On 18.05.2016 21:10, Viktor Dukhovni wrote: >> On May 18, 2016, at 1:26 PM, Walter H.<Walter.H at mathemainzel.info> wrote: >> >> openssl verify -CAfile /etc/pki/tls/certs/ca-bundle.trust.crt -trusted_first -untrusted /tmp/chain.pem /tmp/cert.pem >> >> /tmp/chain.pem contains a root certificate >> /tmp/cert.pem contains a certificate that was signed by this root certificate; >> >> I get the following output >> >> /tmp/cert.pem: CN = ..., O = ..., ST = ..., C = ... >> error 19 at 1 depth lookup:self signed certificate in certificate chain >> >> of couse the number 19 means 'self signed certificate in certificate chain' >> as shown here: https://www.openssl.org/docs/manmaster/apps/verify.html >> >> but what does the number 1 (at ... depth) say? > It means that while constructing a chain, the immediate issue of the > leaf certificate was an untrusted self-signed certificate. The leaf > certificate has depth 1, its issuer has depth 0. > Ah, ok; in case there had been a chain with 3 certificates 2 means the leaf certificate, 1 means the issuing intermediate and 0 means the self signed root? Thanks, Walter -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/pkcs7-signature Size: 4312 bytes Desc: S/MIME Cryptographic Signature URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20160518/b194e0cb/attachment.bin>
