Chris,
this is the issue... the public key and private key of trust.pem are
not the same as the keys for trust_new.pem. They have the same fields
in the DN, but do not share the same keys (if they do then this is bad
practice by the issuers), so it is a different key that signed the
a-sign.pem and so your trust chain is broken.
Apart from the bad practice - when looking at the public keys of
trust.pem and trust_new.pem in text form, they ARE the same. Differences
are only in serial number, validity dates and signature, but the public
keys are equal.
TIA
Manfred
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
