Hi all, ok, I've stared at the manuals for a while, and tried to test things, but I think I'm at a point where I need some help.
Let me first start with my goal. I run many systems running Apache with mod_ssl, and have built an interface to automatically install certificates on domains as needed. The system works great, right up until someone puts in the wrong certs for chain or root certs when it is required. Then, apache fails to load because the chain isn't correct... So, what I'm trying to do is figure out if the certs that are entered comprise a correct chain. I've been messing around with the verify command that looks something like this : openssl verify -purpose sslserver cert.crt where cert.crt is the cert and its CAcert and the root cert in pem format...this is done on the command line, and it always gives me this error : error 20 at 0 depth lookup:unable to get local issuer certificate and I'm not sure what that really means...do I need to specify valid root certs? am I calling this wrong??? Any help would be appreciated, Tim. ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
