> 03f0 - c4 87 32 fd b1 41 36 6e-e0 f3 cc 92 00 5b 54 19 ..2..A6n.....[T.</font></div><div><font face="monospace, monospace" size="1"> 0400 - 72 3a 73 dd 2e b4 6f 22-42 4f 27 42 f5 ec f5 0f r:s...o"BO'B....</font></div><div><font face="monospace, monospace" size="1"> 0410 - b4 0a 16 58 60 55 81 18-ea 10 9b 0a 67 80 34 1f ...X`U......g.4.</font></div><div><font face="monospace, monospace" size="1"> 0420 - b1 e1 69 40 e1 b5 a2 c6-d5 49 7c b9 e8 9e 1a 48 ..i@.....I|....H</font></div><div><font face="monospace, monospace" size="1"> 0430 - 0b 43 36 30 28 24 fa c3-33 b2 80 94 16 6f 87 66 .C60($..3....o.f</font></div><div><font face="monospace, monospace" size="1"> 0440 - ae dc 74 44 f6 9a 65 95-11 ab 05 e9 2b b5 cc 23 ..tD..e.....+..#</font></div><div><font face="monospace, monospace" size="1"> 0450 - 0a 84 56 d0 b3 14 ce d1-2f 24 e6 6c da 7c 25 bd ..V...../$.l.|%.</font></div><div><font face="monospace, monospace" size="1"> 0460 - f0 7d 64 07 69 f5 20 a4-d1 1e 3f 1c 83 41 2f 23 .}d.i. ...?..A/#</font></div><div><font face="monospace, monospace" size="1"> 0470 - 09 fd 8b 38 43 d7 8a 0d-b9 58 ba 41 7b 66 9d 5c ...8C....X.A{f.\</font></div><div><font face="monospace, monospace" size="1"> 0480 - 2e 25 6a 13 8a 68 6c d0-09 61 73 9c 38 87 9e 5d .%j..hl..as.8..]</font></div><div><font face="monospace, monospace" size="1"> 0490 - 17 b6 da 9c 31 ec 0b f8-f4 3b 62 1e a5 7a fb ee ....1....;b..z..</font></div><div><font face="monospace, monospace" size="1"> 04a0 - 7d 3e 72 f6 4d 1d 76 fa-cf 6f f2 b5 82 62 e1 af }>r.M.v..o...b..</font></div><div><font face="monospace, monospace" size="1"> 04b0 - d4 c4 a3 d6 48 c9 22 13-d4 26 bc ba 2b 76 ab 0a ....H."..&..+v..</font></div><div><font face="monospace, monospace" size="1"> 04c0 - 89 e6 ca fb 26 84 0e 95-89 26 d3 7a ea d9 6d 97 ....&....&.z..m.</font></div><div><font face="monospace, monospace" size="1"> 04d0 - 50 86 cd 13 b4 70 ad f2-fe 79 4a 05 f7 69 a4 b8 P....p...yJ..i..</font></div><div><font face="monospace, monospace" size="1"> 04e0 - 9e 87 ba 2d e9 6f 01 ce-dc 09 28 b3 09 ff 64 a0 ...-.o....(...d.</font></div><div><font face="monospace, monospace" size="1"> 04f0 - 5d 64 19 66 cb 7d 5b f0-2b a2 c3 b2 de 09 ef f0 ]d.f.}[.+.......</font></div><div><font face="monospace, monospace" size="1"> 0500 - 7c 60 fa a8 cb e6 b5 fa-31 d5 0a a4 81 72 f0 a2 |`......1....r..</font></div><div><font face="monospace, monospace" size="1"> 0510 - 73 31 48 15 91 6b 66 32-6e 90 86 2c f9 00 45 7b s1H..kf2n..,..E{</font></div><div><font face="monospace, monospace" size="1"> 0520 - e0 47 3c 6e 48 d4 20 09-b8 00 c4 08 a6 d8 1c c7 .G<nH. .........</font></div><div><font face="monospace, monospace" size="1"> 0530 - 00 02 8f ac 10 56 f6 98-24 b1 e5 1e d9 83 99 20 .....V..$......</font></div><div><font face="monospace, monospace" size="1"> 0540 - d9 f3 da bc 74 e9 03 a9-59 cb 72 da 7c 77 e5 d1 ....t...Y.r.|w..</font></div><div><font face="monospace, monospace" size="1"> 0550 - bc fb 61 ca 15 ea 05 9a-b9 94 db 32 37 93 fb 6e ..a........27..n</font></div><div><font face="monospace, monospace" size="1"> 0560 - 0d 94 e4 09 53 b8 c8 70-89 81 40 36 8b 0f 3b 35 ....S..p..@6..;5</font></div><div><font face="monospace, monospace" size="1"> 0570 - 31 cf 1e 1f 8f 3f a6 88-e7 62 40 0f 33 3c 91 7f 1....?...b@.3<..</font></div><div><font face="monospace, monospace" size="1"> 0580 - 4a aa 2e 39 86 53 90 7a-95 e2 cb 2e 36 1e a0 c7 J..9.S.z....6...</font></div><div><font face="monospace, monospace" size="1"><br></font></div><div><font face="monospace, monospace" size="1"> Start Time: 1452397215</font></div><div><font face="monospace, monospace" size="1"> Timeout : 300 (sec)</font></div><div><font face="monospace, monospace" size="1"> Verify return code: 0 (ok)</font></div><div><font face="monospace, monospace" size="1">---</font></div></div><div><br></div><div>So my guess at this point is that either TLS distribution is broken, or there's something that it doesn't like about my certificate.</div><div><br></div><div>Is it doing some weird hostname checking against the CN (or is there some rule for CN naming that needs to be followed?).</div><div><br></div><div>I've tried a slew of permutations of -inet_dist_op (concatenating cert/key, session renegotiate, verify, etc...) to no avail.</div><div><br></div><div>Someone please let me know what I've missed or if there is better documentation somewhere that will highlight what I've been doing wrong.</div><div><br></div><div>Regards,</div><div><br></div><div><div><div class="gmail_signature"><div dir="ltr"><div dir="ltr"><div dir="ltr"><div style="font-size:small">Mark Steele</div><div style="font-size:small">CISSP, GPEN, GCIA, CSM</div><div style="font-size:small"><a href="mailto:mark@control-alt-del.org" target="_blank">mark@control-alt-del.org</a><br></div><div style="font-size:small"><br></div><div><font size="2">LinkedIn: <a href="https://ca.linkedin.com/in/markrsteele" target="_blank">https://ca.linkedin.com/in/markrsteele</a></font><br></div><div style="font-size:small">Github: <a href="https://github.com/marksteele" target="_blank">https://github.com/marksteele</a></div><div><font size="2">Personal: <a href="http://www.control-alt-del.org" target="_blank">http://www.control-alt-del.org</a></font></div><div style="font-size:small"></div></div></div></div></div></div>
</div></div>