Quantcast

openssl s_client

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

openssl s_client

OpenSSL - User mailing list
Hello,

openssl s_client -connect mailhost:25 -starttls smtp

displays this:

CONNECTED(00000003)
depth=0 OU = Domain Control Validated, CN = ...
verify error:num=20:unable to get local issuer certificate
verify return:1
depth=0 OU = Domain Control Validated, CN = ...
verify error:num=27:certificate not trusted
verify return:1
depth=0 OU = Domain Control Validated, CN = ...
verify error:num=21:unable to verify the first certificate
verify return:1

the question: is this caused by a config problem on the serverside or on
the client side (host running openssl)?

Thanks,
Walter



--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

smime.p7s (5K) Download Attachment
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: openssl s_client

Viktor Dukhovni

> On Feb 5, 2017, at 3:26 PM, Walter H. via openssl-users <[hidden email]> wrote:
>
> openssl s_client -connect mailhost:25 -starttls smtp
>
> displays this:
>
> CONNECTED(00000003)
> depth=0 OU = Domain Control Validated, CN = ...
> verify error:num=20:unable to get local issuer certificate
> verify return:1
> depth=0 OU = Domain Control Validated, CN = ...
> verify error:num=27:certificate not trusted
> verify return:1
> depth=0 OU = Domain Control Validated, CN = ...
> verify error:num=21:unable to verify the first certificate
> verify return:1
>
> the question: is this caused by a config problem on the serverside or on the client side (host running openssl)?

Neither.  This is generally expected.

    1. Many SMTP servers have self-signed or private CA issued certificates
    2. Many omit required intermediate certificates from their server chain configuration
    3. You've given no indication of what CAs are present in your OpenSSL trust store.
    4. You've given no indication of which mail server you're testing.

--
        Viktor.

--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Loading...