Hello guys I have created three certificates: a root CA cert, a subRoot CA cert and one client cert using M2Crypto. When I try to verify the trust chain I receive 'unable to get issuer certificate'
This are the steps I walked: # my certificates $ ls *.crt client.crt rootCA.crt subRootCA.crt # so far so good $ openssl verify -CAfile rootCA.crt subRootCA.crt subRootCA.crt: OK # this fails $ openssl verify -CAfile subRootCA.crt client.crt client.crt: /C=CH/ST=Zurich/L=Zurich City/O=Test CA/CN=Test Sub Certification Authority/OU=Information Technology/[email protected] error 2 at 1 depth lookup:unable to get issuer certificate # this one fails too $ openssl verify -CAfile rootCA.crt client.crt client.crt: /C=CH/ST=ZH/L=Zurich/O=My Company Inc./CN=webca.mycompany.com/OU=Information Technology/[email protected] error 20 at 0 depth lookup:unable to get local issuer certificate Can someone please shed some light on this? This are the test-certificates I have been using. $ cat rootCA.crt -----BEGIN CERTIFICATE----- MIIEWTCCA0GgAwIBAgIBATANBgkqhkiG9w0BAQUFADCBrzELMAkGA1UEBhMCQ0gx DzANBgNVBAgTBlp1cmljaDEUMBIGA1UEBxMLWnVyaWNoIENpdHkxEDAOBgNVBAoT B1Rlc3QgQ0ExJTAjBgNVBAMTHFRlc3QgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkx HzAdBgNVBAsTFkluZm9ybWF0aW9uIFRlY2hub2xvZ3kxHzAdBgkqhkiG9w0BCQEW EGNvbnRhY3RAdGVzdC5jb20wHhcNMDkwODE4MTgyMjQzWhcNMTAwODE4MTgyMjQz WjCBrzELMAkGA1UEBhMCQ0gxDzANBgNVBAgTBlp1cmljaDEUMBIGA1UEBxMLWnVy aWNoIENpdHkxEDAOBgNVBAoTB1Rlc3QgQ0ExJTAjBgNVBAMTHFRlc3QgQ2VydGlm aWNhdGlvbiBBdXRob3JpdHkxHzAdBgNVBAsTFkluZm9ybWF0aW9uIFRlY2hub2xv Z3kxHzAdBgkqhkiG9w0BCQEWEGNvbnRhY3RAdGVzdC5jb20wggEiMA0GCSqGSIb3 DQEBAQUAA4IBDwAwggEKAoIBAQC94n8exsNuvQKZXs1HVNgjRfwCZX0cQtQRytXE 5igqIby59zzNyfb3TiREN9SuHunQ5B/vXJjSQeqBfjxsFEqUYQ3ElOEmi6GNXaJk lVVJ0WWzNinLUgZHXOE2EZmwucHYQY1o7BQICIXuyatX9Drj0NkAuNGumsvxi4Nq 6Svxv61IGINhbEOO+ZyaPEu3ihCANEhUPKx44FMjKlEU5GEZyIekFhjn0uYsiB2h 1CcJgPfOXng6hyCJE4Eo/pwvVNUaovkKc31a8nk8FMGNZ7kc7i50GlkpVWeAyCvL