I got two Ideas. I can verify the certificate by comparing the issuer name char *s = X509_NAME_oneline(X509_get_subject_name(cert), NULL, 0); char *i = X509_NAME_oneline(X509_get_issuer_name(cert), NULL, 0); int rc = strcmp(s, i); verifying with public key EVP_PKEY *caPubkey = X509_get_pubkey(signCert); X509_REQ_verify(certreq, caPubkey); thanks for the suggestions. -- Sent from: http://openssl.6102.n7.nabble.com/OpenSSL-User-f3.html -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users