The certs are built into a stack... they are pushed... so element 0 is the last thing in the list. The chain starts with 0, and then can search the rest.
On Tue, Jan 9, 2018 at 2:55 PM, Norm Green <[email protected]> wrote: > On 1/9/2018 6:03 AM, Benjamin Kaduk wrote: > >> Did you try something like (with a 1.1.0 installation): >> >> openssl verify -CAfile RootCA.pem -untrusted chain.pem chain.pem >> >> with the leaf certificate as the first one in chain.pem? >> > > Same result. The only way it seems to work is if the leaf cert appears at > the end of the file. > > Norm > > > -- > openssl-users mailing list > To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users >
-- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
