Show Posts
1
22.1 Legacy Series / ddclient certificate verify failed
« on: April 28, 2022, 01:17:26 am »
After switching from os-dyndns to os-ddclient (v1.5 shipped with OPNsense 22.1.8 ) dyndns updates fail:
92372 - [meta sequenceId="4"] WARNING: cannot connect to [xxxx].contaboserver.net:443 socket: SSL connect attempt failed error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed SSL connect attempt failed error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed
The server uses a certificate issued by a my own CA. The CA certificate was successfully imported in System->Trust->Authorities.
Access to the WebUI using a cert issued by this CA works just fine.
openssl s_client -tls1_2 -connect <dyndnshost:443>
on opnsense shows verification ok and the correct certificate.
My conclusion is that ddclient does not use openssl's default ca cert store.
Any idea how to add an additional root ca?
Hard to believe that trusted CAs are hard coded in ddclient...
92372 - [meta sequenceId="4"] WARNING: cannot connect to [xxxx].contaboserver.net:443 socket: SSL connect attempt failed error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed SSL connect attempt failed error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed
The server uses a certificate issued by a my own CA. The CA certificate was successfully imported in System->Trust->Authorities.
Access to the WebUI using a cert issued by this CA works just fine.
openssl s_client -tls1_2 -connect <dyndnshost:443>
on opnsense shows verification ok and the correct certificate.
My conclusion is that ddclient does not use openssl's default ca cert store.
Any idea how to add an additional root ca?
Hard to believe that trusted CAs are hard coded in ddclient...