Someone suggested it would be helpful to post the chain file and the site's public certificate to the list. If it is helpful, here is the site cert (and below that their supplied chain file)
-----BEGIN CERTIFICATE----- MIIF+TCCBOGgAwIBAgIRAOQNdqGKinmztM0sRh0SkkowDQYJKoZIhvcNAQEFBQAw WTELMAkGA1UEBhMCVVMxITAfBgNVBAoTGE5ldHdvcmsgU29sdXRpb25zIEwuTC5D LjEnMCUGA1UEAxMeTmV0d29yayBTb2x1dGlvbnMgRVYgU2VydmVyIENBMB4XDTEx MDQxMzAwMDAwMFoXDTEyMDQyOTIzNTk1OVowggE0MRIwEAYDVQQFEwlWLTU4NTA4 LTAxEzARBgsrBgEEAYI3PAIBAxMCVVMxEzARBgsrBgEEAYI3PAIBAhMCVlQxHTAb BgNVBA8TFFByaXZhdGUgT3JnYW5pemF0aW9uMQswCQYDVQQGEwJVUzEOMAwGA1UE ERMFMDU3NjcxCzAJBgNVBAgTAlZUMRIwEAYDVQQHEwlSb2NoZXN0ZXIxFDASBgNV BAkTC09uZSBQYXJrIFN0MSswKQYDVQQKEyJJbm5lciBUcmFkaXRpb25zIEludGVy bmF0aW9uYWwgTHRkMRMwEQYDVQQLEwpCb29rIFNhbGVzMRswGQYDVQQLExJTZWN1 cmUgTGluayBFViBTU0wxIjAgBgNVBAMTGXN0b3JlLmlubmVydHJhZGl0aW9ucy5j b20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDF66W6jHcsm5vPLFWt 8Vk+CSUINYZCibR8xMMYcgj1OCXArNJTWYJIPVFTcdMY97U0OmOGB/w44zzywKOz Yd3756/S5QYfokwkZ6A+dibbdOwzQX/qP2yGMD/zRPP8bALbAeiIEu5gnZkyqZVy UITMY7OnyV/VK0bP15o4/WMcFVMq7J2pZoY/7e3//Bhzd2yj4UtL/MQ+WVBq2Mh9 1XC5o+db2J4IP7HWEd14h5buRBlS+gdR+aPnQRfUgD8msOcrIHMuPo+cK0swGjLl lvEsvaMHsIdwTG0mnesLxMlYo1gbC0v/zJNbKmTOkcWU26V4rM9/3to+82wd2u2V XkAXAgMBAAGjggHdMIIB2TAfBgNVHSMEGDAWgBSKNeQ1OrwRoZ779U80ZtVLrExi aDAdBgNVHQ4EFgQUgUqFpUzoDl9o44trs/oaV2Lv0+swDgYDVR0PAQH/BAQDAgWg MAwGA1UdEwEB/wQCMAAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMG4G A1UdIARnMGUwYwYMKwYBBAGGDgECAQgBMFMwUQYIKwYBBQUHAgEWRWh0dHA6Ly93 d3cubmV0d29ya3NvbHV0aW9ucy5jb20vbGVnYWwvU1NMLWxlZ2FsLXJlcG9zaXRv cnktZXYtY3BzLmpzcDBIBgNVHR8EQTA/MD2gO6A5hjdodHRwOi8vY3JsLm5ldHNv bHNzbC5jb20vTmV0d29ya1NvbHV0aW9uc0VWU2VydmVyQ0EuY3JsMHoGCCsGAQUF BwEBBG4wbDBDBggrBgEFBQcwAoY3aHR0cDovL3d3dy5uZXRzb2xzc2wuY29tL05l dHdvcmtTb2x1dGlvbnNFVlNlcnZlckNBLmNydDAlBggrBgEFBQcwAYYZaHR0cDov L29jc3AubmV0c29sc3NsLmNvbTAkBgNVHREEHTAbghlzdG9yZS5pbm5lcnRyYWRp dGlvbnMuY29tMA0GCSqGSIb3DQEBBQUAA4IBAQBusLaUTTTcvQl0up5zKYsfNPoS YXRsSC0tOEBdKBPvCDHmJlpNkjE/IPYTsRT/oxnWL3QORWKfClz9ygIy9L6AJb8w BDaopoHEt7oNIPjjyp3ArOyjkGOZTllPJMyv/SznKQVQLmsO8uMEyV5AXIHyW8nm OC0jMS28dELdFXrBOIPNUGw/e2lsRQbfoaMQY/vuSbLv1nlL28K3vXj3Jn/rSXaa Zc25pUZPQTGObF5is9CGBPnBW1zrtkj1jV+J05eRb5Qqc3zUMvlgUg58CNZjWraS pjyc7DtAqYyE//iPI+JBOSGBlc3Q6Qedxs3O/O9TrDpAyVQAffL5f1EgeQey -----END CERTIFICATE----- And the chain file -----BEGIN CERTIFICATE----- MIIEPDCCAySgAwIBAgIQSEus8arH1xND0aJ0NUmXJTANBgkqhkiG9w0BAQUFADBv MQswCQYDVQQGEwJTRTEUMBIGA1UEChMLQWRkVHJ1c3QgQUIxJjAkBgNVBAsTHUFk ZFRydXN0IEV4dGVybmFsIFRUUCBOZXR3b3JrMSIwIAYDVQQDExlBZGRUcnVzdCBF eHRlcm5hbCBDQSBSb290MB4XDTA1MDYwNzA4MDkxMFoXDTIwMDUzMDEwNDgzOFow gZcxCzAJBgNVBAYTAlVTMQswCQYDVQQIEwJVVDEXMBUGA1UEBxMOU2FsdCBMYWtl IENpdHkxHjAcBgNVBAoTFVRoZSBVU0VSVFJVU1QgTmV0d29yazEhMB8GA1UECxMY