Davy Durham wrote: Hello Davy,
Can openssl be given an SSL cert and a list of trusted root CAs' certs and it just output the root CA's cert that goes with (signed) that SSL cert?
This is not implemented in the openssl command. With some own programming it would be possible.
Or is it a matter of doing an openssl command that would tell you a fingerprint of the issuer's key/cert from the SSL cert, then another command to find that fingerprint in a list of other certs?
If the certificate has the appropriate extension it would be able the get the issuer key fingerprint from it. But primary certificates (and with that issuer certificates) are identified by the DN. Fetching a certificate with its fingerprint is something you would have to do in an own program. Bye Goetz -- DMCA: The greed of the few outweighs the freedom of the many
smime.p7s
Description: S/MIME Cryptographic Signature
