Strange problem: openssl verify not working on Proxmox VM, works on a bare metal system
Shawn Heisey
openssl at elyograg.org
Mon Sep 5 02:18:16 UTC 2022
On 9/4/22 01:55, Roger James via openssl-users wrote:
> As I mentioned in an earlier post you need version 1.1 or later of
> openssl to successfully validate post September 30, 2021 Lets Encrypt
> certificates. The version on your Centos system is 1.0.
The CentOS system was just another VM I ran the test on when I was still
very confused about what was happening. It's a basic server install on
a VM that I power up when I need to try something on that OS without
risking problems on production servers.
I will not be using any version of CentOS for this. All my personal
systems are Ubuntu, but I am restricted to RHEL clones for work --
primarily CentOS 7 and AlmaLinux 8. The VM that I built for this task
is Alma, which has 1.1.1k. We haven't qualified our software setup to
work on Alma 9 yet, so I am avoiding it even for a custom deployment
like this.
I was finally able to get it to verify on Alma by using -untrusted
instead of -CAfile, and including additional certificates to complete
the chain. I just tried exactly the same thing on CentOS 7 with openssl
1.0.2k-fips and it verified ... because every certificate needed for the
verification is supplied to the command.
Many thanks to Victor for the nudge that got me on the right track to
make it work. I have become very spoiled by Ubuntu ... when I work on
RHEL clones, it always takes more effort.
Shawn
More information about the openssl-users
mailing list