$ openssl s_client -connect :443 CONNECTED(00000003) depth=0 /CN= verify error:num=20:unable to get local issuer certificate verify return:1 depth=0 /CN= verify error:num=27:certificate not trusted verify return:1 depth=0 /CN= verify error:num=21:unable to verify the first certificate verify return:1 - Certificate chain 0 s:/CN= i:/DC=com/DC=domain/CN= But let’s say I try to use a self-signed certificate or another cert that’s not trusted… If it’s a trust issue, perhaps the certificate is valid, but it just can’t find the CA or intermediate certificate. # openssl x509 -noout -in pearlin.crt -issuer issuer= /DC=com/DC=DOMAIN/CN=rootserver Now I know which CA this came from, i’ll make sure I use that CA instead of whatever default one it might look at # openssl verify -CApath /etc/pki/tls/ -CAfile rootserver.pem rootserver.crt: OK I can try to use it to connect. The only thing the app tells me is ―Unable to read schema‖ First i’ll verify that my certificate is trusted. I’m trying to use an Active Directory Domain Controller to supply a list of objects for an application running on a Linux machine, and I want to make sure the TLS/SSL is working, is trusted, and has nothing to do with the problem i’m having.
here’s a way to eliminate TLS/SSL from your list of usual suspects.
VIDEO DEVIL KODI 21.1 SSL CERTIFICATE VERIFY ERROR HOW TO
How To Verify SSL Certificate From A Shell Prompt The s_client and s_server options provide a way to launch SSL-enabled command-line clients and servers If you’re trying to configure a service that includes a TLS/SSL handshake and you want to know if the problem you’re experiencing is related to the application, firewall, certificate trust, misconfiguration, etc.