I'll answer my own question here. :-) The code was written to use the OpenSSL 0.9.0b library (yes, I know - it was very old). Apparently, the Subject and Authority Key Identifiers were not getting set properly during the signing process.
Thanks, Terry > -----Original Message----- > From: Richard Koenning [mailto:[EMAIL PROTECTED] > Sent: Monday, July 07, 2003 11:09 AM > To: [EMAIL PROTECTED] > Subject: Re: Certificate chains and serial numbers > > > Henning, Terry wrote: > > I'm having a problem verifying a certificate with the > "X509_verify()" > > call. > > > > Using the command-line tool to verify the certificate, I get: > > > > "error 20 at 0 depth lookup:unable to get local issuer certificate" > > > > The command-line I'm using is: > > > > "openssl verify -verbose -CApath rootcert.pem admcert.pem" > ^^^^^^^ > Try -CAfile instead. > > > > > where "rootcert.pem" is the CA certificate, and > "admcert.pem" is the > > signed certificate that I am trying to verify. The error being > > reported is saying it can't find a trusted root, correct? Which > > doesn't seem right to me because I am specifying the root in the > > command-line. (??) > > Ciao, > Richard > -- > Dr. Richard W. Könning > Fujitsu Siemens Computers GmbH, EP LP COM 5 > > ______________________________________________________________________ > OpenSSL Project http://www.openssl.org > User Support Mailing List [EMAIL PROTECTED] > Automated List Manager [EMAIL PROTECTED] > ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
