Folks - I have a situation where I need to determine the validity of a certificate in all other aspects even though it has expired. In other words, the signatures are all valid and the contents untampered, but the "notAfter" date is less than current date. If I run the certificate verify process against that certificate, will it tell me if there are higher severity errors (e.g. issuer signature invalid) rather than checking the validity period and finding the problem? I guess another way of asking the question is If I get the error "10 X509_V_ERR_CERT_HAS_EXPIRED: certificate has expired" does that imply that everything else is OK?
Bob Bob Bell, CISSP, CSSLP Senior Security Architect Trusted Systems Architectures Group Cisco Systems, Inc. 972-813-5104(w) 801-971-4200(c) Telepresence rtb...@cisco.com "May God grant us the strength to correct what we can change, The serenity to accept what we cannot, and the wisdom to know the difference"
