Help... The question of "how do I get rid of the 'unable to get local issuer certificate' complaint?" seems to be a popular topic in the FAQ of both imapd and openssl, but danged if I can find an answer to it. Anybody know the incantation?
My setup: Solaris 8, imap-2002d, the src/osdep/unix/Makefile is tweaked so it knows where my SSLDIR (/opt/openssl) and SSLCERTS (/opt/openssl/ssl/certs) really are on the system. In /opt/openssl/ssl/certs, I have an imapd.pem file that contains both my unencrypted RSA private key and my public cert issued by Verisign for the system, per the web instructions of: http://www.washington.edu/imap/documentation/SSLBUILD.html This directory also contains file "cacert.pem", which is a Verisign Class 3 Public Primary Certification Authority - G3, exported from my Opera browser (v 6.12). I can do: # cd /opt/openssl/ssl/certs # openssl verify -verbose -CApath . -purpose any cacert.pem cacert.pem: /C=US/O=VeriSign, Inc./OU=VeriSign Trust Network/OU=(c) 1999 VeriSign, Inc. - For authorized use only/CN=VeriSign Class 3 Public Primary Certification Authority - G3 error 18 at 0 depth lookup:self signed certificate OK # openssl verify -verbose -CApath . -purpose any imapd.pem imapd.pem: /C=US/ST=Maine/L=Waterville/O=Colby College/OU=Information Technology Services/CN=colby0.colby.edu error 20 at 0 depth lookup:unable to get local issuer certificate 27925:error:0B086079:x509 certificate routines:X509_STORE_CTX_purpose_inherit:unknown purpose id:x509_vfy.c:1006: How do I chain these guys together to banish "unable to get local issuer certificate"? I've tried adding the contents of cacert.pem to imapd.pem -- that won't fly. --- Jeff Earickson Colby College -- ------------------------------------------------------------------ For information about this mailing list, and its archives, see: http://www.washington.edu/imap/c-client-list.html ------------------------------------------------------------------
