Hello Ajeet, I think .PEM format is OK.
As i also used the same format for my application and used the same API's as u mentioned and everything is fine.. Also u need to check your system date.. is that ok?? On Wed, Sep 24, 2008 at 9:08 PM, Lutz Jaenicke <[EMAIL PROTECTED]> wrote: > Ajeet kumar.S wrote: >> >> Dear All, >> >> I want to verify the peer certificate (server >> certificate). For that we need CA Certificate, Let me know we required >> ROOT CA certificate in PEM format or in any other format, open ssl >> will support. >> >> Actually I called *SSL_CTX_load_verify_locations()* after that I >> called *SSL_CTX_set_verify()*. >> >> But I saw response: certificate expire. But I saw in certificate it >> is mention end validation date in 2014.Actually I converted *.der* >> format certificate to *.pem* format using openssl utility. I tried >> *.der* certificate directly but also not get success. Please let me >> know what is reason behind it? How we can remove this error? >> > You can use the "openssl verify" command line tool to verify the state > of the > certificate chain (expiry, purpose, completeness of the chain). The internal > verification mechanisms called during SSL session setup use the same > routines. > > Best regards, > Lutz > ______________________________________________________________________ > OpenSSL Project http://www.openssl.org > User Support Mailing List openssl-users@openssl.org > Automated List Manager [EMAIL PROTECTED] > -- regards, Vineeta Kumari Software engg Mobera Systems Chandigarh ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
