Hi John, Your CAfile must contain the chain that issued your cert (i.e. the intermediate(s) and the root). The error is indicating that it is unable to locate the issuer of the intermediate.
Erik Tkal -----Original Message----- From: owner-openssl-us...@openssl.org [mailto:owner-openssl-us...@openssl.org] On Behalf Of John Doe Sent: Thursday, September 02, 2010 12:39 PM To: openssl-users@openssl.org Subject: Problem verifying a chain... Hi, I have some issues with chained certificates. I am trying to verify my certificate with the intermediate certificate of my registrar... my.crt: Issuer: C=FR, O=GANDI SAS, CN=Gandi Standard SSL CA Subject: OU=Domain Control Validated, OU=Gandi Standard SSL, CN=my.site.com gandi.crt: Issuer: C=US, ST=UT, L=Salt Lake City, O=The USERTRUST Network, OU=http://www.usertrust.com, CN=UTN-USERFirst-Hardware Subject: C=FR, O=GANDI SAS, CN=Gandi Standard SSL CA # openssl verify -CAfile gandi.crt my.crt my.crt: /C=FR/O=GANDI SAS/CN=Gandi Standard SSL CA error 2 at 1 depth lookup:unable to get issuer certificate Is it the right command to test...? Is the error about gandi or usertrust? Thx, JD ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
