Hi, Hmm...
I've had the same issue. Basically it came down to "how do you know if the sub is reliable if you do not know whether to trust the root?" If you do not wish to have the root as part of the chain, create a new chain where the sub is the root What is the reason you do not want to use the root in the chain check, but it should be part of the chain? HTH Regards, Serge Fonville On Tue, Sep 1, 2009 at 1:04 PM, Yin, Ben 1. (NSN - CN/Cheng Du)<ben.1....@nsn.com> wrote: > Hi, > > It there a way to verify certificate with out root ca? I have 4 certificate: > rootca.pem is the root ca (self signed). subca.pem was signed by rootca.pem. > cert1.pem & cert2.pem was signed by subca.pem. I was supposed to configure > the client and server using subca.pem as ca, and cert1.pem & cert2.pem as > certificate. It seem that openssl still try to find rootca.pem to verfiy > subca.pem when handshake. But I don't what root.pem can bo accessed for > keeping it safe. So It there a way to verify certificate with out root ca, > only using sub ca and certificate signed by sub ca? Thanks. > > Br > > Ben ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
