Client Certificate Verification

From: Doug Hardie <bc979_at_lafn.org>
Date: Sun, 17 Dec 2023 05:48:48 UTC
I have an application to which clients connect using a browser over SSL.  I have a LetsEncrypt certificate for the app that lets the client authenticate the app.  However, I need to have a multitude of client certificates (one per client machine).  I am generating these certificates from a self-signed root certificate.  I can get the client to verify the app and provide the client certificate to it.  The app is unable to verify the client certificate.  I have not been able to figure out how to have openssl distribute one certificate (from LetsEncrytp), but verify the received client certificate using different certificate chain.  Openssl will pass me some of the received certificate fields.  However, without certificate verification I cannot be sure that those values came from a certificate I generated.  Is there a way to do this either with openssl or libtls?

-- Doug