ubuntu - Can't verify CA certificate unless CApath or CAfile used

Question

Welcome To Ask or Share your Answers For Others

ubuntu - Can't verify CA certificate unless CApath or CAfile used

asked Oct 24, 2021 in Technique[技术] by 深蓝 (71.8m points)

ubuntu - Can't verify CA certificate unless CApath or CAfile used

Im having trouble with having OpenSSL connect to a server because of trust issues. I placed the CA certificate on /etc/ssl/certs/ and have run sudo c_rehash and can see that the correct file has been made. I can see that CA certificate is in the ca-certificates.crt. However if I run:

openssl s_client -connect servername.domain.com:636

The command fails with Verify return code: 21 (unable to verify the first certificate)

If I do:

openssl s_client -connect servername.domain.com:636 -CApath /etc/ssl/certs/

I get Verify return code: 0 (ok)

What can I do so I dont have to specify the CApath?

I'm using Ubuntu 13.04.

See Question&Answers more detail:os

与恶龙缠斗过久,自身亦成为恶龙；凝视深渊过久,深渊将回以凝视…

1 Answer

深蓝 · Answer 1 · 2021-10-23T19:07:29+0000

You can also set and export the environment variables SSL_CERT_FILE or SSL_CERT_DIR...

export SSL_CERT_FILE=/path/to/ca_bundle.crt

export SSL_CERT_DIR=/path/to/ca/dir

Then you do not have to specify CAfile or CApath in every openssl command.

Categories

ubuntu - Can't verify CA certificate unless CApath or CAfile used

ubuntu - Can't verify CA certificate unless CApath or CAfile used

Please log in or register to add a comment.

Please log in or register to answer this question.

1 Answer

Please log in or register to add a comment.

Just Browsing Browsing

Most popular tags