> From: owner-openssl-us...@openssl.org On Behalf Of Dylan Martin > Sent: Tuesday, 15 September, 2009 13:42
> Hi all, I need to connect to an LDAP server with a self-signed cert. > I cannot get s_client to verify OK.. I have gathered the > server cert by running s_client and then copying the server > cert out of the output from s_client. Then I run s_client > with the -CAfile option pointed to that file and it still > does not work. I've even run strace to confirm that the cert > is in fact read. > > Can one use a server's cert in this way? Assuming it is self-signed, yes this should work. Try: openssl x509 -in cert.pem -noout -subject -issuer (or -text) and make sure they are identical. If there is an AuthorityKeyId also check that matches SubjectKeyId. When you edited you did keep the BEGIN and END lines, right? What exact error message(s) are you getting? ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
