Re: cert chain file ordering question

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

It still doesn't verify correctly.

To simplify, I tried it with 1 intermediate CA. Here's the chain:

rootCa.pem - self-signed root cert. CN = rootCA
firstIntermedCa.pem - intermediate CA cert signed by rootCa.pem. CN = EmeaCA
secondIntermedCa.pem - intermediate CA cert signed by firstIntermedCa.pem.  CN = KapitalCA
openssl verify -verbose -show_chain -CAfile rootCa.pem -untrusted firstIntermedCa.pem secondIntermedCa.pem 
1.3.6.1.4.1.47749.1.1 = userCA, CN = KapitalCA
error 20 at 0 depth lookup: unable to get local issuer certificate
error secondIntermedCa.pem: verification failed







On 1/9/2018 3:57 PM, Viktor Dukhovni wrote:



On Jan 9, 2018, at 6:43 PM, Norm Green <norm.green@xxxxxxxxxxxxxxxxxx> wrote:

What is the correct order of intermediate CA certs in the untrusted chain file?

The untrusted CA list is a heap, the order is irrelevant.



--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux