Yes. OpenSSL needs to have the full chain of certificates. You can use the -CAfile <file> option for adding trusted certs to the verification process. You might then get the error for the root CA saying that it is a self-signed cert :D That will be ok... :D
Later, Max On 11/13/2009 07:26 PM, blain...@gdls.com wrote:
Hi max Getting back to something you said earlier in the thread about the error that isn't an error. If you see my openssl command I'm using -issuer parameter. So doesn't this tell openssl who the issuer is? This a subca so does this -issuer parameter require a concat of ca certs that make up the chain?
--
Best Regards,
Massimiliano Pala
--o------------------------------------------------------------------------
Massimiliano Pala [OpenCA Project Manager] ope...@acm.org
project.mana...@openca.org
Dartmouth Computer Science Dept Home Phone: +1 (603) 369-9332
PKI/Trust Laboratory Work Phone: +1 (603) 646-8734
--o------------------------------------------------------------------------
People who think they know everything are a great annoyance to those of us
who do.
-- Isaac Asimov
smime.p7s
Description: S/MIME Cryptographic Signature
------------------------------------------------------------------------------ Let Crystal Reports handle the reporting - Free Crystal Reports 2008 30-Day trial. Simplify your report design, integration and deployment - and focus on what you do best, core application coding. Discover what's new with Crystal Reports now. http://p.sf.net/sfu/bobj-july
_______________________________________________ Openca-Users mailing list Openca-Users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openca-users
