Hey all,

I recently upgraded my mail server using sendmail to use full StartTLS/SSL, using a "real" (geotrust) certificate.

However, pine complains loudly at me that it cannot verify the certificate.

A quick google search on the error yielded this page:


Now, the directions are straightforward enough, but I can't find the certs directory. A quick "locate" yields a bunch in /usr/src/crypto/openssl/certs, but nothing in a "production" directory. Are the standard root certs not installed by default? Should they be?

*IF SO* What directory should I be using?

The FAQ file in /usr/src/crypto/openssl has this to say:

* Why does <SSL program> fail with a certificate verify error?

This problem is usually indicated by log messages saying something like "unable to get local issuer certificate" or "self signed certificate". When a certificate is verified its root CA must be "trusted" by OpenSSL this typically means that the CA certificate must be placed in a directory or file and the relevant program configured to read it. The OpenSSL program 'verify' behaves in a similar way and issues similar error messages: check the verify(1) program manual page for more information.

However, the verify man page isn't in the default manpath, either.


"this is too stupid even for irc"

-mtreal, EFnet #macintosh, 09/15/2K, 12:33 AM

--------Dan Mahoney--------
Techie,  Sysadmin,  WebGeek
Gushi on efnet/undernet IRC
ICQ: 13735144   AIM: LarpGM
Site:  http://www.gushi.org

[EMAIL PROTECTED] mailing list
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Reply via email to