Self signed cert authorization

Jakob Bohm jb-openssl at
Wed Apr 24 20:34:01 UTC 2019

On 24/04/2019 21:58, Phillip Susi wrote:
> I've been trying to convince git send-email to connect to my personal
> smtp server without success.  It keeps complaining that the cert is
> self-signed.  I thought all I had to do was add the cert to
> /etc/ssl/certs and that should fix it, but it doesn't.  Even without
> doing this, and using -verify_return_error, openssl s_client does not
> refuse to connect to the server.  Why is this and what else do I have to
> do to convince the system that this self signed cert is OK?
Three suggestions, depending on what git send-email and your system

1. If you are on a somewhat recent Debian (or similar) system, move
   your cert from /etc/ssl/certs/ to /usr/local/share/ca-certificates/
   and rerun
   # dpkg-reconfigure ca-certificates
   # dpkg-reconfigure ca-certificates
   (Yes, run it twice, it has a bug if run only once).
   (This does the next two suggestions in the way the system expects,
   even though the list of certificates shown by the configuration
   dialogs doesn't include your own certificates).

2. cd to /etc/ssl/certs and run the command
   /etc/sssl/certs# c_rehash
   (This updates the numeric symlinks to certificates so openssl can
   more easily find them).

3. If your system generates/maintains a big file with all the
   trusted certs concatenated, concatenate your extra cert to the
   end of that file.


Jakob Bohm, CIO, Partner, WiseMo A/S.
Transformervej 29, 2860 Søborg, Denmark.  Direct +45 31 13 16 10
This public discussion message is non-binding and may contain errors.
WiseMo - Remote Service Management for PCs, Phones and Embedded

More information about the openssl-users mailing list