can see :
error:0906D06C:PEM routines:PEM_read_bio:no start line
But this error happens everytime (even when it works), so, I dont think it's
related.
Any idea ?
Thanks
--
View this message in context:
http://old.nabble.com/OpenSSL-verify-fails-tp31008774p31008774.html
Sent from the OpenSSL
Bruce Stephens wrote:
Bruce Stephens bruce.steph...@isode.com writes:
Dr. Stephen Henson st...@openssl.org writes:
[...]
Is that unmodified OpenSSL 0.9.8o? If so that's peculiar I get the expected
error here.
No, it's Debian's 0.9.8o-2.
Ah, my fault. Obvious in retrospect: Debian's
On Tue, Nov 09, 2010 at 01:45:15PM +, Bruce Stephens wrote:
Michael Str??der mich...@stroeder.com writes:
Bruce Stephens wrote:
[...]
Ah, my fault. Obvious in retrospect: Debian's openssl finds the root
cert because it's in the ca-certificates package!
Did you use -CAfile
Michael Ströder mich...@stroeder.com writes:
Bruce Stephens wrote:
[...]
Ah, my fault. Obvious in retrospect: Debian's openssl finds the root
cert because it's in the ca-certificates package!
Did you use -CAfile as in my original posting when testing?
I did.
Doesn't -CAfile set
HI!
I'm feeling dumb since this simple command fails and I cannot see why:
$ openssl verify -CAfile rootcacert.pem subcacert.pem
subcacert.pem: C = DE, O = SCA Deutsche Post Com GmbH, CN = Signtrust CERT
Root CA 1:PN
error 2 at 1 depth lookup:unable to get issuer certificate
I've attached the
Erik Tkal
Juniper OAC/UAC/Pulse Development
-Original Message-
From: owner-openssl-us...@openssl.org [mailto:owner-openssl-us...@openssl.org]
On Behalf Of Michael Ströder
Sent: Wednesday, November 03, 2010 12:23 PM
To: openssl-users@openssl.org
Subject: openssl verify fails
HI
Erik Tkal et...@juniper.net writes:
Hi Michael,
Your rootcacert is not a root cert, as it was issued by C=US,
ST=UT, L=Salt Lake City, O=The USERTRUST Network,
OU=http://www.usertrust.com, CN=UTN-USERFirst-Client Authentication
and Email. You need to append that cert as well to your
...@openssl.org]
On Behalf Of Bruce Stephens
Sent: Wednesday, November 03, 2010 12:59 PM
To: openssl-users@openssl.org
Subject: Re: openssl verify fails
Erik Tkal et...@juniper.net writes:
Hi Michael,
Your rootcacert is not a root cert, as it was issued by C=US,
ST=UT, L=Salt Lake City, O
On Wed, Nov 03, 2010, Bruce Stephens wrote:
Erik Tkal et...@juniper.net writes:
Hi Michael,
Your rootcacert is not a root cert, as it was issued by C=US,
ST=UT, L=Salt Lake City, O=The USERTRUST Network,
OU=http://www.usertrust.com, CN=UTN-USERFirst-Client Authentication
and Email.
Erik Tkal wrote:
Your rootcacert is not a root cert, as it was issued by C=US, ST=UT,
L=Salt Lake City, O=The USERTRUST Network, OU=http://www.usertrust.com,
CN=UTN-USERFirst-Client Authentication and Email. You need to append that
cert as well to your CAfile.
Shouldn't it be possible to
Erik Tkal et...@juniper.net writes:
Maybe that's a bug in OpenSSL 0.9.8o? The docs for verify say It is
an error if the whole chain cannot be built up.
Maybe, but I think it's just as reasonable to regard it as a bug in the
docs.
I think it's useful for verify to be able to verify chains
Bruce Stephens wrote:
Erik Tkal et...@juniper.net writes:
Maybe that's a bug in OpenSSL 0.9.8o? The docs for verify say It is
an error if the whole chain cannot be built up.
Maybe, but I think it's just as reasonable to regard it as a bug in the
docs.
I think it's useful for verify to
Dr. Stephen Henson st...@openssl.org writes:
[...]
Is that unmodified OpenSSL 0.9.8o? If so that's peculiar I get the expected
error here.
No, it's Debian's 0.9.8o-2.
[...]
__
OpenSSL Project
13 matches
Mail list logo