Hi, My question in example: Certificate verification chain: mycert -> CA_2 -> CA_1 -> self-signed root CA.
$ cat CA_2.crt CA_1.crt CA_root.crt > cafile $ openssl verify -CAfile cafile mycert.crt mycert.crt: OK this verification was successful :). but how to say to OpenSSL that CA_1 is trusted and verification can stop here with success or how to label CA_1 cert to be trusted?. My every experiment finished with failure, something like: $ openssl x509 -in CA_1.crt -trustout -out CA_1.crt.trusted $ cat CA_2.crt CA_1.crt.trusted > cafile $ openssl verify -CAfile cafile mycert.crt doesn't work. OpenSSL is looking for root CA certfificate everytime. How verify this chain (mycert -> CA_2 -> CA_1) with success without using root CA certificate? Is it possible in OpenSSL? Thank you. Martin ____________________________________________________________ Soutezte nyni s nejvetsim pracovním portalem v CR! http://ad2.seznam.cz/redir.cgi?instance=60271%26url=http://www.prace.cz ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]