hello, i am running el5 with unmodified openssl.cnf file and have a program that uses the openssl libraries but is stupid enough to not offer some parameters to configure cert and cacert ("check_nrpe"). This programs source code initializes the openssl lib as follows: SSL_library_init(); SSLeay_add_ssl_algorithms(); meth=SSLv23_client_method(); SSL_load_error_strings(); SSL_CTX_set_options(ctx,SSL_OP_NO_SSLv2 | SSL_OP_NO_SSLv3); Given "local_host_name.pem" and "ca_new.crt" which are created on a different machine (my root ca) with openssl, if i run a openssl s_client -connect remotehost.80:5666 -CAfile /etc/tmpssl/ca_new.crt -cert /etc/tmpssl/local_host_name.pem that validates remotehost's certificate successfully and remotehost does not complain either in the logs. So, what i *think* i need now is to setup an openssl.cnf file which enables me to run above command without specifying the certs: openssl s_client -connect remotehost.80:5666 After appending "ca_new.crt" to "/etc/pki/tls/certs/ca_bundle.crt", i can omit the "-CAfile /etc/tmpssl/ca_new.crt" parameter from above command and it still works fine. But i can not find out what to do with the server certificate "local_host_name.pem" to reach my goal. Could anybody please enlighten me ? greetings, SR -- Nanotron Technologies GmbH * Alt-Moabit 60 * 10555 Berlin * Germany Geschaeftsfuehrer: Dr. Jens N. Albers Sitz der Gesellschaft: Berlin * Registergericht: Berlin-Charlottenburg * HRB 42324 -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20160222/c79a6a1b/attachment-0001.html>