Hi, Yes if I place the CA file in the root directory i.e. where openssl is present, it verifies. If I place in some dir it won't.
Thanks for the help Regards, Wahaj ----- Original Message ----- From: "Olaf Gellert" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Monday, August 09, 2004 12:00 PM Subject: Re: Fw: Failing in Verifying CRL > Wahaj wrote: > > > I am using OpenSSL 0.9.7d and using the following command to verify a > > CRL but failing. Why is it failing ? > > > > OpenSSL> crl -inform DER -in crl/mycrl-2mb.crl -CApath crl > > > > *Note: crl is a dir where TestCA.cer file is present. mycrl-2mb.crl file > > is present in the same directory.* > > Would be helpful if you submitted the error message > that OpenSSL gives you. I would guess that it is > not able to find the CA certificate. Try the option > -CAfile instead (or make sure that in the directory > is a symbolic link to the certificate, generated > by the utility chash). > > It may be (I am not sure about that) that the > CA-certificate needs to be in pem-format. You can > always convert the certificate using: > > openssl x509 -inform DER -in TestCA.cer -outform PEM -out TestCA.pem > > So then this should work: > > openssl crl -inform DER -in crl/mycl-2mb.crl -CAfile crl/TestCA.pem > > Does this help? > > Cheers, > Olaf > > -- > Dipl.Inform. Olaf Gellert PRESECURE (R) > Consultant, Consulting GmbH > Phone: (+49) 0700 / PRESECURE [EMAIL PROTECTED] > > A daily view on Internet Attacks > https://www.ecsirt.net/sensornet > > ______________________________________________________________________ > OpenSSL Project http://www.openssl.org > User Support Mailing List [EMAIL PROTECTED] > Automated List Manager [EMAIL PROTECTED] > ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
