So this is what I see as the CA cert name:
That was the name of the certificate that I had imported after I did the -showcerts in my second try above. I listed the certs in the keystore by doing this:
$JAVA_HOME/bin/keytool -list -v -keystore $JAVA_HOME/jre/lib/security/cacerts
I see the CA certificate in there.
To make sure that openssl is using the keystore that I’m using with the server, I’m using the -CAfile argument:
openssl s_client -connect the.server.edu:3269 -CAfile $JAVA_HOME/jre/lib/security/cacerts
Knowing that the java keystore for CA’s has a password, I tried using the
-pass pass:password option like this:
openssl s_client -connect the.server.edu:3269 -CAfile $JAVA_HOME/jre/lib/security/cacerts -pass pass:changeit
but that didn’t work either.
What’s funny about that is that the cacerts file has a password on it and openssl isn’t complaining that it can’t read the cacerts file. That seems fishy to me. Does that or anything else ring a bell?