Anthony J. Bentley <[email protected]> [2019-09-29 23:17:06 -0600]:
> I don't claim to understand all of openssl's output, but when I try
> it on my certs I get various CNs that I don't expect either, even
> though I'm quite confident the certificate has a valid hostname.
Hi,
Thanks for your reply. Since then I realized my mistake as well, but
for some reason the mailing list server rejected my update email. I am
including it below in the hopes that it will deliver this time.
---
Well, this is embarrassing. I almost gave up, but gave a post on the
OpenBSD subreddit a go as a last try.
There a user named Kernigh gave me some vital information:
| ‘I'm not sure whether openssl s_client -connect matrix.example.com:443
| uses SNI. Try adding -servername matrix.example.com; see openssl(1).’
After all, the config I got to is correct and works — I was just testing
it wrong. Although
$ openssl s_client -servername matrix.example.com
says Connection refused with errno=61, I checked both addresses simply
in my browser and the certs were valid.
Sorry for the noise.
--
Bertalan Z. Péter <[email protected]>
FB9B 34FE 3500 3977 92AE 4809 935C 3BEB 44C1 0F89
/"\
\ / ASCII Ribbon Campaign
X against HTML email & proprietary attachments
/ \ www.asciiribbon.org
