Re: openssl verify with concatenated CA

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Thank you Tomas for the clarification.

Thanks
Bala
On Thursday, 22 December, 2022, 12:55:56 pm IST, Tomas Mraz <tomas@xxxxxxxxxxx> wrote:


On Wed, 2022-12-21 at 17:26 +0000, Bala Duvvuri via openssl-users
wrote:
> I have a concatenated file containing root CA and intermediate CA
> (say concat.pem, having the 2 CA certificates) copied to a directory
> say "ca"
>
> I have a entity certificate (cert1) signed by above intermediate CA
> (say inter.pem)
>
> The observation is
>
> This command works : openssl verify -CAfile ca/concat.pem cert1
>
> This command does not work: openssl verify -CApath ca cert1  ((ca
> directory has concat.pem in hash.0 format))
> But if we copy the intermediate CA as well to the ca/ directory, the
> above command works

Because the -CApath option expects each of the CA certificates to be
placed in the ca directory in a separate file with the hash.x symlink.
Basically the second certificate in the concat.pem file is ignored if
placed in -CApath directory.

--
Tomáš Mráz, OpenSSL


[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux