Re: [openssl-users] How to prove a Certificate is Signed or not

2018-05-03 Thread Viktor Dukhovni
> On May 3, 2018, at 3:06 AM, Anil kumar Reddy > wrote: > > The issue is: > I am unable to find out the exact command lines or c/c++ program functions to > prove the SignedCertificate.pem is signed or not. I have spent more than one > day on researching, but I

Re: [openssl-users] How to prove a Certificate is Signed or not

2018-05-03 Thread Michael Wojcik
> From: openssl-users [mailto:openssl-users-boun...@openssl.org] On Behalf > Of morthalan > Sent: Thursday, May 03, 2018 05:51 > To: openssl-users@openssl.org > Subject: Re: [openssl-users] How to prove a Certificate is Signed or not > > But In my case, I do not have any root certificate. I have

Re: [openssl-users] How to prove a Certificate is Signed or not

2018-05-03 Thread morthalan
I got two Ideas. I can verify the certificate by comparing the issuer name char *s = X509_NAME_oneline(X509_get_subject_name(cert), NULL, 0); char *i = X509_NAME_oneline(X509_get_issuer_name(cert), NULL, 0); int rc = strcmp(s, i); verifying with public key EVP_PKEY *caPubkey =

Re: [openssl-users] How to prove a Certificate is Signed or not

2018-05-03 Thread Felipe Gasper
You could: - Check subject and issuer for sameness. - Verify the signature with the certificate’s own key. A positive verification indicates self-signed. > On May 3, 2018, at 7:18 AM, Salz, Rich via openssl-users > wrote: > > > > On 5/3/18, 4:24 AM, "morthalan"

Re: [openssl-users] How to prove a Certificate is Signed or not

2018-05-03 Thread Salz, Rich via openssl-users
>After the generation of SignedCertificate.pem. I would like to write function to verify the SignedCertificate.pem, whether it is signed or not. That is still not an accurate description. By definition, a certificate is *signed data.* It appears as a bitstring in the X509 data

Re: [openssl-users] How to prove a Certificate is Signed or not

2018-05-03 Thread morthalan
Sorry for the insufficient explanation on what I did. I have implemented one c++ code(csrReq.cpp) to generate certificate signing request(certReq.pem) along with private key(csrPkey.pem). Another c++ code (signcode.cpp)is to read the user data from certReq.pem and generate the Signed

Re: [openssl-users] How to prove a Certificate is Signed or not

2018-05-03 Thread Salz, Rich via openssl-users
On 5/3/18, 4:24 AM, "morthalan" wrote: No, technically not. I am just searching for a simple method just to check a certificate is signed by CA or not. Because. Something like signing check, I am not quite sure, I do not have proper knowledge on

Re: [openssl-users] How to prove a Certificate is Signed or not

2018-05-03 Thread J Decker
a root cert is the self signed cert. On Thu, May 3, 2018 at 2:50 AM, morthalan wrote: > But In my case, I do not have any root certificate. I have only one signed > certificate (SignedCertificate.pem) and one certificate signing request > (certReq.pem) . So when I

Re: [openssl-users] How to prove a Certificate is Signed or not

2018-05-03 Thread morthalan
But In my case, I do not have any root certificate. I have only one signed certificate (SignedCertificate.pem) and one certificate signing request (certReq.pem) . So when I use it as below openssl verify -CAfile SignedCertificate.pem SignedCertificate.pem I am getting error "error 20 at 0 depth

Re: [openssl-users] How to prove a Certificate is Signed or not

2018-05-03 Thread Richard Levitte
openssl verify -CAfile your_ca_cert.pem SignedCertificate.pem Hope that helped Cheers, Richard In message <1525335799770-0.p...@n7.nabble.com> on Thu, 3 May 2018 01:23:19 -0700 (MST), morthalan said: morthalaanilreddy> No, technically not. I am just searching for

Re: [openssl-users] How to prove a Certificate is Signed or not

2018-05-03 Thread J Decker
Or using the javascript interface https://www.npmjs.com/package/sack.vfs#interface https://github.com/d3x0r/sack.vfs/blob/master/tests/tlsTest.js#L28 if( vfs.TLS.validate( {cert:signedCert3, chain:signedCert2+cert} ) ) console.log( "Chain is valid." ); On Thu, May 3, 2018 at 12:36 AM, J

Re: [openssl-users] How to prove a Certificate is Signed or not

2018-05-03 Thread morthalan
No, technically not. I am just searching for a simple method just to check a certificate is signed by CA or not. Because. Something like signing check, I am not quite sure, I do not have proper knowledge on Openssl. d3x0r wrote >

Re: [openssl-users] How to prove a Certificate is Signed or not

2018-05-03 Thread J Decker
https://github.com/d3x0r/sack.vfs/blob/master/src/tls_interface.cc#L1538 this routine does cert validation but I don't thkn that's what you want this verified on a connection https://github.com/d3x0r/SACK/blob/master/src/netlib/ssl_layer.c#L274 which boils down to

[openssl-users] How to prove a Certificate is Signed or not

2018-05-03 Thread Anil kumar Reddy
Hi everyone, I am new to opennssl and now I am completely confused. Please help me out to solve my issue. I have implemented a code to sign the given CSR certificate (certReq.pem), then generate openssl signed Certificate (SignedCertificate.pem) using the details of certReq,pem. The code is