Re: Adding Multiple Root certificates in Openssl

Sun, 17 Jul 2011 20:40:03 -0700 

Hi Ciprian,

  Thanks for  the immediate reply .
  I have some questions on both the approaches suggested.

You can create a file where you may concatenate all your trusted
certificates in PEM format and use that file for verification.

    [Mayur]--- Is there any openSSL api which helps parsing this file[say
myStorageFile] which has all my root certificates in it. ?
   Also my intention as  mentioned in the scenario in previous mail is that
I ll be passing a chain A -->B and would like to find C [self signed ,root
certificate] from myStorageFile .*
*
Another way is to store your trusted certificates in PEM format in
filesystem and create a folder from where you create symbolic links to every
certificate. The symbolic link name should be named as <HASH>.0. <HASH> can
be obtained from the certificate using -hash option like:
openssl x509 -in root.cer -hash

   [Mayur]----After storing links to my PEM format Certificate files how do
I parse the folder having links to get root C  for my chain A -->B ?


Regards,
Mayur


On Fri, Jul 15, 2011 at 10:05 PM, Ciprian Pavel <ciprian.pa...@gmail.com>wrote:

> Hi Mayur,
>
> You can create a file where you may concatenate all your trusted
> certificates in PEM format and use that file for verification.
> Another way is to store your trusted certificates in PEM format in
> filesystem and create a folder from where you create symbolic links to every
> certificate. The symbolic link name should be named as <HASH>.0. <HASH> can
> be obtained from the certificate using -hash option like:
> openssl x509 -in root.cer -hash
>
> If you need CRL checking the same procedure can be applied with the
> exception that the symbolic link name has to be <HASH>.r0.
>
>
> Regards,
> Ciprian
>
>
> On Fri, Jul 15, 2011 at 3:01 PM, Mayur Premi <premi.ma...@gmail.com>wrote:
>
>> Hi ,
>>   I am  using openssl for signature verification of the files in my
>> application.
>>   For supporting multiple root certificates , Is there a db or storage
>> area[file] which openssl searches
>>   while finding the root of the passed input certificates ?
>>
>> I am using X509_Verify_cert api of openssl to verify certificates.
>>
>> The scenario is as below :
>> Say I have 2 certificates A and B in my application , A's Issuer is B and
>> B 's issuer is C.
>> Here C is the [self signed] root certificate. Can I store C somewhere in
>> openssl and find it
>> to complete the chain A-->B-->C
>>
>> Regards,
>> Mayur
>
>
>

Reply via email to