aHR0cDovL3d3dy51c2VydHJ1c3QuY29tMR8wHQYDVQQDExZVVE4tVVNFUkZpcnN0 LUhhcmR3YXJlMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsffDOD+0 qH/POYJRZ9Btn9L/WPPnnyvsDYlUmbk4mRb34CF5SMK7YXQSlh08anLVPBBnOjnt KxPNZuuVCTOkbJex6MbswXV5nEZejavQav25KlUXEFSzGfCa9vGxXbanbfvgcRdr ooj7AN/+GjF3DJoBerEy4ysBBzhuw6VeI7xFm3tQwckwj9vlK3rTW/szQB6g1ZgX vIuHw4nTXaCOsqqq9o5piAbF+okh8widaS4JM5spDUYPjMxJNLBpUb35Bs1orWZM vD6sYb0KiA7I3z3ufARMnQpea5HW7sftKI2rTYeJc9BupNAeFosU4XZEA39jrOTN SZzFkvSrMqFIWwIDAQABo4GqMIGnMB8GA1UdIwQYMBaAFK29mHo0tCb3+sQmVO8D veAky1QaMB0GA1UdDgQWBBShcl8mGyiYQ5VdBzfVhZadS9LDRTAOBgNVHQ8BAf8E BAMCAQYwDwYDVR0TAQH/BAUwAwEB/zBEBgNVHR8EPTA7MDmgN6A1hjNodHRwOi8v Y3JsLnVzZXJ0cnVzdC5jb20vQWRkVHJ1c3RFeHRlcm5hbENBUm9vdC5jcmwwDQYJ KoZIhvcNAQEFBQADggEBADzse+Cuow6WbTDXhcbSaFtFWoKmNA+wyZIjXhFtCBGy dAkjOjUlc1heyrl8KPpH7PmgA1hQtlPvjNs55Gfp2MooRtSn4PU4dfjny1y/HRE8 akCbLURW0/f/BSgyDBXIZEWT6CEkjy3aeoR7T8/NsiV8dxDTlNEEkaglHAkiD31E NREU768A/l7qX46w2ZJZuvwTlqAYAVbO2vYoC7Gv3VxPXLLzj1pxz+0YrWOIHY6V 9+qV5x+tkLiECEeFfyIvGh1IMNZMCNg3GWcyK+tc0LL8blefBDVekAB+EcfeEyrN pG1FJseIVqDwavfY5/wnfmcI0L36tsNhAgFlubgvz1o= -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- MIIEsTCCA5mgAwIBAgIQVGi1eXSfYP/+kzbRw2KvLjANBgkqhkiG9w0BAQUFADCB lzELMAkGA1UEBhMCVVMxCzAJBgNVBAgTAlVUMRcwFQYDVQQHEw5TYWx0IExha2Ug Q2l0eTEeMBwGA1UEChMVVGhlIFVTRVJUUlVTVCBOZXR3b3JrMSEwHwYDVQQLExho dHRwOi8vd3d3LnVzZXJ0cnVzdC5jb20xHzAdBgNVBAMTFlVUTi1VU0VSRmlyc3Qt SGFyZHdhcmUwHhcNMDYxMjAxMDAwMDAwWhcNMjAwNTMwMTA0ODM4WjBiMQswCQYD VQQGEwJVUzEhMB8GA1UEChMYTmV0d29yayBTb2x1dGlvbnMgTC5MLkMuMTAwLgYD VQQDEydOZXR3b3JrIFNvbHV0aW9ucyBDZXJ0aWZpY2F0ZSBBdXRob3JpdHkwggEi MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDkvH6SMG3G2I4rC7xGzuAnlt7e +foS0zwzc7MEL7xxjOWftiJgPl9dzgn/ggwbmlFQGiaJ3dVhXRncEg8tCqJDXRfQ NJIg6nPPOCwGJgl6cvf6UDL4wpPTaaIjzkGxzOTVHzbRijr4jGPiFFlp7Q3Tf2vo uAPlT2rlmGNpSAW+Lv8ztumXWWn4Zxmuk2GWRBXTcrA/vGp97Eh/jcOrqnErU2lB UzS1sLnFBgrEsEX1QV1uiUV7PTsmjHTC5dLRfbIR1PtYMiKagMnc/Qzpf14Dl847 ABSHJ3A4qY5usyd2mFHgBeMhqxrVhSI8KbWaFsWAqPS7azCPL0YCorEMIuDTAgMB AAGjggErMIIBJzAfBgNVHSMEGDAWgBShcl8mGyiYQ5VdBzfVhZadS9LDRTAdBgNV HQ4EFgQUITDJ+wDXTpjah6oq0KcusUAxp0wwDgYDVR0PAQH/BAQDAgEGMA8GA1Ud EwEB/wQFMAMBAf8wfgYDVR0gBHcwdTAOBgwrBgEEAYYOAQIBAwEwYwYMKwYBBAGG DgECAQgBMFMwUQYIKwYBBQUHAgEWRWh0dHA6Ly93d3cubmV0d29ya3NvbHV0aW9u cy5jb20vbGVnYWwvU1NMLWxlZ2FsLXJlcG9zaXRvcnktZXYtY3BzLmpzcDBEBgNV HR8EPTA7MDmgN6A1hjNodHRwOi8vY3JsLnVzZXJ0cnVzdC5jb20vVVROLVVTRVJG aXJzdC1IYXJkd2FyZS5jcmwwDQYJKoZIhvcNAQEFBQADggEBACxMoyanvTB6+D/Q KLDQy/VRsYJooOHm//6GvIzUV4nV/waBUxvyCq/EVf+c1ugqWbE1imdUrn+jhPNJ 1g1T3hCjyNW4wZpY7lG19DGb2L/ycEiOpVkvE7hBuWg00Hl6lH05YDW0So5Ufbpw EJX4sN7K9x3pgQJxELZP7e75+3IIDgOUo1H/Bbf5MrH042oU1stz3ABhCNIAJ4yN i1iLJaqWl4dOnFn0jpGbIC9UcUcYeCiZmi8hzukmrzdW9VXgGdIIl+GjofIt8E78 ivkyIOC3hciok9UkjzP1CDM76hwBGwgjsEDyDhuybDlmrHxBo9Y4I5rrTkI9htf4 