Hello, when I verify an intermediate certificate of a CA I get the message that the certificate has expired. But that seems not to be right.
I use OpenSSL 1.0.0d on Fedora Linux. Here is what I have done (comment lines begin with '#'): >>> mkdir /tmp/Test cd /tmp/Test # get the root certificate of the CA wget http://www.trustcenter.de/media/class_3_ii.pem # get the intermediate certificate of the CA wget http://www.trustcenter.de/media/pr_TC_Class_3_L1_CA_V.pem chmod 644 *.pem # create links to hashes ln -s class_3_ii.pem `openssl x509 -hash -noout -in class_3_ii.pem`.0 ln -s pr_TC_Class_3_L1_CA_V.pem `openssl x509 -hash -noout -in pr_TC_Class_3_L1_CA_V.pem`.0 # check expire date of the root certificate openssl x509 -in class_3_ii.pem -noout -enddate # check expire date of the intermediate certificate openssl x509 -in pr_TC_Class_3_L1_CA_V.pem -noout -enddate # verify the certificate openssl verify -CApath /tmp/Test pr_TC_Class_3_L1_CA_V.pem <<< For the last three commands I get the following messages: >>> notAfter=Dec 31 22:59:59 2025 GMT notAfter=Dec 31 22:59:59 2025 GMT pr_TC_Class_3_L1_CA_V.pem: C = DE, ST = Hamburg, L = Hamburg, O = TC TrustCenter for Security in Data Networks GmbH, OU = TC TrustCenter Class 3 CA, emailAddress = certific...@trustcenter.de error 10 at 1 depth lookup:certificate has expired OK <<< What is wrong? How can I avoid the error message? Thanks, Dietmar ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org