default directory for certs

Dan Mahoney, System Admin danm at
Wed Sep 8 08:34:34 PDT 2004

Hey all,

I recently upgraded my mail server using sendmail to use full 
StartTLS/SSL, using a "real" (geotrust) certificate.

However, pine complains loudly at me that it cannot verify the 

A quick google search on the error yielded this page:

Now, the directions are straightforward enough, but I can't find the certs 
directory.  A quick "locate" yields a bunch in 
/usr/src/crypto/openssl/certs, but nothing in a "production" directory. 
Are the standard root certs not installed by default?  Should they be?

*IF SO* What directory should I be using?

The FAQ file in /usr/src/crypto/openssl has this to say:

* Why does <SSL program> fail with a certificate verify error?

This problem is usually indicated by log messages saying something like 
"unable to get local issuer certificate" or "self signed certificate". 
When a certificate is verified its root CA must be "trusted" by OpenSSL 
this typically means that the CA certificate must be placed in a directory 
or file and the relevant program configured to read it. The OpenSSL 
program 'verify' behaves in a similar way and issues similar error 
messages: check the verify(1) program manual page for more information.

However, the verify man page isn't in the default manpath, either.


"this is too stupid even for irc"

-mtreal, EFnet #macintosh, 09/15/2K, 12:33 AM

--------Dan Mahoney--------
Techie,  Sysadmin,  WebGeek
Gushi on efnet/undernet IRC
ICQ: 13735144   AIM: LarpGM

More information about the freebsd-questions mailing list