Hi,

My question in example:
Certificate verification chain: mycert -> CA_2 -> CA_1 -> self-signed root CA.

 $ cat CA_2.crt CA_1.crt CA_root.crt > cafile
 $ openssl verify -CAfile cafile mycert.crt
  mycert.crt: OK

this verification was successful :). but how to say to OpenSSL that CA_1 is trusted and
verification can stop here with success or how to label CA_1 cert to be trusted?. My 
every experiment finished with failure, something like:

 $ openssl x509 -in CA_1.crt -trustout -out CA_1.crt.trusted
 $ cat CA_2.crt CA_1.crt.trusted > cafile
 $ openssl verify -CAfile cafile mycert.crt

doesn't work. OpenSSL is looking for root CA certfificate everytime. How verify this 
chain (mycert -> CA_2 -> CA_1) with success without using root CA certificate? Is it 
possible in OpenSSL?
Thank you.

Martin
____________________________________________________________
Soutezte nyni s nejvetsim pracovním portalem v CR! 
http://ad2.seznam.cz/redir.cgi?instance=60271%26url=http://www.prace.cz
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [EMAIL PROTECTED]
Automated List Manager                           [EMAIL PROTECTED]

Reply via email to