Re: Verify a certificate

Mon, 25 Jul 2011 11:13:56 -0700

Thanks my question was already answered my original certificate was not rfc compliant and so openssl fails to verify it, 

thanks anyway
Nicola

Il 25/07/2011 17:22, lists ha scritto:

On 07/19/2011 08:20 AM, Mailing List SVR wrote:

Hi,
I need to verify the attached certificate (cert.bin) and read the asn1 info stored in it. I'm using the following commands:
openssl smime -verify -in cert.pem -inform pem -CAfile "signer.pem" > cert.data 

and then:

openssl asn1parse -inform DER -in cert.data
now if the signer give me "signer.pem" all is fine. Some signer put their public certificate inside the binary certificate (see cert.bin attached), in this cases I'm unable to verify the certificate. 

I get this error:

Verification failure
10280:error:2107C080:PKCS7 routines:PKCS7_get0_signers:signer certificate not found:pk7_smime.c:378: 
Attached are:

1) cert.bin, the original binary certificate
2) cert.pem, obtained with the command: openssl pkcs7 -in cert.bin -out cert.pem -inform DER 3) as signer certificate (signer.pem) I'm using the certificate found at the end of cert.cer. cert.cer is obtained with the command: openssl pkcs7 -in cert.bin -inform DER -print_certs -text > cert.cer 

any hints would be appreciated,
If I understand what you mean, the behaviour is what you'd expect, as cert.bin is not "immediately" a X509 structure. Actually it is, but as content inside a SMIME and must be extracted first, just as you do with your command in point (2) -below. 
Now, what kind of advice do you need?
If you must write a script that perfroms the operation when needed, just try one way (signer.pem is X509) and, if it fails, the other (first extracting the X509 from cert.bin and then converting it to PEM) just as you show in your commands... 


thanks
Nicola





______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    openssl-users@openssl.org
Automated List Manager                           majord...@openssl.org



______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    openssl-users@openssl.org
Automated List Manager                           majord...@openssl.org

Reply via email to