[openssl-users] Test SSL connection
Jordan Brown
openssl at jordan.maileater.net
Wed May 30 20:06:58 UTC 2018
On 5/30/2018 1:16 AM, Walter H. wrote:
> On 30.05.2018 08:45, Mark Shnaider via openssl-users wrote:
>> [...]
>>
>> openssl s_client -connect 10.65.48.108:443
>>
>> [...]
> very probable, that the client doesn't have the root ca certificate of
> the ca certificate that signed server.pem
>
> you should have at least the following
>
> ca.pem - the root ca
> server.pem - the server ssl/tls certificate
And also: the certificate is unlikely to list an IP address, so it
should fail hostname verification. You need to use a host name in your
client connection request, not an IP address.
(Pretty much, you don't ever want to use IP addresses in specifying TLS
connections.)
--
Jordan Brown, Oracle Solaris
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20180530/99402727/attachment.html>
More information about the openssl-users
mailing list