Re: pkg 1.18.4 refuses local CAcert on 13.1-RELEASE-p2

In reply to: Axel Rau : "pkg 1.18.4 refuses local CAcert on 13.1-RELEASE-p2"
Go to: [ bottom of page ] [ top of archives ] [ this month ]

From: Christoph Moench-Tegeder <cmt_at_burggraben.net>
Date: Sun, 04 Sep 2022 17:44:48 UTC

## Axel Rau (Axel.Rau@Chaos1.DE):

> but openssl verify shows successful verification:
> - - -
> # openssl s_client -connect some_fqdn:443 -6 -verify_return_error | grep verify
> depth=1 some_internal_CA

Home-brewed CA? Sure that the extensions have been set correctly? (Most
commonly missed/wrong is the CA flag in Basic Constraints). Standard
openssl verification is not helpful, you'll need at least "-strict
-policy_check".
TL;DR: use Let's Encrypt.

Regards,
Christoph

-- 
Spare Space