[openssl-users] Verifying a certificate chain
openssl-users at dukhovni.org
Sun Oct 4 15:22:57 UTC 2015
On Sun, Oct 04, 2015 at 07:58:42AM -0400, Yan Seiner wrote:
> >I have a certificate from PositiveSSL for my email server. I have the
> >root certificate and the intermediate certs installed in /etc/ssl/certs/.
> >However, I still cannot verify my certificate. I can't figure out what I
> >have done wrong. I've been wrestling with this for a long time, and I am
> >out of ideas.
> >I am not that familiar with ssl certs - they usually "just work". This
> >one, however, is kicking my butt.
> Never mind. I tried one more thing and it worked.
> I concatenated my cert onto the bundle and used that.
> cat mail_seiner_com.pem PositiveSSL.pem > mail_seiner_com_bundle.pem
> I'm not sure why neither exim4 nor dovecot would accept my cert and then a
> ca cert but rather wanted them all in one bundle.
> It now validates correctly.
> yan at yan-ThinkPad-W530:~$ openssl s_client -connect mail.seiner.com:587
> -starttls smtp -CApath /etc/ssl/certs
It is also possible that your MSA does not load "missing" certificates
from the default store.
More information about the openssl-users