On Thu, Jul 15, 2010, Hugo Garza wrote: > Hello All, I'm trying to get a basic root CA setup with an intermediate CA > to handle all the end user certificate signing. > > So far I've created a Root CA > I created an intermediate CA and signed it's certificate with the Root CA > I created an end user certificate and signed it with the intermediate CA. > > Now I want to be able to just import the Root CA and have all end user > certificates be verified. > > I tried running: > openssl verify -CAfile ../root/ca-cert.crt user.crt > > and it returns with > error 20 at 0 depth lookup:unable to get local issuer certificate >
In a real world situation the user certificate and all intermediates would be presented and only the root CA trusted. With the verify command you'd do: openssl verify -CAfile root.pem -untrusted intermediate.pem user.pem where "intermediate.pem" has any intermediate CA certificates concatenated together, just the one in your case. Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
