Certificate validating (openssl -verify ...) and interpreting messages

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On 18.05.2016 21:10, Viktor Dukhovni wrote:
>> On May 18, 2016, at 1:26 PM, Walter H.<Walter.H at mathemainzel.info>  wrote:
>>
>> openssl verify -CAfile /etc/pki/tls/certs/ca-bundle.trust.crt -trusted_first -untrusted /tmp/chain.pem /tmp/cert.pem
>>
>> /tmp/chain.pem contains a root certificate
>> /tmp/cert.pem contains a certificate that was signed by this root certificate;
>>
>> I get the following output
>>
>> /tmp/cert.pem: CN = ..., O = ..., ST = ..., C = ...
>> error 19 at 1 depth lookup:self signed certificate in certificate chain
>>
>> of couse the number 19 means 'self signed certificate in certificate chain'
>> as shown here: https://www.openssl.org/docs/manmaster/apps/verify.html
>>
>> but what does the number 1 (at ... depth) say?
> It means that while constructing a chain, the immediate issue of the
> leaf certificate was an untrusted self-signed certificate.  The leaf
> certificate has depth 1, its issuer has depth 0.
>
Ah, ok; in case there had been a chain with 3 certificates
2 means the leaf certificate, 1 means the issuing intermediate and 0 
means the self signed root?

Thanks,
Walter


-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4312 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20160518/b194e0cb/attachment.bin>


[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux