On 07/10/2012 02:38 AM, Dave Thompson wrote:
From: owner-openssl-us...@openssl.org On Behalf Of Sandro Tosi
Sent: Monday, 09 July, 2012 10:15
/usr/bin/openssl ts -verify -sha256 -untrusted <CERT> -CAfile
<CA> -data <FILE TO MARK> -in <TSA REPLY>
and the output we get is:
140119872083624:error:2F06D064:time stamp
routines:TS_VERIFY_CERT:certificate verify
error:ts_rsp_verify.c:246:Verify error:self signed certificate in
certificate chain
We're using a Debian system, so we copied the CA into /etc/ssl/certs/
but we still see that problem: how can we fix it? is there a
way to get
a more descripting trace of the problem? Can we run manually all the
steps to verify the reply?
Your problem is not verifying the message itself, but verifying
the certificate that assures it.
removing the CA root from the <CERT> may help.
at least I think that <CERT> must not contain any self signed
cert, this is what the error message seems to suggest
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager majord...@openssl.org
