On Wed, Jan 16, 2008, rfx wrote: > I make new path using hash name/ ".0" extension for certificat/".r0" > extension for CRL > > The function: 'verify -CApath @CRLCA\ -issuer_checks -crl_check > "SignCertPEM.cer" > > The result is : > SignCertPEM.cer: > /C=FR/O=GIP-CPS/OU=M\xE9decin/CN=0081013443/SN=ROUSSIA/GN=FRANCK > error 29 at 0 depth lookup:subject issuer mismatch > /C=FR/O=GIP-CPS/OU=M\xE9decin/CN=0081013443/SN=ROUSSIA/GN=FRANCK > error 29 at 0 depth lookup:subject issuer mismatch > /C=FR/O=GIP-CPS/OU=M\xE9decin/CN=0081013443/SN=ROUSSIA/GN=FRANCK > error 29 at 0 depth lookup:subject issuer mismatch > /C=FR/O=GIP-CPS/OU=GIP-CPS PROFESSIONNEL/CN=GIP-CPS CLASSE-1 > error 29 at 0 depth lookup:subject issuer mismatch > /C=FR/O=GIP-CPS/OU=M\xE9decin/CN=0081013443/SN=ROUSSIA/GN=FRANCK > error 35 at 0 depth lookup:key usage does not include CRL signing > > Two questions : > > 1) Why the "subject issuer mismatch" error ? also when the result is OK > > 2) For this example what mean the error "key usage does not include CRL > signing" ? >
Read the manual page entry for the diagnostic option -issuer_checks Steve. -- Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage OpenSSL project core developer and freelance consultant. Homepage: http://www.drh-consultancy.demon.co.uk ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
