default directory for certs
Dan Mahoney, System Admin
danm at prime.gushi.org
Wed Sep 8 08:34:34 PDT 2004
Hey all,
I recently upgraded my mail server using sendmail to use full
StartTLS/SSL, using a "real" (geotrust) certificate.
However, pine complains loudly at me that it cannot verify the
certificate.
A quick google search on the error yielded this page:
https://email.mtu.edu/docs/public/pine_ssl/
Now, the directions are straightforward enough, but I can't find the certs
directory. A quick "locate" yields a bunch in
/usr/src/crypto/openssl/certs, but nothing in a "production" directory.
Are the standard root certs not installed by default? Should they be?
*IF SO* What directory should I be using?
The FAQ file in /usr/src/crypto/openssl has this to say:
* Why does <SSL program> fail with a certificate verify error?
This problem is usually indicated by log messages saying something like
"unable to get local issuer certificate" or "self signed certificate".
When a certificate is verified its root CA must be "trusted" by OpenSSL
this typically means that the CA certificate must be placed in a directory
or file and the relevant program configured to read it. The OpenSSL
program 'verify' behaves in a similar way and issues similar error
messages: check the verify(1) program manual page for more information.
However, the verify man page isn't in the default manpath, either.
--
"this is too stupid even for irc"
-mtreal, EFnet #macintosh, 09/15/2K, 12:33 AM
--------Dan Mahoney--------
Techie, Sysadmin, WebGeek
Gushi on efnet/undernet IRC
ICQ: 13735144 AIM: LarpGM
Site: http://www.gushi.org
---------------------------
More information about the freebsd-questions
mailing list