On 2011-10-19 18:15, eu...@mail2.infochem.de wrote:
Thanks for catching it -- I obviously don't really know what I'm doing.
I've appended the cert, and now am getting
$ openssl s_client -starttls smtp -showcerts -connect mail2.infochem.de:25
CONNECTED(00000003)
depth=1 /C=US/O=Thawte, Inc./CN=Thawte SSL CA
verify error:num=20:unable to get local issuer certificate
verify return:0
That's because your openssl doesn't know where to look for installed CA
certs. Debian's default location is /etc/ssl/certs
So try with:
openssl s_client -starttls smtp -CApath /etc/ssl/certs -showcerts
-connect mail2.infochem.de:25
What I see is:
depth=2 /C=US/O=thawte, Inc./OU=Certification Services Division/OU=(c)
2006 thawte, Inc. - For authorized use only/CN=thawte Primary Root CA
verify return:1
depth=1 /C=US/O=Thawte, Inc./CN=Thawte SSL CA
verify return:1
depth=0 /C=DE/ST=Bayern/L=Muenchen/O=InfoChem Gesellschaft fuer
chemische Information mbH/CN=*.infochem.de
verify return:1
---
Certificate chain
0 s:/C=DE/ST=Bayern/L=Muenchen/O=InfoChem Gesellschaft fuer chemische
Information mbH/CN=*.infochem.de
i:/C=US/O=Thawte, Inc./CN=Thawte SSL CA
1 s:/C=US/O=Thawte, Inc./CN=Thawte SSL CA
i:/C=US/O=thawte, Inc./OU=Certification Services Division/OU=(c)
2006 thawte, Inc. - For authorized use only/CN=thawte Primary Root CA
---
[...]
Verify return code: 0 (ok)
---
br,
Kamil
