Hi, I'm having a comprehension question on certificate verification.
Having a trustchain like this: rootCA -> subCA -> subCA2 I can verify the subCA2 certificate using the command: openssl verify -CAfile rootCA.pem -untrusted subCA.pem subCA2.pem But, should't it also be possible to only verify the trust chain up to the subCA (i.e., if I fully trust this CA)? I would have expected that this will verify sucessfully: openssl verify -CAfile subCA.pem subCA2.pem Instead, I'm getting "error 2 at 1 depth lookup:unable to get issuer certificate" What do I miss? Thanks, Sven. -- PGP Key: https://0x80.io/pub/files/key.asc PGP Key Fingerprint: 2DF2 79CD 48DD 4D38 F0B6 7557 2E68 D557 49AA 1D99 Note: I'll be transitioning away from this key in the near future.
signature.asc
Description: OpenPGP digital signature
