On Wed, Sep 10, 2003, Martin Kouril wrote: > Hi, > > My question in example: Certificate verification chain: mycert -> CA_2 -> > CA_1 -> self-signed root CA. > > $ cat CA_2.crt CA_1.crt CA_root.crt > cafile $ openssl verify -CAfile > cafile mycert.crt mycert.crt: OK > > this verification was successful :). but how to say to OpenSSL that CA_1 is > trusted and verification can stop here with success or how to label CA_1 > cert to be trusted?. >
That isn't currently supported, you have to include the root CA. Steve. -- Dr Stephen N. Henson. Core developer of the OpenSSL project: http://www.openssl.org/ Freelance consultant see: http://www.drh-consultancy.demon.co.uk/ Email: [EMAIL PROTECTED], PGP key: via homepage. ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
