add some debug info

2012-04-16 20:43:01 +01:00 · 2012-04-16 20:43:01 +01:00 · bf2f276c0c
commit bf2f276c0c
parent 0871e47909
1 changed files with 20 additions and 0 deletions
--- a/README.md
+++ b/README.md
@ -23,3 +23,23 @@ Features
 * bulk algorithm supported: any stream or block ciphers.
 * supported extensions: secure renegociation, next protocol negotiation (draft 2)

+Common Issues
+-------------
+
+The tools mentioned below are all available from the tls-debug package.
+
+* Certificate issues
+
+It's useful to run the following command, which will connect to the destination and
+retrieve the certificate chained used.
+
+    tls-retrievecertificate -d <destination> -p <port> -v -c
+
+As an output it will print every certificates in the chain and will gives the issuer and subjects of each.
+It creates a chain where issuer of certificate is the subject of the next certificate part of the chain:
+
+    (subject #1, issuer #2) -> (subject #2, issuer #3) -> (subject #3, issuer #3)
+
+A "CA is unknown" error indicates that your system doesn't have a certificate in
+the trusted store belonging to any of the node of the chain.
+