Thank you. It worked fine after concatenating cert1.pem and cert2.pem
into single file.
Regards,
Vinay
sandeep kiran p wrote:
The -untrusted argument to verify command takes a single file
containing multiple certificates concatenated together. Try adding
cert1.pem and cert2.pem into a single file and check again.
Thanks,
Sandeep
On Tue, Dec 14, 2010 at 12:00 PM, Vinay Kumar L
<vinaykuma...@globaledgesoft.com
<mailto:vinaykuma...@globaledgesoft.com>> wrote:
Hi all,
I have generated certificate chain using Openssl(OpenSSL 0.9.8e).
The certificate hierarchy is as follows:
ca.pem ---->cert1.pem---->cert2.pem----->last.pem
Openssl doesn't give any error when verifying these certificate
chain(Certificate chain verification is successful) during TLS
connection establishment(Connection establishment is successful)
but when verified using Openssl command /openssl verify /gives
following error:
*# openssl verify -CAfile ca.pem -untrusted cert1.pem cert2.pem
last.pem*
cert2.pem: OK
last.pem: /C=IN/O=Xyz/OU=CableLabs Key Distribution
Center/CN=kdc.xyz.com <http://kdc.xyz.com>
error 20 at 0 depth lookup:unable to get local issuer certificate
The Subject and Issuer names in certificates are correct. Please
let me know the cause of error and changes required in the
certificate hierarchy.
Regards,
Vinay
