Verifying server certificate failed?!

Sven Geggus lists at
Thu Mar 15 16:19:08 CET 2012

Richard Moore <rich at> wrote:

> Your chain file includes the root certificate as well as the
> intermediate certificate. You should not be transmitting that one

There has been one unrelated certificate (the one for the User CA) in the
chain which caused the problem. Sending the root cert is probably tolerated.
I did not check this.

What I have now is the following:
SSLCertificateChainFile /path/to/file/with/all/intermediate/certs
SSLCACertificateFile  /path/to/file/with/all/certs/including/root

Anything else causes trouble. My first try has been to put all certificates
into one file and point SSLCertificateChainFile and SSLCACertificateFile
to this file.

So I definitely think gnutls should be more tolerant about certificates
which are not in use but provided anyway.



"In my opinion MS is a lot better at making money than it is at making good
operating systems" (Linus Torvalds, August 1997)

/me is giggls at ircnet, on the Web

More information about the Gnutls-help mailing list