[openssl-users] [Newsletter] Re: self-signed certificate won't work in my app but works with s_client

Salz, Rich rsalz at akamai.com
Mon Jul 4 21:19:57 UTC 2016

> A Wireshark trace reveals that the client shuts  down the handshake connection with the reason ‘Unknown CA’.

> So if the client knows that the cert is self-signed as indicated by the debug logs, why would it issue the above reason for failure when it doesn’t need to know the CA?

You still have to add the CA to your local trust store.

Otherwise, you'd blindly accept *every* self-signed certificate, right?

More information about the openssl-users mailing list