Hi,
I have just added CA to ca-certificates and updated them using
/usr/sbin/update-ca-certificates
root@nsd-sdproxy1:~# ls -l /usr/local/share/ca-certificates/
total 4
-rw-r--r-- 1 root root 1238 Mar 11 13:01 dc1_CA.crt
root@nsd-sdproxy1:~#
I still can't connect to server
root@nsd-sdproxy1:~# /usr/bin/openssl.original-from-debianĀ s_client
-connect 192.168.92.95:636 -CAfile /etc/ssl/certs/ca-certificates.crt
CONNECTED(00000003)
write:errno=104
---
no peer certificate available
---
No client certificate CA names sent
---
SSL handshake has read 0 bytes and written 297 bytes
Verification: OK
---
New, (NONE), Cipher is (NONE)
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
Early data was not sent
Verify return code: 0 (ok)
---
root@nsd-sdproxy1:~#
The certificate validation looks like ok.
root@nsd-sdproxy1:~# openssl.original-from-debian verify -purpose
sslserverĀ -CAfile /etc/ssl/certs/ca-certificates.crt /tmp/nsd-ad.pem
/tmp/nsd-ad.pem: OK
root@nsd-sdproxy1:~#
Pozdrawiam serdecznie
Maciej Bogucki
On 4.03.2024 12:54, Kurt Roeckx wrote:
Hi,
It's unclear to me what you're reporting as error. The connection
seems to be working. The verification of the certificate seems to
fail. It seems you have your own CA, but the CA is not trusted because
it's not in the certificate store.
Kurt