a7Mda4U= -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- MIIEaDCCA1CgAwIBAgIQMx840QfzOzsXUMTLCf7RjTANBgkqhkiG9w0BAQUFADBi MQswCQYDVQQGEwJVUzEhMB8GA1UEChMYTmV0d29yayBTb2x1dGlvbnMgTC5MLkMu MTAwLgYDVQQDEydOZXR3b3JrIFNvbHV0aW9ucyBDZXJ0aWZpY2F0ZSBBdXRob3Jp dHkwHhcNMDYxMjAxMDAwMDAwWhcNMTkxMjMxMjM1OTU5WjBWMQswCQYDVQQGEwJV UzEhMB8GA1UEChMYTmV0d29yayBTb2x1dGlvbnMgTC5MLkMuMSQwIgYDVQQDExtO ZXR3b3JrIFNvbHV0aW9ucyBFViBTU0wgQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IB DwAwggEKAoIBAQCyN4yhG+2yfihSSOW2DpRkSNFZ9qtX5vgDPLrdl/91GT6um4Sh C25q28nkyauxj0zHD/X2Zh9PJRibJDrM4e7xFLwLeRzgooVAHAUTRGjguss5R8zs ak9ZVYPryO1zkGHvwlq/coGsE/ZXH4QCRy9Gq5KYz/0rqhMKmX+INRY4u5LhtdMe +d7cZgeICZYmIjnfQuOJuPmQqBnB3HWWc9TRHEPXDM8WevW/7E41rOYRkIQI0dKh SpBPJzuJvSg8oGZSJSwr4i5tnk6R6vTx3YsKL4Bh83Xyl5pskmzpDcO3kCdHSw6Q IrgP/rW3yAAkZaxfLo09Dm6YMwwCN8jd8171AgMBAAGjggEkMIIBIDAfBgNVHSME GDAWgBQhMMn7ANdOmNqHqirQpy6xQDGnTDAdBgNVHQ4EFgQUtk6FnYQfGx3UUolO B5Yt+d7xj8wwDgYDVR0PAQH/BAQDAgEGMBIGA1UdEwEB/wQIMAYBAf8CAQAwZgYD VR0gBF8wXTBbBgRVHSAAMFMwUQYIKwYBBQUHAgEWRWh0dHA6Ly93d3cubmV0d29y a3NvbHV0aW9ucy5jb20vbGVnYWwvU1NMLWxlZ2FsLXJlcG9zaXRvcnktZXYtY3Bz LmpzcDBSBgNVHR8ESzBJMEegRaBDhkFodHRwOi8vY3JsLm5ldHNvbHNzbC5jb20v TmV0d29ya1NvbHV0aW9uc0NlcnRpZmljYXRlQXV0aG9yaXR5LmNybDANBgkqhkiG 9w0BAQUFAAOCAQEAt67r9Jc4wmqrIbOSf9cag1TfZZFPfe+Pz8nQugXQLlcQMtsq Ccd96MLPg1vdaWLglqmlfilrI8xkbj8P5DBVQnGLkxxpCV4Nard07eWpghjIEWcl DSpoJSSy8ieH7U4/kuZE79tAWQw5EvgfyL6fpMLHvNT63G6bW7ekRuSEjA0njqpC y/Bbi7gDW2FzQ8Y0gMyYKtHVTBFz7vyr2hwB37bUWq009kMRVUhhHYpF6fAnByZC phBXxfqQaC1XmE7tnyt8QLI2NBXDpDTTMtaEcU0VKnsb6X0p+u1r6S+/I2pjan9m G0pID0nsP9iH2xyG+8F+Fxcxt7ve0T2YGYfgMg== -----END CERTIFICATE----- On Tue, Apr 26, 2011 at 8:19 AM, James Chase <chase1...@gmail.com> wrote: > Well my results are quite different, and I guess point to my p12 not being > correctly created. Strangely, the p12 I am running this test on works in > production and doesn't produce a warning (I re-created last years > certificate as a new p12 using the same process I am trying with this > years). > > I also tried running this on my test apache site, where I am just using the > plain old certificate, key and network solutions supplied chain file -- and > the openssl s_client command returns better output but I still get a > warning! > > [me@myserver ~]$ openssl s_client -connect www.example.com:443 > CONNECTED(00000003) > depth=0 /serialNumber=03-11- > > 1975/1.3.6.1.4.1.311.60.2.1.3=US/1.3.6.1.4.1.311.60.2.1.2=Massachusetts/1.3.6.1.4.1.311.60.2.1.1=A > City/2.5.4.15=V1.0, Clause > > 5.(b)/C=US/postalCode=05767/ST=MA/L=A City/streetAddress=One Park St/O=A > Company International Ltd > verify error:num=20:unable to get local issuer certificate > verify return:1 > depth=0 /serialNumber=03-11- > > 1975/1.3.6.1.4.1.311.60.2.1.3=US/1.3.6.1.4.1.311.60.2.1.2=Massachusetts/1.3.6.1.4.1.311.60.2.1.1=A > City/2.5.4.15=V1.0, Clause > > 5.