I have a certificate (sod.pem) that openssl is unable to verify: openssl smime -verify -in sod.pem -inform pem -noverify > sod.data Verification failure 2538:error:2107C080:PKCS7 routines:PKCS7_get0_signers:signer certificate not found:pk7_smime.c:378:
the problem is that the dsn order: the problem is the dsn order: openssl cms -cmsout -in sod.pem -inform PEM -noout -print|grep issuer: issuer: C=IT, O=MINISTERO DELL'INTERNO, OU=PE, CN=CERTIFICATION AUTHORITY issuer: CN=CERTIFICATION AUTHORITY, OU=PE, O=MINISTERO DELL'INTERNO, C=IT the problem seems quite frequent: http://old.nabble.com/Problem-with-verifying-of-PKCS7-structure-signed-with-ECDSA-certificate-td27717780.html and I cannot find specifications that speak about dsn order, so I thinks this is an openssl bug, some closed software are able to verify the pem attached, this bug is present in openssl 1.0.0d and openssl 0.9.8o, no other versions tested, regards Nicola
sod.pem
Description: application/x509-ca-cert
sod.bin
Description: Binary data