View Single Post
  #7   (View Single Post)  
Old 27th September 2016
fvgit's Avatar
fvgit fvgit is offline
Spikes in tights
 
Join Date: May 2016
Location: perl -MMIME::Base64 -le 'print decode_base64("U2hlcndvb2QgRm9yZXN0")'
Posts: 314
Default

Quote:
Originally Posted by shep View Post
Using CApath to /etc/ssl, I get the same error code
Code:
Verify return code: 20 (unable to get local issuer certificate)
My understanding is that the 1st is the server certificate, the 2nd is an intermediate certificate and the 3rd is the CA certificate.
I'm thinking the problem lies with the 3rd certificate, that ssl can't validate it.

Quote:
Originally Posted by shep View Post
Debian uses a different certificate format where all certificates are individual files under /etc/ssl/cert. As I mentioned in my original post, I found a script that concatonates all the separate Debian files into a single cert.pem and although 3x larger than the original cert.pem does work.
What format are the Debian certificates exactly in?

Quote:
Originally Posted by shep View Post
With fetchmail, I can get generate a fingerprint on the downloaded certificate and retrieve pop3 emails now via tls.
You can also generate the fingerprint with ssl:
Code:
openssl x509 -in centurylink.pem -noout -md5 -fingerprint > output.file.with.fingerprint
Reply With Quote