unable to verify the first certificate

postfix openssl self-signed
5,921

To import your self-signed CA to Ubuntu's certificate root list, you have to configure ca-certificates:

First, make a directory called /usr/share/ca-certificates/extra:

sudo mkdir /usr/share/ca-certificates/extra`

Then, copy your CA certificate to the directory:

sudo cp /etc/ssl/certs/xiedeaccca.crt /usr/share/ca-certificates/extra/xiedeaccca.crt

Finally, reconfigure ca-certificates:

sudo dpkg-reconfigure ca-certificates

Press Space to select your self signed CA certs, and you should be done.

Share:
5,921
user3054879
Author by

user3054879

Updated on September 18, 2022

Comments

  • user3054879
    user3054879 over 1 year

    I use openssl to create a self signed CA cert on ubuntu gnome 16.04, and use this CA cert to sign a cert for postfix and httpd, but when using tls to connect postfix, the command was:

    openssl s_client -connect xiedeacc.com:587 -starttls smtp

    it will complaint

    and it returns:

    verify error:num=21:unable to verify the first certificate
Verify return code: 21 (unable to verify the first certificate)

    but when changing the command to 

    openssl s_client -connect xiedeacc.com:587 -starttls smtp -CAfile /etc/ssl/certs/xiedeaccca.crt

    the output was all right, no problem, so I guess it's openssl s_client cannot find this self signed CA, but chrome can visit this CA signed website after I manually import it into chrome cert root list. So, how to import it to Ubuntu's certificate root list but not just Chrome's root cert list ? Does Ubuntu store CA certs like windows? enter image description here

  • user3054879
    user3054879 over 6 years
    thanks, that's what I exactly need, but there still a problem, now, my self CA certs was on reconfigure list, how to choosen my self CA, I have tried enter, or press M, Y, all failed,
  • Cynplytholowazy
    Cynplytholowazy over 6 years
    What do you actually mean? Post your terminal output by editing your question.
  • user3054879
    user3054879 over 6 years
    notice, though my CA cert was on list, but it wasn't choosen, I tried enter M, Y to choose it, all failed?
  • Cynplytholowazy
    Cynplytholowazy over 6 years
    I just edited: Press space to select.

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

Invalid CA certificate with self signed certificate chain
How do I edit a self signed certificate created using openssl xampp?
postfix smtp connection timed out, why?
SSL Error: self signed certificate in certificate chain
Test SMTP security with OpenSSL?
Postfix and OpenSSL: "Unable to get local issuer certificate"
How to force a own set of ciphers in Postfix 2.11?
How to disable SSLv3 in Postfix 2.11?
Postfix SSL-Intermediate-CA
Roundcube & Postfix SMTP: SSL routines:SSL3_READ_BYTES:tlsv1 alert unknown ca:s3_pkt.c