On 18.05.2016 21:10, Viktor Dukhovni wrote:
On May 18, 2016, at 1:26 PM, Walter H.<walte...@mathemainzel.info>  wrote:

openssl verify -CAfile /etc/pki/tls/certs/ca-bundle.trust.crt -trusted_first 
-untrusted /tmp/chain.pem /tmp/cert.pem

/tmp/chain.pem contains a root certificate
/tmp/cert.pem contains a certificate that was signed by this root certificate;

I get the following output

/tmp/cert.pem: CN = ..., O = ..., ST = ..., C = ...
error 19 at 1 depth lookup:self signed certificate in certificate chain

of couse the number 19 means 'self signed certificate in certificate chain'
as shown here: https://www.openssl.org/docs/manmaster/apps/verify.html

but what does the number 1 (at ... depth) say?
It means that while constructing a chain, the immediate issue of the
leaf certificate was an untrusted self-signed certificate.  The leaf
certificate has depth 1, its issuer has depth 0.

Ah, ok; in case there had been a chain with 3 certificates
2 means the leaf certificate, 1 means the issuing intermediate and 0 means the self signed root?

Thanks,
Walter


Attachment: smime.p7s
Description: S/MIME Cryptographic Signature

-- 
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

Reply via email to