Re: [CalendarServer-users] SSL with caldavd

Hi, I'm unsure which of your file names mean which things, but we expect the file referenced by SSLAuthorityChain to contain a concatenation of the following, in this order: server cert intermediate CA certs root CA cert -dre

On Mar 28, 2016, at 12:41 AM, Gaurav Jain <monkeyfdude@gmail.com> wrote:

I have also explained the problem at

http://security.stackexchange.com/questions/118750/having-issues-with-sslv3-... <http://security.stackexchange.com/questions/118750/having-issues-with-sslv3-handshake-failed>

Please help.

On Sun, Mar 27, 2016 at 8:05 PM, Gaurav Jain <monkeyfdude@gmail.com <mailto:monkeyfdude@gmail.com>> wrote: Without Intermediate Certs, I get <!-- SSL authority chain (for intermediate certs) -->

<key>SSLAuthorityChain</key>

<string></string>

41275:error:14077410:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert handshake failure:/SourceCache/OpenSSL098/OpenSSL098-52.40.1/src/ssl/s23_clnt.c:593:

------------------------------------------------ Different Error -------------------------------- With Intermediate Certs:

<!-- SSL authority chain (for intermediate certs) -->

<key>SSLAuthorityChain</key>

<string>/etc/ssl/myProject/PositiveSSL.ca-bundle</string>

java.security.cert.CertPathValidatorException: Trust anchor for certification path not found.

On Sun, Mar 27, 2016 at 7:12 PM, Gaurav Jain <monkeyfdude@gmail.com <mailto:monkeyfdude@gmail.com>> wrote: Hi,

Thank you for creating caldavd.

I try to configure SSL with Caldavd. I am having issues configuring SSLAuthortiyChain.

I use positive SSL which gave following file for intermediate chain

AddTrustExternalCARoot.crt

COMODORSAAddTrustCA.crt

COMODORSADomainValidationSecureServerCA.crt

I created a file PositiveSSL.ca-bundle

cat COMODORSADomainValidationSecureServerCA.crt COMODORSAAddTrustCA.crt AddTrustExternalCARoot.crt > PositiveSSL.ca-bundle

<!-- SSL authority chain (for intermediate certs) -->

<key>SSLAuthorityChain</key>

<string>/etc/ssl/myProject/PositiveSSL.ca-bundle</string>

But I get "HandShake Failed" error.

openssl s_client -connect example.com:8443 <http://example.com:8443/> -CAfile ~/ssl/comodo/PositiveSSL.ca-bundle

CONNECTED(00000003)

41275:error:14077410:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert handshake failure:/SourceCache/OpenSSL098/OpenSSL098-52.40.1/src/ssl/s23_clnt.c:593:

Would you be able to point me to issue?

_______________________________________________ calendarserver-users mailing list calendarserver-users@lists.macosforge.org https://lists.macosforge.org/mailman/listinfo/calendarserver-users