Bonjour, Hodie post. Kal. Sep. MMX, John Doe scripsit: > I have some issues with chained certificates. > I am trying to verify my certificate with the intermediate certificate of my > registrar... > > my.crt: > Issuer: C=FR, O=GANDI SAS, CN=Gandi Standard SSL CA > Subject: OU=Domain Control Validated, OU=Gandi Standard SSL, CN=my.site.com > > gandi.crt: > Issuer: C=US, ST=UT, L=Salt Lake City, O=The USERTRUST Network, > OU=http://www.usertrust.com, CN=UTN-USERFirst-Hardware > Subject: C=FR, O=GANDI SAS, CN=Gandi Standard SSL CA > > # openssl verify -CAfile gandi.crt my.crt > my.crt: /C=FR/O=GANDI SAS/CN=Gandi Standard SSL CA > error 2 at 1 depth lookup:unable to get issuer certificate
It wants to check the issuer's certificate of Gandi. You can find it in your browser, or maybe in a decently installed Ubuntu/Debian, in /etc/ssl/certs directory (UTN_USERFirst_Hardware_Root_CA.pem on my machine). -- Erwann ABALEA <erwann.aba...@keynectis.com> Département R&D KEYNECTIS ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
