Hi Michael & opensslers, > So: either there's more than one certificate in cacert-2016-11-02.pem, or OpenSSL on the PC is searching its default CA certificate directory in addition to cacert-2016-11-02.pem. Since we don't know what's > actually in cacert-2016-11-02.pem, we can't provide much further help.
It seems there are many certificates in the cacert-2016-11-02.pem. A lot. ---------------------cacert-2016-11-02.pem------------ GlobalSign Root CA ================== -----BEGIN CERTIFICATE----- ... -----END CERTIFICATE----- GlobalSign Root CA - R2 ======================= -----BEGIN CERTIFICATE----- .. -----END CERTIFICATE----- Verisign Class 3 Public Primary Certification Authority - G3 ============================================================ -----BEGIN CERTIFICATE----- .... -----END CERTIFICATE----- Entrust.net Premium 2048 Secure Server CA ========================================= -----BEGIN CERTIFICATE----- ... -----END CERTIFICATE----- Baltimore CyberTrust Root ========================= -----BEGIN CERTIFICATE----- ... -----END CERTIFICATE----- ......so on........... -------------------------------------------------------------- > Note that if there are multiple certificates in cacert-2016-11-02.pem, you'll have to split them up into separate files and create the correct hash link for each one, if you want to use a certificate directory. Should I need to do this? >"< Because other people(in the internet) used this pem file, have no problem. They didn't separate it. And there are so many certificates. And is this step right ? 1. /tmp # ./openssl x509 -hash -fingerprint -noout -in /home/georgeyang/workspace/speech_code/openssl/openssl/final /certs/cacert-2016-11-02.pem 5ad8a5d6 SHA1 Fingerprint=B1:BC:96:8B:D4:F4:9D:62:2A:A8:9A:81:F2:15:01:52: A4:1D:82:9C 2. /etc/ssl/certs # ln -s /home/georgeyang/workspace/spe ech_code/openssl/openssl/final/certs/cacert-2016-11-02.pem 5ad8a5d6.0 I will split them like this later. > Did you actually capture that, or did you retype it? Because it's not valid openssl x509 output. Note that it doesn't match what you reported from the PC: In the paltform, the openssl version is 1.1.0c. And in my PC, the openssl version is 1.0.1f. Today, I have rebuild the openssl1.0.1f for my paltform again. Although it was still NG. And the log is the same as the PC now: /tmp # ./openssl x509 -subject -noout -in /home/georgeyang/workspace/ speech_code /openssl/final/openssl/certs/cacert-2016-11-02.pem subject= /C=BE/O=GlobalSign nv-sa/OU=Root CA/CN=GlobalSign Root CA /tmp # Thank you very much
-- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users