On Tue, May 03, 2016, Graham Leggett wrote: > Hi all, > > I am trying to use ???openssl verify??? as a sanity check to determine > whether a set of certificates are sane and valid in a script that issues (or > reissues) the certificates, and I???m struggling with the output of the > ???openssl verify??? command. > > This is output I get while verifying three certificates in a chain: > > minfrin@localhost:~$ openssl verify -issuer_checks -trusted root-ca.crt > -untrusted intermediate.crt cert.crt > Is there a way to suppress these spurious messages so I only see actual > errors? >
Don't use -issuer_checks: it prints debugging information about certificates rejected during the verify process and it is quite normal for you to get that kind of output. Since this option is often the cause of confusion it has been removed from OpenSSL 1.1.0. Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