(b)/C=US/postalCode=05767/ST=MA/L=A City/streetAddress=One Park St/O=A > Company International Ltd > verify error:num=27:certificate not trusted > verify return:1 > depth=0 /serialNumber=03-11- > > 1975/1.3.6.1.4.1.311.60.2.1.3=US/1.3.6.1.4.1.311.60.2.1.2=Massachusetts/1.3.6.1.4.1.311.60.2.1.1=A > City/2.5.4.15=V1.0, Clause > > 5.(b)/C=US/postalCode=05767/ST=MA/L=A City/streetAddress=One Park St/O=A > Company International Ltd > verify error:num=21:unable to verify the first certificate > verify return:1 > --- > Certificate chain > 0 s:/serialNumber=03-11- > > 1975/1.3.6.1.4.1.311.60.2.1.3=US/1.3.6.1.4.1.311.60.2.1.2=Massachusetts/1.3.6.1.4.1.311.60.2.1.1=A > City/2.5.4.15=V1.0, Clause > > 5.(b)/C=US/postalCode=05767/ST=MA/L=A City/streetAddress=One Park St/O=A > Company International Ltd/OU=Book > > Sales/OU=Secure Link EV SSL/CN=www.example.com > i:/C=US/O=Network Solutions L.L.C./CN=Network Solutions EV SSL CA > --- > > On Mon, Apr 25, 2011 at 6:16 PM, Rob Stradling > <rob.stradl...@comodo.com>wrote: > >> On Monday 25 Apr 2011 20:07:03 James Chase wrote: >> > I simplified the issue a bit in order to try and understand what is >> going >> > on here and found that the SSL certificate that Network Solutions is >> > providing, along with the intermediate chain file cannot be verified by >> > newer installs of Firefox. >> >> Hi James. That seems unlikely. Try browsing to NetSol's own EV site >> (https://www.networksolutions.com) in FF4. I see the EV green bar and no >> browser warnings. >> >> Could you post the top part of the output from "openssl s_client -connect >> yourdomain:yourport" ? >> >> Then we can compare it with... >> >> $ openssl s_client -connect www.networksolutions.com:443 >> CONNECTED(00000003) >> depth=3 C = SE, O = AddTrust AB, OU = AddTrust External TTP Network, CN = >> AddTrust External CA Root >> verify error:num=19:self signed certificate in certificate chain >> verify return:0 >> --- >> Certificate chain >> 0 >> >> s:/serialNumber=3713002/1.3.6.1.4.1.311.60.2.1.3=US/1.3.6.1.4.1.311.60.2.1.2=Delaware/businessCategory=Private >> Organization/C=US/ST=VA/L=Herndon/O=Network Solutions, LLC/OU=Technology >> Services/OU=Secure Link EV SSL/CN=www.networksolutions.com >> i:/C=US/O=Network Solutions L.L.C./CN=Network Solutions EV Server CA >> 1 s:/C=US/O=Network Solutions L.L.C./CN=Network Solutions EV Server CA >> i:/C=US/O=Network Solutions L.L.C./CN=Network Solutions Certificate >> Authority >> 2 s:/C=US/O=Network Solutions L.L.C./CN=Network Solutions Certificate >> Authority >> i:/C=SE/O=AddTrust AB/OU=AddTrust External TTP Network/CN=AddTrust >> External >> CA Root >> 3 s:/C=SE/O=AddTrust AB/OU=AddTrust External TTP