<html><head><meta http-equiv="Content-Type" content="text/html charset=us-ascii"></head><body style="word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space;" class="">Hi,<div class=""><br class=""></div><div class="">I'm unsure which of your file names mean which things, but we expect the file referenced by SSLAuthorityChain to contain a concatenation of the following, in this order:</div><div class=""><br class=""></div><div class="">server cert</div><div class="">intermediate CA certs</div><div class="">root CA cert</div><div class=""><br class=""></div><div class="">-dre</div><div class=""><br class=""><div><blockquote type="cite" class=""><div class="">On Mar 28, 2016, at 12:41 AM, Gaurav Jain <<a href="mailto:monkeyfdude@gmail.com" class="">monkeyfdude@gmail.com</a>> wrote:</div><br class="Apple-interchange-newline"><div class=""><div dir="ltr" class="">I have also explained the problem at<div class=""><br class=""></div><div class=""><a href="http://security.stackexchange.com/questions/118750/having-issues-with-sslv3-handshake-failed" class="">http://security.stackexchange.com/questions/118750/having-issues-with-sslv3-handshake-failed</a><br class=""></div><div class=""><br class=""></div><div class="">Please help.</div><div class=""><br class=""></div></div><div class="gmail_extra"><br class=""><div class="gmail_quote">On Sun, Mar 27, 2016 at 8:05 PM, Gaurav Jain <span dir="ltr" class=""><<a href="mailto:monkeyfdude@gmail.com" target="_blank" class="">monkeyfdude@gmail.com</a>></span> wrote:<br class=""><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr" class=""><div class="">Without Intermediate Certs, I get</div><div class=""><span class=""><p style="font-size:12.8px" class=""><!-- SSL authority chain (for intermediate certs) --></p><p style="font-size:12.8px" class=""> <key>SSLAuthorityChain</key></p><div style="font-size: 12.8px;" class=""><br class="webkit-block-placeholder"></div></span><p style="font-size:12.8px" class=""><b class=""> <string></string></b></p><span class=""><p style="font-size:12.8px" class=""><span style="background-color:rgb(255,0,0)" class="">41275:error:14077410:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert handshake failure:/SourceCache/OpenSSL098/OpenSSL098-52.40.1/src/ssl/s23_clnt.c:593:</span></p></span></div><div class="">------------------------------------------------ Different Error --------------------------------</div><div class=""><p style="font-size:12.8px" class="">With Intermediate Certs:</p><span class=""><p style="font-size:12.8px" class=""><!-- SSL authority chain (for intermediate certs) --></p><p style="font-size:12.8px" class=""> <key>SSLAuthorityChain</key></p><div style="font-size: 12.8px;" class=""><br class="webkit-block-placeholder"></div><p style="font-size:12.8px" class=""><b class=""> <string>/etc/ssl/myProject/<a href="http://positivessl.ca" class="">PositiveSSL.ca</a>-bundle</string></b></p></span></div><div class=""><br class=""></div><span style="background-color:rgb(255,0,0)" class="">java.security.cert.CertPathValidatorException: Trust anchor for certification path not found.</span><br class=""></div><div class="HOEnZb"><div class="h5"><div class="gmail_extra"><br class=""><div class="gmail_quote">On Sun, Mar 27, 2016 at 7:12 PM, Gaurav Jain <span dir="ltr" class=""><<a href="mailto:monkeyfdude@gmail.com" target="_blank" class="">monkeyfdude@gmail.com</a>></span> wrote:<br class=""><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr" class="">Hi,<div class=""><br class=""></div><div class="">Thank you for creating caldavd.</div><div class=""><br class=""></div><div class="">I try to configure SSL with Caldavd. I am having issues configuring SSLAuthortiyChain.</div><div class=""><br class=""></div><div class="">I use positive SSL which gave following file for intermediate chain</div><div class=""><br class=""></div><div class=""><p class=""><span class="">AddTrustExternalCARoot.crt </span></p><p class="">COMODORSAAddTrustCA.crt </p><p class=""><span class="">COMODORSADomainValidationSecureServerCA.crt</span></p><p class=""><span class=""><br class=""></span></p><p class=""><span class="">I created a file </span><a href="http://positivessl.ca" class="">PositiveSSL.ca</a>-bundle </p><p class="">cat COMODORSADomainValidationSecureServerCA.crt COMODORSAAddTrustCA.crt AddTrustExternalCARoot.crt > <a href="http://positivessl.ca" class="">PositiveSSL.ca</a>-bundle </p><p class=""><br class=""></p><p class=""><span class=""> </span><span class=""><!-- SSL authority chain (for intermediate certs) --></span></p><p class=""><span class=""> </span><span class=""><key></span><span class="">SSLAuthorityChain</span><span class=""></key></span></p><div class="">
<br class="webkit-block-placeholder"></div><p class=""><span class=""> </span><span class=""><string></span><span class="">/etc/ssl/myProject/<a href="http://positivessl.ca" class="">PositiveSSL.ca</a>-bundle</span><span class=""></string></span></p><p class=""><span class=""><br class=""></span></p><p class="">But I get "HandShake Failed" error.</p><p class=""><span class="">openssl s_client -connect <a href="http://example.com:8443/" target="_blank" class="">example.com:8443</a> -CAfile ~/ssl/comodo/<a href="http://positivessl.ca" class="">PositiveSSL.ca</a>-bundle </span></p><p class=""><span class="">CONNECTED(00000003)</span></p><div class="">
<br class="webkit-block-placeholder"></div><p class=""><span class="">41275:error:14077410:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert handshake failure:/SourceCache/OpenSSL098/OpenSSL098-52.40.1/src/ssl/s23_clnt.c:593:</span></p><p class=""><span class=""><br class=""></span></p><p class=""><span class="">Would you be able to point me to issue?</span></p></div></div>
</blockquote></div><br class=""></div>
</div></div></blockquote></div><br class=""></div>
_______________________________________________<br class="">calendarserver-users mailing list<br class=""><a href="mailto:calendarserver-users@lists.macosforge.org" class="">calendarserver-users@lists.macosforge.org</a><br class="">https://lists.macosforge.org/mailman/listinfo/calendarserver-users<br class=""></div></blockquote></div><br class=""></div></body></html>