Hi Guys 
I'm trying to create a client side certificate PKI infrastructure using Ruby.
On the server side I got this logic:
ss_ssl_context = OpenSSL::SSL::SSLContext.new
flags = OpenSSL::SSL::VERIFY_PEER | OpenSSL::SSL::VERIFY_FAIL_IF_NO_PEER_CERT ss_ssl_context.verify_mode = flags ss_ssl_context.verify_depth = 2
I also load the Certificate store like that:
cert_store = OpenSSL::X509::Store.new cert_store.set_default_paths
(1) I generate a CA authority certificate, imported it to the client's trusted root, and to the servers /etc/ssl/certs/
(2) I generated server and client side certificates and imported the Client side to the browser.
(3) I load the certs to the context.
(4) When connecting to the server I get prompt for choosing a certificate (this is good) Yey
(5) I choose the certificate from the list but instead of allowed access I get this:
<img src="//cdck-file-uploads-global.s3.dualstack.us-west-2.amazonaws.com/flex029/uploads/rubytalk/original/2X/3/3ef660c9abe150a73f3d311cf1a3043930731ed4.png" alt="">
(6) Doing a manual cert_store.verify on the client's certificate it returns => true, which means that I do have a correct CA.
(7) Help :)