On 9/15/22 15:40, Philip Prindeville wrote:
I was thinking of the case where the directory containing the keys (as
configured) is correctly owned, but contains a symlink pointing outside of that
directory somewhere else... say to a file owned by an ordinary user.
In that case, as has been
On 9/13/22 14:17, Philip Prindeville wrote:
But what happens when the file we encounter is a symlink? If the symlink is
owned by root but the target isn't, or the target permissions aren't 0600 0r
0400... Or the target is a symlink, or there's a symlink somewhere in the
target path, etc.
On 9/4/22 01:55, Roger James via openssl-users wrote:
As I mentioned in an earlier post you need version 1.1 or later of
openssl to successfully validate post September 30, 2021 Lets Encrypt
certificates. The version on your Centos system is 1.0.
The CentOS system was just another VM I ran
On 9/3/22 16:07, Viktor Dukhovni wrote:
Post the output of:
$ openssl crl2pkcs7 -nocrl -certfile
/etc/ssl/certs/local/DOMAIN.wildcards.pem |
openssl pkcs7 -print_certs -noout |
perl -ne 'BEGIN{$/="\n\n\n"} s/\n+/\n/g; print $_, "\n"'
subject=CN = DOMAIN
issuer=C = US, O = Let's Encrypt, CN
On 9/2/22 21:42, Shawn Heisey via openssl-users wrote:
Other bare metal systems and their results with the same PEM file:
Verifies on Proxmox (the one running the VM) with openssl 1.1.1n
Verifies on Ubuntu 22.04 with openssl 3.0.2
Fails on CentOS 7.5.1804 with openssl 1.0.2k-fips
Additional
On an AlmaLinux 8.6 VM hosted in Proxmox:
[root@certs ~]# openssl verify -CAfile
/etc/ssl/certs/local/DOMAIN.wildcards.pem
/etc/ssl/certs/local/DOMAIN.wildcards.pem
C = US, O = Let's Encrypt, CN = R3
error 2 at 1 depth lookup: unable to get issuer certificate
error