On Mon, Feb 17, 2014 at 01:03:59PM -0600, espe...@oreillyauto.com wrote:
> I have tried the c_rehash /etc/ssl/certs and that did not help the
> situation. I had seen that in a bug post and tried it.
>
> How can I make sure that openssl is using the /etc/ssl/certs folder to
> search for the ca certificate?
By specifying a suitable CApath. However, note that the algorithm
used to compute the subject name hash (the hex digits before the
final .<instance> extension in the soft links) changed between
OpenSSL 0.9.8 and 1.0.0. In environments where you have both OpenSSL
0.9.8 and 1.0.0 or later applications, you need a c_rehash that generates
both hashes.
How CApath is specified for a particular applicaiton depends on that
application.
Also the CAs in CApath need to be "root" (self-signed) CAs. If
you used an intermediate CA, its issuer needs to go into /etc/ssl/certs,
and the server chain needs to include not only the leaf, but also
any intermediate certificates.
--
Viktor.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager majord...@openssl.org
