> When I tested a remote server using s_client, it responded with: > > verify return:1 > > 139790582232992:error:14094413:SSL routines:SSL3_READ_BYTES:sslv3 > alert unsupported certificate:s3_pkt.c:1259:SSL alert number 43 > > 139790582232992:error:1409E0E5:SSL routines:SSL3_WRITE_BYTES:ssl > handshake failure:s3_pkt.c:598: > > > I found the the following URL about this: > > http://stackoverflow.com/questions/14435839/ssl-alert-43-when-doing-client-authentication-in-ssl?answertab=oldest#tab-top > > My question: Does this indicate something wrong with server side > certificate like the URL said? Netscape Cert Type was recently removed, IIRC. OpenSSL servers [used to?] have a bug where they can't use the EC key pair they generated for use with an EC-based certificate. Also see http://wiki.openssl.org/index.php/Elliptic_Curve_Cryptography#Named_Curves. Post the certificate. Use `openssl s_client -connect <hostname>:<port> -tls1 -servername <hostname> | openssl x509 -text -noout` Jeff -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
