On Fri, Jul 16, 2010, Luis Neves wrote: > > > Ok, using your tip I confirmed that CA certificate is the CC0003.pem > Ive include it at the end of ca-bundle.crt, pem encoded like the others on > this file and used it as > > openssl ocsp -issuer /etc/pki/tls/certs/CC0003.pem -cert > /home/oracle/lneves.pem -url > http://ocsp.auc.cartaodecidadao.pt/publico/ocsp -CAfile > /etc/pki/tls/certs/ca-bundle.crt -resp_text > > and still the same error. >
Your certificate chain needs to be complete. That is it has to include the root CA (one with issuer and subject the same) and all intermediate certificates of the responder certificate. Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
