Hello,
> Don't know the specifics but you do need all certs
> till the root CA for verification in the web of
> trust model.
Yes, and the file cacert.pem can have many certificates
or in other words - all needed.
Just add to this file all CA certificates from your
verify path.
Best regards,
--
Don't know the specifics but you do need all certs
till the root CA for verification in the web of
trust model.
You navigate up and up with the issuername matching
the subject name until both are same.
HTH
--- "Michael P. Soulier" <[EMAIL PROTECTED]>
wrote:
> Marek Marcola wrote:
> > Maybe
Marek Marcola wrote:
> Maybe good and acceptable solution to this problem will be
> just always checking newly created certificate,
> for example with command:
> $ openssl verify -CAfile cacert.pem new_cert.pem
> This should give you information on generated certificate status
> independentl
Hello,
> > I think that this returns proper return code, for example
> > (some prepared errors):
>
> I'll have to confirm, but this did not appear to be the case if the tool
> failed to sign a csr due to a preexisting CN already issued in a cert. I
> found just a size-zero file created.
Maybe goo
Marek Marcola wrote:
> I think that this returns proper return code, for example
> (some prepared errors):
I'll have to confirm, but this did not appear to be the case if the tool
failed to sign a csr due to a preexisting CN already issued in a cert. I
found just a size-zero file created.
Mike
--
Hello,
> When I try to sign CSRs for my CA to create client certificates the
> openssl command-line tool returns 0, regardless of whether it succeeded
> or failed. Should it not be returning a non-zero value if it failed to
> sign the CSR for some reason?
>
> This is crucial when wrappering the op
Hello,
When I try to sign CSRs for my CA to create client certificates the
openssl command-line tool returns 0, regardless of whether it succeeded
or failed. Should it not be returning a non-zero value if it failed to
sign the CSR for some reason?
This is crucial when wrappering the openssl tool
