On 5/30/2018 1:16 AM, Walter H. wrote: > On 30.05.2018 08:45, Mark Shnaider via openssl-users wrote: >> [...] >> >> openssl s_client -connect 10.65.48.108:443 >> >> [...] > very probable, that the client doesn't have the root ca certificate of > the ca certificate that signed server.pem > > you should have at least the following > > ca.pem - the root ca > server.pem - the server ssl/tls certificate
And also: the certificate is unlikely to list an IP address, so it should fail hostname verification. You need to use a host name in your client connection request, not an IP address. (Pretty much, you don't ever want to use IP addresses in specifying TLS connections.) -- Jordan Brown, Oracle Solaris
-- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
