hello,
i am running el5 with unmodified openssl.cnf file and have a program that uses the openssl libraries but is stupid enough to not offer some parameters to configure cert and cacert ("check_nrpe").
This programs source code initializes the openssl lib as follows:
SSL_library_init();
SSLeay_add_ssl_algorithms();
meth=SSLv23_client_method();
SSL_load_error_strings();
SSL_CTX_set_options(ctx,SSL_OP_NO_SSLv2 | SSL_OP_NO_SSLv3);
Given "local_host_name.pem" and "ca_new.crt" which are created on a different machine (my root ca) with openssl, if i run a
openssl s_client -connect remotehost.80:5666 -CAfile /etc/tmpssl/ca_new.crt -cert /etc/tmpssl/local_host_name.pem
that validates remotehost's certificate successfully and remotehost does not complain either in the logs.
So, what i *think* i need now is to setup an openssl.cnf file which enables me to run above command without specifying the certs:
openssl s_client -connect remotehost.80:5666
After appending "ca_new.crt" to "/etc/pki/tls/certs/ca_bundle.crt", i can omit the "-CAfile /etc/tmpssl/ca_new.crt" parameter from above command and it still works fine.
But i can not find out what to do with the server certificate "local_host_name.pem" to reach my goal.
Could anybody please enlighten me ?
greetings, SR
--
Nanotron Technologies GmbH * Alt-Moabit 60 * 10555 Berlin * Germany
Geschaeftsfuehrer: Dr. Jens N. Albers
Sitz der Gesellschaft: Berlin * Registergericht: Berlin-Charlottenburg * HRB 42324
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20160222/d3a1efd9/attachment.html>
