On Mon, 18 Feb 2008, David Schwartz wrote: #] #]> When I connect to our printer server, the certificate is never verified #]> correctly. When I specify the CA certificate file manually on the command #]> line, it works though. The root certificate in question is installed, and #] ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ #]> everything looks correct to me. -> ??? #] #]Where is the root certificate installed? Is it somewhere you told OpenSSL to look? #]
Hi David, in the "certs" subdirectory of /etc/ssl, as symlink from the firefox directory (see below). openssl version -a outputs 'OPENSSLDIR: "/etc/ssl"', so that is correct. Is there anything else I might need to set? Thanks, Andreas [EMAIL PROTECTED] /etc/ssl/certs $ openssl x509 -hash -noout -in AddTrust_External_Root.pem 3c58f906 [EMAIL PROTECTED] /etc/ssl/certs $ ls -l 3c58f906.0 lrwxrwxrwx 1 root root 26 3. Feb 20:18 3c58f906.0 -> AddTrust_External_Root.pem [EMAIL PROTECTED] /etc/ssl/certs $ ls -l AddTrust_External_Root.pem lrwxrwxrwx 1 root root 61 3. Feb 20:18 AddTrust_External_Root.pem -> /usr/share/ca-certificates/mozilla/AddTrust_External_Root.crt [EMAIL PROTECTED] /etc/ssl/certs $ ls -l /usr/share/ca-certificates/mozilla/AddTrust_External_Root.crt -rw-r--r-- 1 root root 1523 4. Mär 2007 /usr/share/ca-certificates/mozilla/AddTrust_External_Root.crt [EMAIL PROTECTED] /etc/ssl/certs $ [EMAIL PROTECTED] /etc/ssl/certs $ openssl version -a OpenSSL 0.9.8g 19 Oct 2007 built on: Sun Feb 17 01:46:36 CET 2008 platform: linux-elf options: bn(64,32) md2(int) rc4(idx,int) des(ptr,risc1,16,long) idea(int) blowfish(idx) compiler: i686-pc-linux-gnu-gcc -fPIC -DOPENSSL_PIC -DZLIB_SHARED -DZLIB -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -DL_ENDIAN -DTERMIO -Wall -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DSHA1_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -O2 -march=pentium-m -pipe -Wa,--noexecstack OPENSSLDIR: "/etc/ssl"
