Thank you Ted! However, when I c_rehash the directory which contains both ca.crt and server.crt, there seems to be no response. As a result no hash.0 file is generated.
[EMAIL PROTECTED] tools]# ./c_rehash /path/to/certs/ Doing /path/to/certs/ [EMAIL PROTECTED] tools]# ls /path/to/certs/ ca.crt server.crt I do not know why. Thanks! 2007/4/13, Bernhard Froehlich <[EMAIL PROTECTED]>:
Buffalo Dickens schrieb: > Dear all, I encountered a strange problem. I generated self-signed > certificates and want to test whether they work OK. > > [EMAIL PROTECTED] openssl verify -verbose -purpose sslclient -CApath > /path/to/CA/ /path/to/cert.crt > /path/to/cert.crt: /C=US/ST=America/L=CA/O=UC/OU=CS/CN=www.abc.org > error 20 at 0 depth lookup:unable to get local issuer certificate > > [EMAIL PROTECTED] openssl verify -verbose -purpose sslclient -CAfile > /path/to/CA/ca.crt /path/to/cert.crt > /var/cosign/certs/cosignserver.crt: OK > > I am not at all familiar with openssl and certificate. Please help me! > Any suggestion is welcome! Quoted from http://www.openssl.org/docs/apps/verify.html: ** -CApath directory** A directory of trusted certificates. The certificates should have names of the form: hash.0 or have symbolic links to them of this form (``hash'' is the hashed certificate subject name: see the *-hash* option of the *x509* utility). Under Unix the *c_rehash* script will automatically create symbolic links to a directory of certificates. I'd assume the names of the certificate files are not according to the requirements of CAparh... Hope it helps. Ted ;) -- PGP Public Key Information Download complete Key from http://www.convey.de/ted/tedkey_convey.asc Key fingerprint = 31B0 E029 BCF9 6605 DAC1 B2E1 0CC8 70F4 7AFB 8D26
-- You will when you BELIEVE. Buffalo Dickens ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
