Hello, OpenSSL experts !
We need your help in better understanding a below behavior -
We are experiencing issue during the initial TLS handshake :
We have the customer-issued TLS certificate that we deploy on our TLS client system
The certs have been generated with a CSR that was generated on customer’s FIPS compliant server
The CSR was then signed by CA hosted on SMGR
During the endpoint registration with the server we have an endpoint initiated TLS handshake – during that handshake the TLS server requests the client Certificate but our TLS client responds with the Certificates Length 0 that causes the TLS server to respond with the Handshake Failure.
The Google search gives some generic ideas on why that might be happening – something along the following lines - that could be happening in case the client’s certificate does not match the server certificate – for example, due to a signing authority mismatch, or due to the encryption cipher type mismatch, or maybe due to some other factors.
Could you please help us in better understanding this issue – what else could be wrong or missing in the Server and Client certificates ?
Thanks,
Vladimir Bashin
Hello Vladimir,
It's worth trying to reproduce the situation using openssl s_client/s_server command-line apps.
On Fri, Feb 7, 2020 at 9:25 PM Bashin, Vladimir <vbashin@xxxxxxxxxxx> wrote:
SY, Dmitry Belyavsky
