Code: Select all
# su - zimbra
% cd mail.example.com
% openssl verify -show_chain -purpose sslserver -CAfile ca.cer.real mail.example.com.cer
mail.example.com.cer: OK
Chain:
depth=0: CN = mail.example.com (untrusted)
depth=1: C = US, O = Let's Encrypt, CN = R3
depth=2: C = US, O = Internet Security Research Group, CN = ISRG Root X1
Code: Select all
# su - zimbra
% cd mail.example.com
% zmcertmgr verifycrt comm mail.example.com.key mail.example.com.cer ca.cer.real -d 2
It does that verify of the chain with the openssl example shown above but without the -show_chain option I believe.
PS... if you are certain that you have a valid certificate that won't verify, you can always do this: viewtopic.php?f=15&t=69600#p301459
Jim