[CalendarServer-users] SSL with caldavd

Andre LaBranche dre at apple.com
Mon Mar 28 11:16:20 PDT 2016


Hi,

I'm unsure which of your file names mean which things, but we expect the file referenced by SSLAuthorityChain to contain a concatenation of the following, in this order:

server cert
intermediate CA certs
root CA cert

-dre

> On Mar 28, 2016, at 12:41 AM, Gaurav Jain <monkeyfdude at gmail.com> wrote:
> 
> I have also explained the problem at
> 
> http://security.stackexchange.com/questions/118750/having-issues-with-sslv3-handshake-failed <http://security.stackexchange.com/questions/118750/having-issues-with-sslv3-handshake-failed>
> 
> Please help.
> 
> 
> On Sun, Mar 27, 2016 at 8:05 PM, Gaurav Jain <monkeyfdude at gmail.com <mailto:monkeyfdude at gmail.com>> wrote:
> Without Intermediate Certs, I get
> <!-- SSL authority chain (for intermediate certs) -->
> 
>     <key>SSLAuthorityChain</key>
> 
> 
>     <string></string>
> 
> 41275:error:14077410:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert handshake failure:/SourceCache/OpenSSL098/OpenSSL098-52.40.1/src/ssl/s23_clnt.c:593:
> 
> ------------------------------------------------ Different Error --------------------------------
> With Intermediate Certs:
> 
> <!-- SSL authority chain (for intermediate certs) -->
> 
>     <key>SSLAuthorityChain</key>
> 
> 
>     <string>/etc/ssl/myProject/PositiveSSL.ca-bundle</string>
> 
> 
> java.security.cert.CertPathValidatorException: Trust anchor for certification path not found.
> 
> On Sun, Mar 27, 2016 at 7:12 PM, Gaurav Jain <monkeyfdude at gmail.com <mailto:monkeyfdude at gmail.com>> wrote:
> Hi,
> 
> Thank you for creating caldavd.
> 
> I try to configure SSL with Caldavd. I am having issues configuring SSLAuthortiyChain.
> 
> I use positive SSL which gave following file for intermediate chain
> 
> AddTrustExternalCARoot.crt                 
> 
> COMODORSAAddTrustCA.crt                      
> 
> COMODORSADomainValidationSecureServerCA.crt
> 
> 
> 
> I created a file PositiveSSL.ca-bundle 
> 
> cat COMODORSADomainValidationSecureServerCA.crt COMODORSAAddTrustCA.crt  AddTrustExternalCARoot.crt      > PositiveSSL.ca-bundle 
> 
> 
> 
>     <!-- SSL authority chain (for intermediate certs) -->
> 
>     <key>SSLAuthorityChain</key>
> 
> 
>     <string>/etc/ssl/myProject/PositiveSSL.ca-bundle</string>
> 
> 
> 
> But I get "HandShake Failed" error.
> 
> openssl s_client -connect example.com:8443 <http://example.com:8443/> -CAfile ~/ssl/comodo/PositiveSSL.ca-bundle 
> 
> CONNECTED(00000003)
> 
> 
> 41275:error:14077410:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert handshake failure:/SourceCache/OpenSSL098/OpenSSL098-52.40.1/src/ssl/s23_clnt.c:593:
> 
> 
> 
> Would you be able to point me to issue?
> 
> 
> 
> _______________________________________________
> calendarserver-users mailing list
> calendarserver-users at lists.macosforge.org
> https://lists.macosforge.org/mailman/listinfo/calendarserver-users

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.macosforge.org/pipermail/calendarserver-users/attachments/20160328/ce7736e5/attachment.html>


More information about the calendarserver-users mailing list