Erik Tkal wrote: > Your "rootcacert" is not a root cert, as it was issued by "C=US, ST=UT, > L=Salt Lake City, O=The USERTRUST Network, OU=http://www.usertrust.com, > CN=UTN-USERFirst-Client Authentication and Email". You need to append that > cert as well to your CAfile.
Shouldn't it be possible to mark every cert in the chain as trusted root and therefore path building should stop there? Also what's the magic behind these ASCII armor lines generated with openssl x509 -trustout ? -----BEGIN TRUSTED CERTIFICATE----- -----END TRUSTED CERTIFICATE----- Does that have any effect? Ciao, Michael. ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org