Hi Michael & opensslers,
> So: either there's more than one certificate in cacert-2016-11-02.pem, or OpenSSL on the PC is searching its default CA certificate directory in addition to cacert-2016-11-02.pem. Since we don't know what's > actually in cacert-2016-11-02.pem, we can't provide much further help.
It seems there are many certificates in the cacert-2016-11-02.pem. A lot.
---------------------cacert-2016-11-02.pem------------
GlobalSign Root CA
==================
-----BEGIN CERTIFICATE-----
...
-----END CERTIFICATE-----
GlobalSign Root CA - R2
=======================
-----BEGIN CERTIFICATE-----
..
-----END CERTIFICATE-----
Verisign Class 3 Public Primary Certification Authority - G3
============================================================
-----BEGIN CERTIFICATE-----
....
-----END CERTIFICATE-----
Entrust.net Premium 2048 Secure Server CA
=========================================
-----BEGIN CERTIFICATE-----
...
-----END CERTIFICATE-----
Baltimore CyberTrust Root
=========================
-----BEGIN CERTIFICATE-----
...
-----END CERTIFICATE-----
......so on...........
--------------------------------------------------------------
> Note that if there are multiple certificates in cacert-2016-11-02.pem, you'll have to split them up into separate files and create the correct hash link for each one, if you want to use a certificate directory.
Should I need to do this? >"<
Because other people(in the internet) used this pem file, have no problem. They didn't separate it. And there are so many certificates.
And is this step right ?
1. /tmp # ./openssl x509 -hash -fingerprint -noout -in /home/georgeyang/workspace/speech_code/openssl/openssl/final/certs/cacert-2016-11-02.pem
5ad8a5d6
SHA1 Fingerprint=B1:BC:96:8B:D4:F4:9D:62:2A:A8:9A:81:F2:15:01:52:A4:1D:82:9C
2. /etc/ssl/certs # ln -s /home/georgeyang/workspace/speech_code/openssl/openssl/final/certs/cacert-2016-11-02.pem 5ad8a5d6.0
I will split them like this later.
> Did you actually capture that, or did you retype it? Because it's not valid openssl x509 output. Note that it doesn't match what you reported from the PC:
In the paltform, the openssl version is 1.1.0c.
And in my PC, the openssl version is 1.0.1f.
Today, I have rebuild the openssl1.0.1f for my paltform again.
Although it was still NG.
And the log is the same as the PC now:
/tmp # ./openssl x509 -subject -noout -in /home/georgeyang/workspace/speech_code
/openssl/final/openssl/certs/cacert-2016-11-02.pem
subject= /C=BE/O=GlobalSign nv-sa/OU=Root CA/CN=GlobalSign Root CA/tmp #
Thank you very much
-- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users