FyTBnE+JsdLu2mh6c2XgjDvMKF+Hmy1PVkDCoXZ7sP52haHbAgMBAAGjfjB8MAwG A1UdEwQFMAMBAf8wCwYDVR0PBAQDAgEGMCwGCWCGSAGG+EIBDQQfFh1PcGVuU1NM IEdlbmVyYXRlZCBDZXJ0aWZpY2F0ZTAxBgNVHR8EKjAoMCagJKAihiBodHRwOi8v d2ViY2EuZG9tYWluLmNvbS9yb290LmNybDANBgkqhkiG9w0BAQUFAAOCAQEAg08/ mpOTAB4fDrGzgOB5qG/oxRmEhlVhyuQUdQAW9vMAY1OSFuLS2QcMZsFq1wQWa7Rt wyOUVvBVVGl8xmk4FQmHlWlkLjg3jaE0NuDR22YGoP0k4BCwdfn9v3ohWGzr/INI UHXUhKuZGF+MGqYtxvdZvQ8ufvUolrTlqpVaiWcKqszhz7xNwtwNZ+sKsiK7IuBA ByI+PI7aYIff4qqTeCWcokvJ1B9amaKHE61QiT6Ham/N2kIdY71KmSarT4M4V71+ FjXB8EJg6VXGdkdybbTkVHHQvB4H16wfqwOqTVscVRgg8yOoI1NXMi0t9sr64AYc zH4a8dfRAfwekpUtDQ== -----END CERTIFICATE----- $ cat subRootCA.crt -----BEGIN CERTIFICATE----- MIIEYTCCA0mgAwIBAgIBAjANBgkqhkiG9w0BAQUFADCBrzELMAkGA1UEBhMCQ0gx DzANBgNVBAgTBlp1cmljaDEUMBIGA1UEBxMLWnVyaWNoIENpdHkxEDAOBgNVBAoT B1Rlc3QgQ0ExJTAjBgNVBAMTHFRlc3QgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkx HzAdBgNVBAsTFkluZm9ybWF0aW9uIFRlY2hub2xvZ3kxHzAdBgkqhkiG9w0BCQEW EGNvbnRhY3RAdGVzdC5jb20wHhcNMDkwODE4MTgyMjQ0WhcNMTAwODE4MTgyMjQ0 WjCBszELMAkGA1UEBhMCQ0gxDzANBgNVBAgTBlp1cmljaDEUMBIGA1UEBxMLWnVy aWNoIENpdHkxEDAOBgNVBAoTB1Rlc3QgQ0ExKTAnBgNVBAMTIFRlc3QgU3ViIENl cnRpZmljYXRpb24gQXV0aG9yaXR5MR8wHQYDVQQLExZJbmZvcm1hdGlvbiBUZWNo bm9sb2d5MR8wHQYJKoZIhvcNAQkBFhBjb250YWN0QHRlc3QuY29tMIIBIjANBgkq hkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5BNZqYH7fGISW2+w1X1XeznqsN1hhyvC 3DX1Ef+bNIIxS52EKZ6Dtr+AjRS76D18X/+Z/04iL7wIB2VaAEYHv9YGJVacp/ic 5jDltPqFaktSsiUBvoUyOevL1wwly/zNFj/tpOlqw5UCBO4xR/OVDZ3zwMxrG1ty 99J1vUZU6E+37cdGfAA7VYx6c2hU0gnB2lG3JS5vkYcQoRdeTB065M1rS/NEvQvO 381mzn6Q6y6t1TOS55eyB5Z87eTNl06wSwmMf61cx6R3T4fPVeMo7Ci8nDnMad0O cS5daZz3tpF3zFyFtfVUYJEHdw0i8xuNs7xcA/BqiqyyZSD1A0sOWwIDAQABo4GB MH8wDwYDVR0TBAgwBgEB/wIBBTALBgNVHQ8EBAMCAQYwLAYJYIZIAYb4QgENBB8W HU9wZW5TU0wgR2VuZXJhdGVkIENlcnRpZmljYXRlMDEGA1UdHwQqMCgwJqAkoCKG IGh0dHA6Ly93ZWJjYS5kb21haW4uY29tL3Jvb3QuY3JsMA0GCSqGSIb3DQEBBQUA A4IBAQBfhkmsBVCrjiXkM5NqQZMjmRxMARpI0G3xO7LBAiAgxmQ2YJzbeY8AsvnC cjCL37LV4T26RJpiCrC8jjBCg4tkXEsodNXmhRJTVbkiAtbyHggWsJDi2+r5SELk