← Back to team overview

rohc team mailing list archive

Re: IPROHC certificate cannot be verified

 

Hello,

> > Thank you for the details. Please find the below information,
> > attached CA certificates(client and server) and suggest me further.
> > CA password is test.
> 
> OK, I reproduced the problem with:
>  * IP/ROHC 0.7.1
>  * ROHC 1.7.1
>  * GnuTLS 3.3.17
> 
> I'm analyzing the problem.

I also reproduced the problem with the dev branch. The problem is
located in the certificates. They look to be signed by the same CA,
but they are definitely not.

The two CAs got the same subject:
/C=US/ST=Texas/O=My Company/CN=MyCompany/emailAddress=mycompany@xxxxxxxxxxx

But they got different characteristics, eg. serial numbers, validity
start/end dates, public keys... So, CAs are different. That's why the
server does not recognize the client. Same thing for client with server.

I have just updated the instructions on the wiki (to try) to be clearer
(let me know if they are clearer or not):
https://rohc-lib.org/wiki/doku.php?id=iprohc-run&#create_certificates 

Please regenerate your CA, your server's certificate and your client's
certificate. Be sure to perform all 3 on the same machine and in the
same directory. The CA part _must_ be performed _only once_.

Regards,
Didier

Attachment: signature.asc
Description: PGP signature


Follow ups

References