Dr Stephen Henson wrote:
>
> Thomas Reinke wrote:
> >
> > Ok...a touch more information - the problem I think I have
> > is that the cert I want to validate has a authorityKeyIdentifier,
> > but none of the certs in the cert stores I am using have a
> > SubjectKeyIndentifier that matches. I have a rather
> > exhaustive list of CAs certs scrubbed from the browser
> > I am currently using (Netscape 4.51), as well as having
> > checked all the certs in the latest openssl bundle.
> >
> > My expectation was to see the cert in the Netscape bundle.
> > 3) openssl>verify -CAfile master.list x
> > ends up failing with:
> >
> > OpenSSL> verify -CAfile master.list x
> > x: /C=XX/O=XXXXXXXXX/CN=XXXX's cert name
> > error 2 at 1 depth lookup:unable to get issuer certificate
Argh...the subordinate cert has to be in the file before the root
cert. Of course all I did was add it at the end...
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
