[EMAIL PROTECTED] wrote:
hey list,
I have a uw-imap server installed on a solaris box. We currently have a working SSL certificate thats
about to expire on our server. On top of that, our internal team that issues the certificates is changing
their root certs, so we need to update that as well.
so I have a new cert for my server and Im trying to get pine and mutt to connnect to it, but pine
complains that its a self signed cert..
as does the openssl client
SSL-Session:
Protocol : TLSv1
Cipher : AES256-SHA
Session-ID: 9878A3F0C550C7124A6FD64FC809E10971EFA324230151955A4CD64C5CEDFF52
Session-ID-ctx:
Master-Key:
2E11F61B9BA160292DD85683983AFB20BAEFB9430E8ABDBE6819CBD7AC877BD1503C82D170DEFC2FFC7FA759F64728AF
Key-Arg : None
Start Time: 1179932976
Timeout : 300 (sec)
Verify return code: 19 (self signed certificate in certificate chain)
What should I do to troubleshoot this?
regards,
Jason
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager [EMAIL PROTECTED]
Maybe this isn't the correct list to ask for uw-imap...
But you must add your new root certs to the CA certs databases where pine and
mutt are searching for.
For pine, the default path is embedded in the code (for mutt I don't know),
during the build phase you can tell him
./build SSLCERTS="/path/to/CA root certs directory (hashed!!)"
With openssl s_client, you must tell him to point out the same dir with the option -CApath "/path/to/CA root certs
directory (hashed!!)"
Good luck!
--
Ing. Sergio Rabellino
Head of ICT Services
Department of Computer Science
University of Torino (Italy)
http://www.di.unito.it/~rabser
Tel. +39-0116706701
Fax. +39-011751603
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager [EMAIL PROTECTED]