VCxPEGLBFBqF8ebsChl7BRqdkYfwqbSCByxkaUin67Qu2+kmozCGshk5I6l+OUop mGyRgHTwIifAYcfifEiLGDpeyY5TezF1Z8fDWh1+AWm2ZFMPAu/sfOCsRmqF94Dq FEmTND09StozUlYfHo4ituXlZ/kigWLyfzTTUH1Xl+q2iHP/4WDCbODrNv1VeHQH X4m45I7MKpYcCg4tvw7G8mmW6zu9 -----END CERTIFICATE----- $ cat client.crt -----BEGIN CERTIFICATE----- MIIEWzCCA0OgAwIBAgIBAzANBgkqhkiG9w0BAQUFADCBszELMAkGA1UEBhMCQ0gx DzANBgNVBAgTBlp1cmljaDEUMBIGA1UEBxMLWnVyaWNoIENpdHkxEDAOBgNVBAoT B1Rlc3QgQ0ExKTAnBgNVBAMTIFRlc3QgU3ViIENlcnRpZmljYXRpb24gQXV0aG9y aXR5MR8wHQYDVQQLExZJbmZvcm1hdGlvbiBUZWNobm9sb2d5MR8wHQYJKoZIhvcN AQkBFhBjb250YWN0QHRlc3QuY29tMB4XDTA5MDgxODE4MjI0NFoXDTEwMDgxODE4 MjI0NFowgbAxCzAJBgNVBAYTAkNIMQswCQYDVQQIEwJaSDEPMA0GA1UEBxMGWnVy aWNoMRgwFgYDVQQKEw9NeSBDb21wYW55IEluYy4xHDAaBgNVBAMTE3dlYmNhLm15 Y29tcGFueS5jb20xHzAdBgNVBAsTFkluZm9ybWF0aW9uIFRlY2hub2xvZ3kxKjAo BgkqhkiG9w0BCQEWG21hdHRoaWFzLmd1ZW50ZXJ0QGdtYWlsLmNvbTCCASIwDQYJ KoZIhvcNAQEBBQADggEPADCCAQoCggEBAMRQgcoGvEoXex5i1vuuiNBsdz1kEi1/ CR5qv/M4RCF00HJ4/FM9IdwtEqguDgFNSxw2/SDpoMlFEGnzcQysv1ya0/1/ahph tOGHgrLUrtQ8zwITIK7GLooOTsNf+xGpGLknX8+WSkuusOWPZdUP9nU1fGQ3B2b9 TnFjRipmBznTS+Gpi8PCwbH1LBc6caU+w/s8YJ9Ey6wFNRLG/iZBUNzonDGqLsTP 5Jb0scgDFvRksV7HOeLM2o1LmTb/OETkwEQ9sStsA1t8Wn8BwYSV6jalX3b6CZL6 tTnEubNVN8+zQKnDxH13oL9o6qfNUVg7mOgiH/D474BVgci+9wEBbPkCAwEAAaN7 MHkwCQYDVR0TBAIwADALBgNVHQ8EBAMCAQYwLAYJYIZIAYb4QgENBB8WHU9wZW5T U0wgR2VuZXJhdGVkIENlcnRpZmljYXRlMDEGA1UdHwQqMCgwJqAkoCKGIGh0dHA6 Ly93ZWJjYS5kb21haW4uY29tL3Jvb3QuY3JsMA0GCSqGSIb3DQEBBQUAA4IBAQCk wU/P3KSfRdq1zZcBI7db8bFG+YSiyEjIujbaHQ4YSnbbi7soElVth194D6B+IqNz ZAmPyrnNIUlo8o2+32hnDgTY3Qgs+55eevuL9U7eAYscQ67BhhfwmUObJott2IKG oBh5cEdvu7/33fP+fGQZE7mW3qwTLvaBZwB4M1aKbTEzwqaNBFDUoks3pCw3ddZR giQk40arAvTtAlHr9wZqx6rNcHDshMU5HBeQlEZDH5wQokyJ8rQRIdAtu2NXe18f y/I5f5xHL9cL9RwudoynQq/SNcBemB05S+40iYAylDgMyHcOyTzKjdVzmE2Mo2SG 3RpjG62XLal52Dl6nznj -----END CERTIFICATE----- ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [email protected] Automated List Manager [email protected]
