Hi, Sorry for the mistake (nothing to deal with openssl.cnf file). I was just looking for ca.txt file.
Is it normal behavior of openssl to be able to view a certificate without serial number using (without any error mentioned): openssl x509 -in some_cert_without_sn.pem -text But to be unable to verify it using: openssl verify -CAfile some_cert_without_sn.pem some_cert_without_sn.pem Sample: (attached self-sign cert name pipo-bad.pem) [EMAIL PROTECTED] simple]$ LD_LIBRARY_PATH=/usr/local/ossl-0.9.8/lib /usr/local/ossl-0.9.8/bin/openssl verify -verbose -CAfile pipo-bad.pem pipo-bad.pem pipo-bad.pem: /C=UK/CN=OpenSSL Group error 7 at 0 depth lookup:certificate signature failure 18588:error:04077068:rsa routines:RSA_verify:bad signature:rsa_sign.c:218: 18588:error:0D0C5006:asn1 encoding routines:ASN1_item_verify:EVP lib:a_verify.c:168: I'm using openssl 0.9.8. regards, Fred -----Original Message----- From: Frédéric Donnat Sent: Mon 8/29/2005 11:51 AM To: openssl-users@openssl.org Cc: Subject: /usr/local/ossl-0.9.8/ssl/openssl.cnf Hi all, Could someone telle where i can find the following file: ca.txt I'm reading opthe HOWTO and i see the following comment (cetificates.txt): This is NOT the recommended way to create a" CA certificate, see ca.txt." regards, Fred ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
pipo-bad.pem
Description: pipo-bad.pem
