Seems one CA server in the chain is not in the cert.pem Root and Intermediate CA servers list on Internet change, so you need = to update on a regular basis the CA roots (and intermediate) certificates (including revoqued CA servers) on any computer. For Windows CryptoAPI, Microsoft provide regular updates for this list = to be "up to date" (windows/microsoft update). I don't know enought openssl and if a tool is available for openssl to = get a "up to date" CA roots certificates list. (download from openssl web = site ? autoupdate ? cmd to run manually ? ...)
The same is true for the peer computer. If its list is not up to date, = it can't verify the certificat send by the xmail server too. Francis >-----Message d'origine----- >De : [EMAIL PROTECTED] >[mailto:[EMAIL PROTECTED] la part de Don Drake >Envoy=E9 : mercredi 14 mars 2007 16:25 >=C0 : [email protected] >Objet : [xmail] Re: CERT verify error: depth =3D 1 error =3D 'unable = to get >local issuer certificate' > > >No, I just have the certificate chain I received from Comodo. =20 > >Aren't the CA roots part of the openssl package in=20 >/usr/share/ssl/cert.pem? >Isn't the XMail cert.pem file an addition to OpenSSL's cert.pem? > >-Don > >-----Original Message----- >From: [EMAIL PROTECTED] >[mailto:[EMAIL PROTECTED] On >Behalf Of Davide=20 >Libenzi >Sent: Wednesday, March 14, 2007 12:59 AM >To: [email protected] >Subject: [xmail] Re: CERT verify error: depth =3D 1 error =3D=20 >'unable to get >local issuer certificate' > >On Tue, 13 Mar 2007, Don Drake wrote: > >> I tried enabling SSLAllowSelfSigned and I still get the error. I'm >assuming >> this isn't a big deal? If it is, how should I fix it? >>=20 >> What is the consensus about enabling SSLAllowSelfSigned for=20 >email traffic >> for use on a public server? > >What do you have inside you cert bundle? Do you have all the CA roots? > > >- Davide > > >- - To unsubscribe from this list: send the line "unsubscribe xmail" in the body of a message to [EMAIL PROTECTED] For general help: send the line "help" in the body of a message to [EMAIL PROTECTED]
