Re: openssl s_client

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



> On Feb 5, 2017, at 3:26 PM, Walter H. via openssl-users <openssl-users@xxxxxxxxxxx> wrote:
> 
> openssl s_client -connect mailhost:25 -starttls smtp
> 
> displays this:
> 
> CONNECTED(00000003)
> depth=0 OU = Domain Control Validated, CN = ...
> verify error:num=20:unable to get local issuer certificate
> verify return:1
> depth=0 OU = Domain Control Validated, CN = ...
> verify error:num=27:certificate not trusted
> verify return:1
> depth=0 OU = Domain Control Validated, CN = ...
> verify error:num=21:unable to verify the first certificate
> verify return:1
> 
> the question: is this caused by a config problem on the serverside or on the client side (host running openssl)?

Neither.  This is generally expected.

    1. Many SMTP servers have self-signed or private CA issued certificates
    2. Many omit required intermediate certificates from their server chain configuration
    3. You've given no indication of what CAs are present in your OpenSSL trust store.
    4. You've given no indication of which mail server you're testing.

-- 
	Viktor.

-- 
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users



[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux