Quote:
Originally Posted by shep
Using CApath to /etc/ssl, I get the same error code
Code:
Verify return code: 20 (unable to get local issuer certificate)
My understanding is that the 1st is the server certificate, the 2nd is an intermediate certificate and the 3rd is the CA certificate.
|
I'm thinking the problem lies with the 3rd certificate, that ssl can't validate it.
Quote:
Originally Posted by shep
Debian uses a different certificate format where all certificates are individual files under /etc/ssl/cert. As I mentioned in my original post, I found a script that concatonates all the separate Debian files into a single cert.pem and although 3x larger than the original cert.pem does work.
|
What format are the Debian certificates exactly in?
Quote:
Originally Posted by shep
With fetchmail, I can get generate a fingerprint on the downloaded certificate and retrieve pop3 emails now via tls.
|
You can also generate the fingerprint with ssl:
Code:
openssl x509 -in centurylink.pem -noout -md5 -fingerprint > output.file.with.fingerprint