> On Apr 25, 2017, at 4:41 PM, Blumenthal, Uri - 0553 - MITLL <uri@xxxxxxxxxx> wrote: > > Client objects to the server chain. Either does not trust the MiTM root CA, or > is unhappy about its encoding (assuming tshark is not generating an FP warning). > > Thank you! So it is the *client* that breaks the connection, and it is unhappy either about MiTM, or the encoding. I will check for both (though not much I can do about either). Well, if there is not facility to configure the client's trusted root CAs, then of course it won't trust the MiTM root cert. Presumably you've added that cert to some trust store on the system in question. The support staff for the product should be able to tell you how to configure trusted TLS CAs, if these are configurable. If the product is not using OpenSSL, this question really is off topic for this list. If it is using OpenSSL, there may be some place where it looks for its CAfile or some CApath directory. -- Viktor. -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
