Should the common name be different in server and client?
Posted: Mon Dec 22, 2014 5:27 am
HI,
I though the the KEY_CN should be unique, so I gemerated both server and client certificates signed locally using different CN serve and client:
pkitool --sign "local" server
pkitool --sign "local" client
The certificate parameters between the server and client are the same except the CN, but I got TLS_ERROR: BIO read tls_read_plaintext error: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
Mon Dec 22 05:22:20 2014 TLS Error: TLS object -> incoming plaintext read error
Mon Dec 22 05:22:20 2014 TLS Error: TLS handshake failed
What could I be missing here?
Thank you.
- j
I though the the KEY_CN should be unique, so I gemerated both server and client certificates signed locally using different CN serve and client:
pkitool --sign "local" server
pkitool --sign "local" client
The certificate parameters between the server and client are the same except the CN, but I got TLS_ERROR: BIO read tls_read_plaintext error: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
Mon Dec 22 05:22:20 2014 TLS Error: TLS object -> incoming plaintext read error
Mon Dec 22 05:22:20 2014 TLS Error: TLS handshake failed
What could I be missing here?
Thank you.
- j
