0
During the TLS1.2 handshake I obtain from the server a list of trusted certificates. I assume, these should be the issuers that the server trusts. OpenSSL calles them Acceptable client certificate CA names, so these are certificate issuers!? However, the name of my client certificate is in there, but not the client certificate's issuer name. (For OpenSSL, that seems to be fine.)
Is that a mistake in the server's implementation?
Is there a way using schannel (e.g. via cURL under Windows, but also .NET) to still provide my certificate? As I understand schannel, it realizes that the issuer of my certificate is not listed there, so it does not use that certificate. Hence, the handshake fails. Can one force schannel to use a specific certificate even though the issuer is not listed?
edit 1. To clarify, I just want to talk to the server, which is not under my control. My client implementation should be based on C#/.Net and ideally schannel, thus, I'm testing up to now with cURL (schannel); the server has unfortunately to be considered as an (unknown) constant.
Thanks!
jonathan
Posted 2018-04-21T18:31:46.867
Reputation: 1
Can you clarify which side is using what implementation? (In particular what library and what software is the TLS server using?) – user1686 – 2018-04-21T19:13:59.443
I actually don't know. I'm not responsible for the server. I edited my message. – jonathan – 2018-04-21T19:19:59.063
1In the end, the server adminstrator realized his mistake and included the issuer certificate as well. – jonathan – 2018-04-28T17:33:30.480