> From: owner-openssl-us...@openssl.org On Behalf Of James Chase > Sent: Monday, 25 April, 2011 11:02
> I did run the verification, and didn't have an issue there. > Still am not able to figure out how to correctly create this > as the only way the p12 compiles is by dropping the "-chain" command > but that creates ssl verifications warnings in Firefox web browsers. > openssl req -verify -in www.example.com.csr -key www.example.com.key Verifying the request is irrelevant. Verify the *cert* you are putting in the p12 against the (remaining) chain you are putting in the p12. If that succeeds, the p12 should work also. If it fails, it should give more specific error information. openssl verify -CAfile chain.crt my.cert.crt IF you have installed some 'common' or 'standard' CAs in your system's default truststore -- or if you're using a packaged build that does so for you -- turn that off to make sure it doesn't silently 'fill in' certs for you, something like: openssl verify -CAfile chain.crt -CApath /dev/null my.cert.crt ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
