Mark wrote:
cat <ca_directory>/*.pem >ca.pem openssl verify -CAfile ca.pem cert_to_check works, there is something really strange with your system ...Same error:error 20 at 0 depth lookup:unable to get local issuer certificateThis indicates that your CA certificate is not in any of the *.pem files in your CA directory. if an openssl verify -CAfile <your_ca_file> cert_to_check succeeds, then the CA cert is int the file but not in the CA dir (at least not with the suffix .pem). Is it possible you stored the ca cert with an other suffix (like .crt) ?Yes. It is stored with the filename "root.cert".
At least my c_rehash expects CA certs to have the suffix .pem. And since the -CApath param needs hashes generated by c_rehash to find the certificates, it will fail...
My config file seems to point to the correct file: certificate = $dir/certs/root.cert
doesn't help with the -CApath extension (and the SSL_CTX_load_verify_locations() function)... Fix the extension to .pem, run c_rehash and verify should succeed... Bye Goetz -- DMCA: The greed of the few outweighs the freedom of the many
smime.p7s
Description: S/MIME Cryptographic Signature
