When I run the command openssl -connect www.google.com:443
from a Debian VM, I get the following within the output:
Verify return code: 20 (unable to get local issuer certificate)
What's going on here? I've never had a cert problem with Google, so it's gotta be something with Debian or it's openSSL library. Debugging other SSL systems is harder when tools like this don't validate systems I know work!
Best Answer
On another Linux distribution I use, the naked
-connect
verb doesn't actually import the root CA packages installed on the system. To get that, you need to add-CApath /etc/ssl/wherever/
, where the path is the location of the root CA certificate bundles.Without CAPath:
With CAPath: