Hello, > When I do that, I now get: > > RAPTOR_$ openssl s_client -connect adtest:636 "-CAfile" certnew.pem > CONNECTED(00000003) > depth=0 /CN=adtest.altdomain2000.psccos.com > verify error:num=20:unable to get local issuer certificate > verify return:1 > depth=0 /CN=adtest.altdomain2000.psccos.com > verify error:num=27:certificate not trusted > verify return:1 > depth=0 /CN=adtest.altdomain2000.psccos.com > verify error:num=21:unable to verify the first certificate > verify return:1 > --- > Certificate chain > 0 s:/CN=adtest.altdomain2000.psccos.com > i:/C=US/ST=CO/L=Colorado Springs/O=Process Software/CN=homeca Get server certificate (lets say server_cert.pem) and execute: $ openssl verify -CAfile certnew.pem server_cert.pem if this will return success, s_client will verify successfully this server cert too. Next information, certnew.pem should have CA cert from: C=US/ST=CO/L=Colorado Springs/O=Process Software/CN=homeca
Best regards, -- Marek Marcola <[EMAIL PROTECTED]> ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]