Don't know the specifics but you do need all certs till the root CA for verification in the web of trust model.
You navigate up and up with the issuername matching the subject name until both are same. HTH --- "Michael P. Soulier" <[EMAIL PROTECTED]> wrote: > Marek Marcola wrote: > > Maybe good and acceptable solution to this problem > will be > > just always checking newly created certificate, > > for example with command: > > $ openssl verify -CAfile cacert.pem new_cert.pem > > This should give you information on generated > certificate status > > independently from "openssl" return code, no space > on disk error, > > permission problems or other openssl/system > errors. > > > > Best regards, > > Hmm. > > [EMAIL PROTECTED] ca]# openssl verify -CAfile > cacert.pem certs/06.pem > certs/06.pem: /CN=ServiceLink Account ID: > 45415305/[EMAIL PROTECTED]/O=XYZ > Corporation > error 2 at 1 depth lookup:unable to get issuer > certificate > > Mike > -- > Michael P. Soulier <[EMAIL PROTECTED]>, > 613-592-2122 x2522 > "Any intelligent fool can make things bigger and > more complex... It > takes a touch of genius - and a lot of courage to > move in the opposite > direction." --Albert Einstein > ______________________________________________________________________ > OpenSSL Project > http://www.openssl.org > User Support Mailing List > openssl-users@openssl.org > Automated List Manager > [EMAIL PROTECTED] > __________________________________________________ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]