Don't know the specifics but you do need all certs
till   the root CA for verification in the web of
trust model. 

You navigate up and up with the issuername matching
the subject name until both are same. 

HTH

--- "Michael P. Soulier" <[EMAIL PROTECTED]>
wrote:

> Marek Marcola wrote:
> > Maybe good and acceptable solution to this problem
> will be
> > just always checking newly created certificate, 
> > for example with command:
> >     $ openssl verify -CAfile cacert.pem new_cert.pem
> > This should give you information on generated
> certificate status
> > independently from "openssl" return code, no space
> on disk error,
> > permission problems or other openssl/system
> errors. 
> > 
> > Best regards,
> 
> Hmm.
> 
> [EMAIL PROTECTED] ca]# openssl verify -CAfile
> cacert.pem certs/06.pem
> certs/06.pem: /CN=ServiceLink Account ID:
>
45415305/[EMAIL PROTECTED]/O=XYZ
> Corporation
> error 2 at 1 depth lookup:unable to get issuer
> certificate
> 
> Mike
> -- 
> Michael P. Soulier <[EMAIL PROTECTED]>,
> 613-592-2122 x2522
> "Any intelligent fool can make things bigger and
> more complex... It
> takes a touch of genius - and a lot of courage to
> move in the opposite
> direction." --Albert Einstein
>
______________________________________________________________________
> OpenSSL Project                                
> http://www.openssl.org
> User Support Mailing List                   
> openssl-users@openssl.org
> Automated List Manager                          
> [EMAIL PROTECTED]
> 


__________________________________________________
Do You Yahoo!?
Tired of spam?  Yahoo! Mail has the best spam protection around 
http://mail.yahoo.com 
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    openssl-users@openssl.org
Automated List Manager                           [EMAIL PROTECTED]

Reply via email to