openssl x509 -noout -text -in clientcertificate.pem You may need to extract the client certificate from wireshark, but you could also get it from openssl s_server. Specifically, that error message is suggesting that there's a message digest encoded into the certificate which is unknown to the trust path. Chances are, it's probably MD5. MD5 was broken a long time ago, and is no longer trustworthy. (SHA1 is also a possibility, but it was made unacceptable a lot more recently.) -Kyle H On Tue, Sep 26, 2017 at 8:56 AM, Stuart Marsden <stuart@xxxxxxxxxxxx> wrote: > Sorry how can I tell ? > > I can run a wireshark if necessary > > thanks > > >> On 26 Sep 2017, at 16:36, Wouter Verhelst <wouter.verhelst@xxxxxxxxx> wrote: >> >> On 26-09-17 17:26, Stuart Marsden wrote: >>> [ssl:info] [pid 1611] SSL Library Error: error:0D0C50A1:asn1 encoding routines:ASN1_item_verify:unknown message digest algorithm >> >> So which message digest algorithm is the client trying to use? >> >> -- >> Wouter Verhelst >> -- >> openssl-users mailing list >> To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users >> > > > -- > openssl-users mailing list > To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
