<html>
<head>
<meta http-equiv="Content-Type" content="text/html;
charset=windows-1252">
</head>
<body text="#000000" bgcolor="#FFFFFF">
<div class="moz-cite-prefix">On 5/30/2018 1:16 AM, Walter H. wrote:<br>
</div>
<blockquote type="cite"
cite="mid:5B0E5DEF.7010002@mathemainzel.info">
<meta content="text/html; charset=windows-1252"
http-equiv="Content-Type">
On 30.05.2018 08:45, Mark Shnaider via openssl-users wrote:
<blockquote
cite="mid:DM5PR04MB3753D78EB6AE007D2899E5F88E6C0@DM5PR04MB3753.namprd04.prod.outlook.com"
type="cite">
<meta http-equiv="Context-Type" content="text/html;
charset=us-ascii">
<div>[...]
<p>openssl s_client -connect 10.65.48.108:443 </p>
[...]</div>
</blockquote>
very probable, that the client doesn't have the root ca
certificate of the ca certificate that signed server.pem<br>
<br>
you should have at least the following<br>
<br>
ca.pem - the root ca<br>
server.pem - the server ssl/tls certificate</blockquote>
<br>
And also: the certificate is unlikely to list an IP address, so it
should fail hostname verification. You need to use a host name in
your client connection request, not an IP address.<br>
<br>
(Pretty much, you don't ever want to use IP addresses in specifying
TLS connections.)<br>
<pre class="moz-signature" cols="72">--
Jordan Brown, Oracle Solaris</pre>
</body>
</html>