Use the '-issuer_checks' parameter to show exactly what it's looking for and where it's looking for it.
At 'depth 1' (i.e., one step above the end-entity certificate), it's looking for the issuer (which means it's looking for the USERTRUST root certificate). -Kyle H On Thu, Sep 2, 2010 at 9:39 AM, John Doe <jd...@yahoo.com> wrote:
Hi, I have some issues with chained certificates. I am trying to verify my certificate with the intermediate certificate of my registrar... my.crt: Issuer: C=FR, O=GANDI SAS, CN=Gandi Standard SSL CA Subject: OU=Domain Control Validated, OU=Gandi Standard SSL, CN=my.site.com gandi.crt: Issuer: C=US, ST=UT, L=Salt Lake City, O=The USERTRUST Network, OU=http://www.usertrust.com, CN=UTN-USERFirst-Hardware Subject: C=FR, O=GANDI SAS, CN=Gandi Standard SSL CA # openssl verify -CAfile gandi.crt my.crt my.crt: /C=FR/O=GANDI SAS/CN=Gandi Standard SSL CA error 2 at 1 depth lookup:unable to get issuer certificate Is it the right command to test...? Is the error about gandi or usertrust? Thx, JD ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-us...@openssl.org Automated List Manager majord...@openssl.org
smime.p7s
Description: S/MIME Cryptographic Signature
