views:

94

answers:

0

A mail server uses a TLS cert without root cert, and my mail client cannot add it into the trust list. I ask the webmaster but he does not want to fix this.

So, can I add a fake root cert to this cert so that I can add it to the trust zone?

openssl s_client -connect x.x.x.x:995 -showcerts

CONNECTED(00000003)
depth=0 /C=US/ST=N/A/O=Zimbra Collaboration Suite/OU=Zimbra Collaboration Suite/CN=mail.xxx.xxx.xxx
verify error:num=20:unable to get local issuer certificate
verify return:1
depth=0 /C=US/ST=N/A/O=Zimbra Collaboration Suite/OU=Zimbra Collaboration Suite/CN=mail.xxx.xxx.xxx
verify error:num=27:certificate not trusted
verify return:1
depth=0 /C=US/ST=N/A/O=Zimbra Collaboration Suite/OU=Zimbra Collaboration Suite/CN=mail.xxx.xxx.xxx
verify error:num=21:unable to verify the first certificate
verify return:1
---
Certificate chain
 0 s:/C=US/ST=N/A/O=Zimbra Collaboration Suite/OU=Zimbra Collaboration Suite/CN=mail.xxx.xxx.xxx
   i:/C=US/ST=N/A/L=N/A/O=Zimbra Collaboration Suite/OU=Zimbra Collaboration Suite/CN=mail.xxx.xxx.xxx