Network/CN=AddTrust >> External >> CA Root >> i:/C=SE/O=AddTrust AB/OU=AddTrust External TTP Network/CN=AddTrust >> External >> CA Root >> --- >> >> > It doesn't have anything to do with the p12 >> > file I am creating (I loaded up the network solutions files in apache >> and >> > tested). >> > >> > Who would be at fault here? Am I still doing something wrong, or is this >> > Mozilla's fault for not including a needed root ca file? It seems the >> > missing link is the "AddTrustExternalCARoot" certificate. >> > >> > I tried adding the AddTrustExternalCARoot cert to the top of my >> certificate >> > chain, but this causes apache to break, and then not start complaining >> of >> > "[error] Failed to configure CA certificate chain!". I used a chain file >> > that I have used in previous years, and that did allow apache to start >> but >> > I still cannot verify with Firefox. Then I tried using last years (and >> > soon expiring) certificate for my site and that works FINE. So ... >> Network >> > Solutions screwed something up when issuing my certificate (this is the >> > second one I have had re-issued) or am I doing something wrong. I have >> no >> > idea what that could be at this point -- I have never had so much >> trouble >> > with an SSL certificate and am not an expert by any means. >> > >> > Anyone have any thoughts? I called NS earlier in this process and they >> said >> > "not our problem" but perhaps I will try again. >> > >> > On Mon, Apr 25, 2011 at 11:01 AM, James Chase <chase1...@gmail.com> >> wrote: >> > > I did run the verification, and didn't have an issue there. Still am >> not >> > > able to figure out how to correctly create this as the only way the >> p12 >> > > compiles is by dropping the "-chain" command but that creates ssl >> > > verifications warnings in Firefox web browsers. >> > > >> > > openssl req -verify -in www.example.com.csr -key www.example.com.key >> > > verify OK >> > > -----BEGIN CERTIFICATE REQUEST----- >> > > CERTIFICATE DATA HERE >> > > -----END CERTIFICATE REQUEST----- >> > > >> > > On Sat, Apr 23, 2011 at 4:41 PM, James Chase <chase1...@gmail.com> >> wrote: >> > >> I am using the same system -- I have tried with last years chain file >> as >> > >> well. The only thing that would be different to my knowledge are >> > >> possibly the version of openssl and the renewed crt file if it >> possibly >> > >> requires new CA's (I did use their most current certificates before I >> > >> tried using my old cafile). >> > >> >> > >> openssl verify never returns, I'm not sure what the syntax I am >> shooting >> > >> for there is. >> > >> >> > >> When i try without using the "-chain" command then it compiles the >> p12 >> > >> and it does seem to load in Chrome and IE ,but in FF3 I get: >> > >> >> > >> secure.example.com uses an invalid security certificate. >> > >> >> > >> The certificate is not trusted because the issuer certificate is >> > >> unknown. >> > >> >> > >> (Error code: sec_error_unknown_issuer) >> > >> >> > >> And in FF4 I get: >> > >> >> > >> store.innertraditions.com uses an invalid security certificate. >> > >> >> > >> The certificate is not trusted because no issuer chain was provided. >> > >> >> > >> (Error code: sec_error_unknown_issuer) >> > >> >> > >> >> > >> I have always used the -chain and -CAfile options together when >> creating >> > >> p12's. >> > >> >> > >> On Sat, Apr 23, 2011 at 12:32 PM, Crypto Sal <crypto....@gmail.com >> >wrote: >> > >>> On 04/21/2011 06:51 PM, James Chase wrote: >> > >>> I have done this multiple years in a row with the exact same process >> > >>> but now I get the following error when I try to create my SSL: >> > >>> >> > >>> openssl pkcs12 -export -chain -CAfile cachain.crt -out >> > >>> my.domain.com.p12 -inkey my.domain.com.key -in MY.DOMAIN.COM.crt >> > >>> Error unable to get local issuer certificate getting chain. >> > >>> >> > >>> I concatenated all the intermediate files in the order they suggest, >> > >>> and according to the process I have documented that has worked the >> > >>> past few years. I also downloaded the pre-built chain file where >> they >> > >>> already concatenated the needed files together but I get the same >> > >>> error. I also tried the same chain file I used last year -- same >> > >>> results. Googling is not helping me understand this error. Anyone >> know >> > >>> what could be going on here with the EV SSL creation for Network >> > >>> Solutions? >> > >>> >> > >>> >> > >>> -- >> > >>> "Beware of all enterprises that require new clothes." >> > >>> >> > >>> -- Henry David Thoreau >> > >>> >> > >>> James, >> > >>> >> > >>> You don't need to include the -chain' option since you are providing >> > >>> the chain with the '-CAfile' option. '-chain' is if you want OpenSSL >> > >>> to build the chain for you. >> > >>> >> > >>> --Crypto.Sal >> > >> >> > >> -- >> > >> "Beware of all enterprises that require new clothes." >> > >> >> > >> -- Henry David Thoreau >> > > >> > > -- >> > > "Beware of all enterprises that require new clothes." >> > > >> > > -- Henry David Thoreau >> >> Rob Stradling >> Senior Research & Development Scientist >> COMODO - Creating Trust Online >> ______________________________________________________________________ >> OpenSSL Project http://www.openssl.org >> User Support Mailing List openssl-users@openssl.org >> Automated List Manager majord...@openssl.org >> > > > > -- > "Beware of all enterprises that require new clothes." > -- Henry David Thoreau > -- "Beware of all enterprises that require new clothes." -- Henry David Thoreau
