Re: Problem Related to Peer cetificate verification.
Simply, you can verify your certificate by: $ openssl verify -CAfile /path/to/root_cert your_cert If you want to implement your verification codes, you can get the detail form openssl.c. On Wed, Sep 24, 2008 at 7:17 PM, Ajeet kumar.S [EMAIL PROTECTED] wrote: Dear All, I want to verify the peer certificate (server certificate). For that we need CA Certificate, Let me know we required ROOT CA certificate in PEM format or in any other format, open ssl will support. Actually I called SSL_CTX_load_verify_locations() after that I called SSL_CTX_set_verify(). But I saw response: certificate expire. But I saw in certificate it is mention end validation date in 2014.Actually I converted .der format certificate to .pem format using openssl utility. I tried .der certificate directly but also not get success. Please let me know what is reason behind it? How we can remove this error? Thank you. Regards, --Ajeet Kumar Singh __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Problem Related to Peer cetificate verification.
Dear All, I want to verify the peer certificate (server certificate). For that we need CA Certificate, Let me know we required ROOT CA certificate in PEM format or in any other format, open ssl will support. Actually I called SSL_CTX_load_verify_locations() after that I called SSL_CTX_set_verify(). But I saw response: certificate expire. But I saw in certificate it is mention end validation date in 2014.Actually I converted .der format certificate to .pem format using openssl utility. I tried .der certificate directly but also not get success. Please let me know what is reason behind it? How we can remove this error? Thank you. Regards, --Ajeet Kumar Singh image001.jpg
Re: Problem Related to Peer cetificate verification.
Ajeet kumar.S wrote: Dear All, I want to verify the peer certificate (server certificate). For that we need CA Certificate, Let me know we required ROOT CA certificate in PEM format or in any other format, open ssl will support. Actually I called *SSL_CTX_load_verify_locations()* after that I called *SSL_CTX_set_verify()*. But I saw response: certificate expire. But I saw in certificate it is mention end validation date in 2014.Actually I converted *.der* format certificate to *.pem* format using openssl utility. I tried *.der* certificate directly but also not get success. Please let me know what is reason behind it? How we can remove this error? You can use the openssl verify command line tool to verify the state of the certificate chain (expiry, purpose, completeness of the chain). The internal verification mechanisms called during SSL session setup use the same routines. Best regards, Lutz __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: Problem Related to Peer cetificate verification.
Hello Ajeet, I think .PEM format is OK. As i also used the same format for my application and used the same API's as u mentioned and everything is fine.. Also u need to check your system date.. is that ok?? On Wed, Sep 24, 2008 at 9:08 PM, Lutz Jaenicke [EMAIL PROTECTED] wrote: Ajeet kumar.S wrote: Dear All, I want to verify the peer certificate (server certificate). For that we need CA Certificate, Let me know we required ROOT CA certificate in PEM format or in any other format, open ssl will support. Actually I called *SSL_CTX_load_verify_locations()* after that I called *SSL_CTX_set_verify()*. But I saw response: certificate expire. But I saw in certificate it is mention end validation date in 2014.Actually I converted *.der* format certificate to *.pem* format using openssl utility. I tried *.der* certificate directly but also not get success. Please let me know what is reason behind it? How we can remove this error? You can use the openssl verify command line tool to verify the state of the certificate chain (expiry, purpose, completeness of the chain). The internal verification mechanisms called during SSL session setup use the same routines. Best regards, Lutz __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED] -- regards, Vineeta Kumari Software engg Mobera Systems Chandigarh __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
