Hi Lennart,
Issue the following command : openssl version -d
Its output will tell you which directory the openssl binary you are
calling is using for accessing CA certificates.
If it is not /etc/ssl, then this explains why you are getting this error
: you are using a binary that looks elsewhere (for example in
/usr/local/ssl)
On the other hand, if it is /etc/ssl, then you need just to update the
CAs hashs in /etc/ssl/certs. For that, issue the following command :
c_rehash /etc/ssl/certs.
I hope this will help.
--
Mounir IDRASSI
IDRIX
http://www.idrix.fr
On 2/10/2011 5:07 PM, Lennart van den Dool | fonq.nl wrote:
Hi,
I can’t figure this out and I’ve been searching the net for hours, so
I hope someone can help.
I want to make an ldaps connection to a remote server, but issuing
openssl s_client -ssl3 -connect [domain]:636 -state -verify
results in: Verify return code: 20 (unable to get local issuer
certificate).
When I specify the -CAfile
/etc/ssl/certs/AddTrust_External_CA_Root.pem it works fine.
How can I make openssl use (trust) that CAfile automatically?
Thanks in advance!
Regards,
Lennart
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager majord...@openssl.org