mariano Jess wrote:
>
> Hi.
>
> I generate a s/mime with:
>
> openssl smime -sign -in texto.txt -text -out mensaje.msg -signer
> certificate.crt -inkey privatekey.key
>
> And it's all ok
>
> when a try verify this file (mensaje.msg) with:
>
> openssl smime -verify -in mensaje.msg -out signedtxt.txt -signer
> certificate.crt
>
> An error occurs with the message:
>
> 523:error:21075075:PKCS7 routines:PKCS7_verify:certificate verify
> error:.\crypto\pkcs7\pk7_smime.c:205:Verify error:unable to get local
> issuer certificate.
>
> My certificate is generated with openssl and it's signed with my own CA.
> That certificates had been working correctly both in all test and
> applicattions made until now.
>
> Somebody knows what am I doing bad?.
>
You need to include the path to your CA certificate in the verify
command using either -CApath or -CAfile . If you have more than two
certificates in the chain then you need to include the intermediate
certificates in the sign operation using the -certfile command.
Steve.
--
Dr Stephen N. Henson. http://www.drh-consultancy.demon.co.uk/
Personal Email: [EMAIL PROTECTED]
Senior crypto engineer, Celo Communications: http://www.celocom.com/
Core developer of the OpenSSL project: http://www.openssl.org/
Business Email: [EMAIL PROTECTED] PGP key: via homepage.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
