Self signed cert authorization
Jakob Bohm
jb-openssl at wisemo.com
Wed Apr 24 20:34:01 UTC 2019
On 24/04/2019 21:58, Phillip Susi wrote:
> I've been trying to convince git send-email to connect to my personal
> smtp server without success. It keeps complaining that the cert is
> self-signed. I thought all I had to do was add the cert to
> /etc/ssl/certs and that should fix it, but it doesn't. Even without
> doing this, and using -verify_return_error, openssl s_client does not
> refuse to connect to the server. Why is this and what else do I have to
> do to convince the system that this self signed cert is OK?
>
Three suggestions, depending on what git send-email and your system
does:
1. If you are on a somewhat recent Debian (or similar) system, move
your cert from /etc/ssl/certs/ to /usr/local/share/ca-certificates/
and rerun
# dpkg-reconfigure ca-certificates
# dpkg-reconfigure ca-certificates
(Yes, run it twice, it has a bug if run only once).
(This does the next two suggestions in the way the system expects,
even though the list of certificates shown by the configuration
dialogs doesn't include your own certificates).
2. cd to /etc/ssl/certs and run the command
/etc/sssl/certs# c_rehash
(This updates the numeric symlinks to certificates so openssl can
more easily find them).
3. If your system generates/maintains a big file with all the
trusted certs concatenated, concatenate your extra cert to the
end of that file.
Enjoy
Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A/S. https://www.wisemo.com
Transformervej 29, 2860 Søborg, Denmark. Direct +45 31 13 16 10
This public discussion message is non-binding and may contain errors.
WiseMo - Remote Service Management for PCs, Phones and Embedded
More information about the openssl-users
mailing list