[CalendarServer-users] SSL with caldavd
Gaurav Jain
monkeyfdude at gmail.com
Mon Mar 28 18:30:27 PDT 2016
Thanks for the reply. I will try and update again.
On Mon, Mar 28, 2016 at 11:16 AM, Andre LaBranche <dre at apple.com> wrote:
> Hi,
>
> I'm unsure which of your file names mean which things, but we expect the
> file referenced by SSLAuthorityChain to contain a concatenation of the
> following, in this order:
>
> server cert
> intermediate CA certs
> root CA cert
>
> -dre
>
> On Mar 28, 2016, at 12:41 AM, Gaurav Jain <monkeyfdude at gmail.com> wrote:
>
> I have also explained the problem at
>
>
> http://security.stackexchange.com/questions/118750/having-issues-with-sslv3-handshake-failed
>
> Please help.
>
>
> On Sun, Mar 27, 2016 at 8:05 PM, Gaurav Jain <monkeyfdude at gmail.com>
> wrote:
>
>> Without Intermediate Certs, I get
>>
>> <!-- SSL authority chain (for intermediate certs) -->
>>
>> <key>SSLAuthorityChain</key>
>>
>> * <string></string>*
>>
>> 41275:error:14077410:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert
>> handshake
>> failure:/SourceCache/OpenSSL098/OpenSSL098-52.40.1/src/ssl/s23_clnt.c:593:
>> ------------------------------------------------ Different Error
>> --------------------------------
>>
>> With Intermediate Certs:
>>
>> <!-- SSL authority chain (for intermediate certs) -->
>>
>> <key>SSLAuthorityChain</key>
>>
>> * <string>/etc/ssl/myProject/PositiveSSL.ca
>> <http://positivessl.ca>-bundle</string>*
>>
>> java.security.cert.CertPathValidatorException: Trust anchor for
>> certification path not found.
>>
>> On Sun, Mar 27, 2016 at 7:12 PM, Gaurav Jain <monkeyfdude at gmail.com>
>> wrote:
>>
>>> Hi,
>>>
>>> Thank you for creating caldavd.
>>>
>>> I try to configure SSL with Caldavd. I am having issues configuring
>>> SSLAuthortiyChain.
>>>
>>> I use positive SSL which gave following file for intermediate chain
>>>
>>> AddTrustExternalCARoot.crt
>>>
>>> COMODORSAAddTrustCA.crt
>>>
>>> COMODORSADomainValidationSecureServerCA.crt
>>>
>>>
>>> I created a file PositiveSSL.ca <http://positivessl.ca>-bundle
>>>
>>> cat COMODORSADomainValidationSecureServerCA.crt COMODORSAAddTrustCA.crt
>>> AddTrustExternalCARoot.crt > PositiveSSL.ca
>>> <http://positivessl.ca>-bundle
>>>
>>>
>>> <!-- SSL authority chain (for intermediate certs) -->
>>>
>>> <key>SSLAuthorityChain</key>
>>>
>>> <string>/etc/ssl/myProject/PositiveSSL.ca <http://positivessl.ca>
>>> -bundle</string>
>>>
>>>
>>> But I get "HandShake Failed" error.
>>>
>>> openssl s_client -connect example.com:8443 -CAfile ~/ssl/comodo/
>>> PositiveSSL.ca <http://positivessl.ca>-bundle
>>>
>>> CONNECTED(00000003)
>>>
>>> 41275:error:14077410:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert
>>> handshake
>>> failure:/SourceCache/OpenSSL098/OpenSSL098-52.40.1/src/ssl/s23_clnt.c:593:
>>>
>>>
>>> Would you be able to point me to issue?
>>>
>>
>>
> _______________________________________________
> calendarserver-users mailing list
> calendarserver-users at lists.macosforge.org
> https://lists.macosforge.org/mailman/listinfo/calendarserver-users
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.macosforge.org/pipermail/calendarserver-users/attachments/20160328/43d0f146/attachment.html>
More information about the calendarserver-users
mailing list