Hello. this will be the first time i'll be writing an SSL and am using boost::asio::ssl. I've gone through the articles over the net and somewhat understand how ssl works. I've created 3 files at server end as of now: privateKey.pem, unsignedCertificate.csr and signedCertificate.pem. I used the server's privateKey.pem to sign the certificate (hence the generated 3rd file). Hence Server itself is a Certification Authority in this case (CA). Now what i understand from theory is: <1> During handshake client will request server's certificate. <2> on reception the client must verify if the ceritficate is signed by the mentioned trusted Certification Authority (CA) in the certificate. Since CA will have used a private key to sign the certificate client will need CA's public key stored somewhere on its machine. Use that public key file to verify that mentioned CA did indeed sign it. <3> if it is, then verify the certificate as a whole. In my case, the server had used it's own private key to self-sign the certificate. questions: <1> if CA was one of the trusted third parties the O.S would have stored it's public key in default locations. In that case i guess all i needed was ssl::context::set_default_verify_paths() and boost would have used all files there to match against the CA and use its public key. In this case however i need Server's public key file. Am i right? How do i get that (server's public key)? Do i use one of the 3 files above at the client end too? Is it load_verify_file("..") that i need to call pointing to server's public key? <2> context::set_verify_callback : does this get called during handshake? The handler must return bool. Suppose i return false, who will check it and what will it do? What i am guessing is: handshake -> blocks and runs a pre-verification test -> calls the supplied handler -> if handler returns true, handshake is successful otherwise either the handshake throws or fills the error code with non-zero value depending on what flavour of handshake(...) was called. Is this correct? <3> if i use ssl::rfc2818_verification("hostname") as verify_callback handler, what do i pass in place of hostname if there is no hostname (ie., i only know the server ip address). <4> do i have to use chain of files in this case? Because the server would just send one certificate file - the one that is signed right? -- View this message in context: http://boost.2283326.n4.nabble.com/Using-SSL-tp4644012.html Sent from the Boost - Users mailing list archive at Nabble.com.