Mark wrote:
Hi Goetz,But since you are using an own program, this doesn't matter.Could you do an c_rehash <ca_directory> openssl verify -CApath <ca_directory> cert_to_checkerror 20 at 0 depth lookup:unable to get local issuer certificateIf this doesn't work, but a cat <ca_directory>/*.pem >ca.pem openssl verify -CAfile ca.pem cert_to_check works, there is something really strange with your system ...Same error: error 20 at 0 depth lookup:unable to get local issuer certificate
This indicates that your CA certificate is not in any of the *.pem files in your CA directory. if an openssl verify -CAfile <your_ca_file> cert_to_check succeeds, then the CA cert is int the file but not in the CA dir (at least not with the suffix .pem). Is it possible you stored the ca cert with an other suffix (like .crt) ? Bye Goetz -- DMCA: The greed of the few outweighs the freedom of the many
smime.p7s
Description: S/MIME Cryptographic Signature
