issues with OpenSSL 1.1.1n
Viktor Dukhovni
openssl-users at dukhovni.org
Wed Nov 2 00:01:04 UTC 2022
On Tue, Nov 01, 2022 at 06:08:10PM -0500, Ray Crumrine wrote:
> Oh my gosh! Thank you. I am a newbie when it comes to certificates. I
> am only using tls for outbound calls. I thought I shouldn't need a
> certificate when doing outbound only [a client] but was getting some
> weird error. After I read your email I simply commented out both
> "certificate" lines in my configuration and it works!!!
You don't need (and generally should not configure) client certificates
for connections to random servers that are not specifically expected to
authenticate your client certificates.
> One last question. I don't need certbot at all then, right?
If you're not running any TLS-enabled servers, and no server expects
hostname-based TLS client certificates from your client, then indeed you
do not need certbot. It vends TLS server/client certificates for domain
names based on trust-on-first-use verified DNS domain control.
--
Viktor.
More information about the openssl-users
mailing list