OpenSSL not accepting a certificate, whilst curl does.

Christian Heimes christian at python.org
Tue Sep 29 13:30:40 UTC 2020


On 28/09/2020 23.35, John Robson via openssl-users wrote:
> # curl https://server.fqdn
> <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
> <html><head>
> <title>302 Found</title>
> </head><body>
> <h1>Found</h1>
> <p>The document has moved <a
> href="https://server.fqdn:443/path/">here</a>.</p>
> </body></html>
> 
> OpenSSL:
> # openssl s_client -connect server.fqdn:443
> CONNECTED(00000007)
> depth=1 CN = CAINTER, O = org, C = XX
> verify error:num=2:unable to get issuer certificate
> issuer= CN = CAROOT, O = org, C = XX
>  --8<--
> Verify return code: 2 (unable to get issuer certificate)

Does your server use named based virtual hosting? curl sends a TLS SNI
header automatically. With s_client you have to add -servername
server.fqdn to send a SNI header.

Christian



More information about the openssl-users mailing list