Frédéric Donnat wrote:
Hi,
Sorry for the mistake (nothing to deal with openssl.cnf file). I was just
looking for ca.txt file.
Is it normal behavior of openssl to be able to view a certificate without
serial number using (without any error mentioned):
openssl x509 -in some_cert_without_sn.pem -text
But to be unable to verify it using:
openssl verify -CAfile some_cert_without_sn.pem some_cert_without_sn.pem
Sample: (attached self-sign cert name pipo-bad.pem)
hmm, the attached certificate as has a serial number it's 0x0
[EMAIL PROTECTED] simple]$ LD_LIBRARY_PATH=/usr/local/ossl-0.9.8/lib
/usr/local/ossl-0.9.8/bin/openssl verify -verbose -CAfile pipo-bad.pem
pipo-bad.pem
pipo-bad.pem: /C=UK/CN=OpenSSL Group
error 7 at 0 depth lookup:certificate signature failure
18588:error:04077068:rsa routines:RSA_verify:bad signature:rsa_sign.c:218:
18588:error:0D0C5006:asn1 encoding routines:ASN1_item_verify:EVP
lib:a_verify.c:168:
well the signature really seems to be wrong. How did you create
the certificate ?
Cheers,
Nils
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager [EMAIL PROTECTED]
