[gnutls-help] Unable to do handshake in gnutls using x509 certificate

Daniel Kahn Gillmor dkg at fifthhorseman.net
Fri May 22 22:56:19 CEST 2015

On Thu 2015-05-21 03:03:29 -0400, Shruti Patil wrote:
> This is shruti here, I am facing some issue in hand shaking betwen server
> and client... I have  generated cert.pem key.pem crl.pem using
> certtool..

You haven't mentioned how you generated these files specifically.

> I am trying with the following sample code :
> http://www.gnutls.org/manual/html_node/Simple-client-example-with-X_002e509-certificate-support.html#Simple-client-example-with-X_002e509-certificate-support
> http://www.gnutls.org/manual/html_node/Echo-server-with-X_002e509-authentication.html#Echo-server-with-X_002e509-authentication
> when I execute the above server and client code it displays the following
> message:
> "Handshake failed
> GnuTLS error: Error in the certificate.
> The certificate is NOT trusted. The certificate issuer is unknown. The name
> in the certificate does not match the expected "

It sounds to me like the client does not know about the server's
certificate, and so it is rejecting the connection.

If you make sure that the server's certificate was issued by a CA that
the client knows about and trusts, that should be sufficient.

what CAs does the client know about?


More information about the Gnutls-help mailing list