Dear all, I am a bit confused after reading the man pages for -showcerts and -verify. The latter makes it sound as if it is the only way to do full verification of a cert chain if I want to see all errors, as -showcerts would stop on the first error. However, I've fiddled around a bit and tested -showcerts on some servers, and it seems I can get two or more errors displayed, like 18 Self-Signed or 10 Expired, without using -verify.
So, to sum this up, if I want to see everything that's wrong with a certificate or a certificate chain, is it sufficient to use showcerts, or do I have to do an extra verify? I want to see the certificate chain in any case, so showcerts is what I am doing right now. Seeing all errors would be more interesting, however. Thanks, Ralph
