On Thu, Jul 15, 2010, Luis Neves wrote: > > some progress: > > openssl ocsp -issuer /etc/pki/tls/certs/CC0003.pem -cert > /home/oracle/lneves.pem -url http://ocsp.auc.cartaodecidadao.pt/publico/ocsp > -CAfile /etc/pki/tls/certs/CC0003.pem -resp_text > > using CC0003.pem instead of C0002.pem returns GOOD (will try to check why) > > but still returning the > > 11323:error:27069065:OCSP routines:OCSP_basic_verify:certificate verify > error:ocsp_vfy.c:122:Verify error:unable to get issuer certificate > /home/oracle/lneves.pem: good > This Update: Jul 15 15:29:50 2010 GMT > > error >
For each certificate do this: openssl x509 -in cert.pem -subject -issuer -noout The subject of the one you pass to -issuer should match the issuer of the one you pass to cert. You need a root CA and the rest of the chain passed to -CApath. Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
