[openssl-users] openssl s_client
Viktor Dukhovni
openssl-users at dukhovni.org
Sun Feb 5 20:46:53 UTC 2017
> On Feb 5, 2017, at 3:26 PM, Walter H. via openssl-users <openssl-users at openssl.org> wrote:
>
> openssl s_client -connect mailhost:25 -starttls smtp
>
> displays this:
>
> CONNECTED(00000003)
> depth=0 OU = Domain Control Validated, CN = ...
> verify error:num=20:unable to get local issuer certificate
> verify return:1
> depth=0 OU = Domain Control Validated, CN = ...
> verify error:num=27:certificate not trusted
> verify return:1
> depth=0 OU = Domain Control Validated, CN = ...
> verify error:num=21:unable to verify the first certificate
> verify return:1
>
> the question: is this caused by a config problem on the serverside or on the client side (host running openssl)?
Neither. This is generally expected.
1. Many SMTP servers have self-signed or private CA issued certificates
2. Many omit required intermediate certificates from their server chain configuration
3. You've given no indication of what CAs are present in your OpenSSL trust store.
4. You've given no indication of which mail server you're testing.
--
Viktor.
More information about the openssl-users
mailing list