Date: Wed, 8 Sep 2004 11:39:32 -0400 (EDT) From: "Dan Mahoney, System Admin" <danm@prime.gushi.org> To: questions@freebsd.org Subject: default directory for certs Message-ID: <20040908113056.X4661@prime.gushi.org>
next in thread | raw e-mail | index | archive | help
Hey all, I recently upgraded my mail server using sendmail to use full StartTLS/SSL, using a "real" (geotrust) certificate. However, pine complains loudly at me that it cannot verify the certificate. A quick google search on the error yielded this page: https://email.mtu.edu/docs/public/pine_ssl/ Now, the directions are straightforward enough, but I can't find the certs directory. A quick "locate" yields a bunch in /usr/src/crypto/openssl/certs, but nothing in a "production" directory. Are the standard root certs not installed by default? Should they be? *IF SO* What directory should I be using? The FAQ file in /usr/src/crypto/openssl has this to say: * Why does <SSL program> fail with a certificate verify error? This problem is usually indicated by log messages saying something like "unable to get local issuer certificate" or "self signed certificate". When a certificate is verified its root CA must be "trusted" by OpenSSL this typically means that the CA certificate must be placed in a directory or file and the relevant program configured to read it. The OpenSSL program 'verify' behaves in a similar way and issues similar error messages: check the verify(1) program manual page for more information. However, the verify man page isn't in the default manpath, either. -- "this is too stupid even for irc" -mtreal, EFnet #macintosh, 09/15/2K, 12:33 AM --------Dan Mahoney-------- Techie, Sysadmin, WebGeek Gushi on efnet/undernet IRC ICQ: 13735144 AIM: LarpGM Site: http://www.gushi.org ---------------------------
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20040908113056.X4661>