SSL3_GET_CLIENT_CERTIFICATE:peer did not return a certificate

[john]

For the sake of posterity (e.g future searches on this topic). The
stanza that Ivan replace in the MAKEFILE used to create working
client.p12 files under Windows XP SP3 are:


client.csr client.key: client.cnf
        openssl req -new  -out client.csr -keyout client.key -config
./client.cnf

client.crt: client.csr ca.pem ca.key index.txt serial
        openssl ca -batch -keyfile ca.key -cert ca.pem -in client.csr
-key $(PASSWORD_CA) -out client.crt -extensions xpclient_ext -extfile
xpextensions -config ./client.cnf

client.p12: client.crt
        openssl pkcs12 -export -in client.crt -inkey client.key -out
client.p12  -passin pass:$(PASSWORD_CLIENT) -passout
pass:$(PASSWORD_CLIENT)

client.pem: client.p12
        openssl pkcs12 -in client.p12 -out client.pem -passin
pass:$(PASSWORD_CLIENT) -passout pass:$(PASSWORD_CLIENT)
        cp client.pem $(USER_NAME).pem

.PHONY: server.vrfy
client.vrfy: ca.pem client.pem
        c_rehash .
        openssl verify -CApath . client.pem



>
> The makefile you sent me allowd me to generate a correct client.p12
> which cleared up the error reported by windows. Thanks very much. So
> it looks like windows may prefer personal certs signed by the CA
> rather than the server? I can sucessfully use the client cert with the
> "Smart Card or other Certificate" options on Windows XP/SP3 (which
> uses EAP-TLS I believe).