# OpenSSL doesn't find certificate

## coviex

Hi,

I'm having several problems with certificate.

Hoped to install it and use to access myhost in a browser.

Mac users installed it easily. Another guy with gentoo also installed successfully.

But nothing works for me.

Certificate placed in /etc/ssl/certs/myhost.crt. Renamed to myhost.pem.

c_rehash and update-ca-certificates create symlink ok, but certificate doesn't get listed in ca-certificates.crt.

Manually appending certificate to ca-certificates.crt seems not working as well.

Tryied to test it with these resuls:

```

# strace -e trace=file openssl s_client -connect myhost.com:443

execve("/usr/bin/openssl", ["openssl", "s_client", "-connect", "myhost.com:443"], [/* 31 vars */]) = 0

access("/etc/ld.so.preload", R_OK)      = -1 ENOENT (No such file or directory)

open("/usr/lib64/tls/x86_64/libssl.so.1.0.0", O_RDONLY) = -1 ENOENT (No such file or directory)

stat("/usr/lib64/tls/x86_64", 0x7fffd664e4a0) = -1 ENOENT (No such file or directory)

open("/usr/lib64/tls/libssl.so.1.0.0", O_RDONLY) = -1 ENOENT (No such file or directory)

stat("/usr/lib64/tls", 0x7fffd664e4a0)  = -1 ENOENT (No such file or directory)

open("/usr/lib64/x86_64/libssl.so.1.0.0", O_RDONLY) = -1 ENOENT (No such file or directory)

stat("/usr/lib64/x86_64", 0x7fffd664e4a0) = -1 ENOENT (No such file or directory)

open("/usr/lib64/libssl.so.1.0.0", O_RDONLY) = 3

open("/usr/lib64/libcrypto.so.1.0.0", O_RDONLY) = 3

open("/usr/lib64/libc.so.6", O_RDONLY)  = -1 ENOENT (No such file or directory)

open("/etc/ld.so.cache", O_RDONLY)      = 3

open("/lib64/libc.so.6", O_RDONLY)      = 3

open("/lib64/libdl.so.2", O_RDONLY)     = 3

open("/lib64/libz.so.1", O_RDONLY)      = 3

open("/etc/ssl/openssl.cnf", O_RDONLY)  = 3

open("/proc/meminfo", O_RDONLY)         = 3

stat("/root/.rnd", 0x7fffd664e2f0)      = -1 ENOENT (No such file or directory)

open("/dev/urandom", O_RDONLY|O_NOCTTY|O_NONBLOCK) = 3

open("/etc/resolv.conf", O_RDONLY)      = 3

stat("/etc/resolv.conf", {st_mode=S_IFREG|0644, st_size=174, ...}) = 0

open("/etc/resolv.conf", O_RDONLY)      = 3

open("/etc/nsswitch.conf", O_RDONLY)    = 3

open("/usr/lib64/libnss_files.so.2", O_RDONLY) = -1 ENOENT (No such file or directory)

open("/etc/ld.so.cache", O_RDONLY)      = 3

open("/lib64/libnss_files.so.2", O_RDONLY) = 3

open("/etc/host.conf", O_RDONLY)        = 3

open("/etc/hosts", O_RDONLY|O_CLOEXEC)  = 3

open("/usr/lib64/libnss_dns.so.2", O_RDONLY) = -1 ENOENT (No such file or directory)

open("/etc/ld.so.cache", O_RDONLY)      = 3

open("/lib64/libnss_dns.so.2", O_RDONLY) = 3

open("/lib64/libresolv.so.2", O_RDONLY) = 3

CONNECTED(00000003)

...

    Verify return code: 21 (unable to verify the first certificate)

---

read:errno=0

```

```

# strace -e trace=file openssl s_client -CAfile /etc/ssl/certs/myhost.pem -connect myhost.com:443

execve("/usr/bin/openssl", ["openssl", "s_client", "-CAfile", "/etc/ssl/certs/myhost.pem", "-connect", "myhost.com:443"], [/* 31 vars */]) = 0

access("/etc/ld.so.preload", R_OK)      = -1 ENOENT (No such file or directory)

open("/usr/lib64/tls/x86_64/libssl.so.1.0.0", O_RDONLY) = -1 ENOENT (No such file or directory)

stat("/usr/lib64/tls/x86_64", 0x7fffdcd2f710) = -1 ENOENT (No such file or directory)

open("/usr/lib64/tls/libssl.so.1.0.0", O_RDONLY) = -1 ENOENT (No such file or directory)

stat("/usr/lib64/tls", 0x7fffdcd2f710)  = -1 ENOENT (No such file or directory)

open("/usr/lib64/x86_64/libssl.so.1.0.0", O_RDONLY) = -1 ENOENT (No such file or directory)

stat("/usr/lib64/x86_64", 0x7fffdcd2f710) = -1 ENOENT (No such file or directory)

open("/usr/lib64/libssl.so.1.0.0", O_RDONLY) = 3

open("/usr/lib64/libcrypto.so.1.0.0", O_RDONLY) = 3

open("/usr/lib64/libc.so.6", O_RDONLY)  = -1 ENOENT (No such file or directory)

open("/etc/ld.so.cache", O_RDONLY)      = 3

open("/lib64/libc.so.6", O_RDONLY)      = 3

open("/lib64/libdl.so.2", O_RDONLY)     = 3

open("/lib64/libz.so.1", O_RDONLY)      = 3

open("/etc/ssl/openssl.cnf", O_RDONLY)  = 3

open("/proc/meminfo", O_RDONLY)         = 3

stat("/root/.rnd", 0x7fffdcd2f560)      = -1 ENOENT (No such file or directory)

open("/dev/urandom", O_RDONLY|O_NOCTTY|O_NONBLOCK) = 3

open("/etc/ssl/certs/myhost.pem", O_RDONLY) = 3

open("/etc/ssl/cert.pem", O_RDONLY)     = -1 ENOENT (No such file or directory)

open("/etc/resolv.conf", O_RDONLY)      = 3

stat("/etc/resolv.conf", {st_mode=S_IFREG|0644, st_size=174, ...}) = 0

open("/etc/resolv.conf", O_RDONLY)      = 3

open("/etc/nsswitch.conf", O_RDONLY)    = 3

open("/usr/lib64/libnss_files.so.2", O_RDONLY) = -1 ENOENT (No such file or directory)

open("/etc/ld.so.cache", O_RDONLY)      = 3

open("/lib64/libnss_files.so.2", O_RDONLY) = 3

open("/etc/host.conf", O_RDONLY)        = 3

open("/etc/hosts", O_RDONLY|O_CLOEXEC)  = 3

open("/usr/lib64/libnss_dns.so.2", O_RDONLY) = -1 ENOENT (No such file or directory)

open("/etc/ld.so.cache", O_RDONLY)      = 3

open("/lib64/libnss_dns.so.2", O_RDONLY) = 3

open("/lib64/libresolv.so.2", O_RDONLY) = 3

CONNECTED(00000003)

...

    Verify return code: 0 (ok)

---

```

Any ideas?

Thanks

----------

