[openssl-users] Certificate validating (openssl -verify ...) and interpreting messages

Viktor Dukhovni openssl-users at dukhovni.org
Wed May 18 19:10:16 UTC 2016


> On May 18, 2016, at 1:26 PM, Walter H. <Walter.H at mathemainzel.info> wrote:
> 
> openssl verify -CAfile /etc/pki/tls/certs/ca-bundle.trust.crt -trusted_first -untrusted /tmp/chain.pem /tmp/cert.pem
> 
> /tmp/chain.pem contains a root certificate
> /tmp/cert.pem contains a certificate that was signed by this root certificate;
> 
> I get the following output
> 
> /tmp/cert.pem: CN = ..., O = ..., ST = ..., C = ...
> error 19 at 1 depth lookup:self signed certificate in certificate chain
> 
> of couse the number 19 means 'self signed certificate in certificate chain'
> as shown here: https://www.openssl.org/docs/manmaster/apps/verify.html
> 
> but what does the number 1 (at ... depth) say?

It means that while constructing a chain, the immediate issue of the
leaf certificate was an untrusted self-signed certificate.  The leaf
certificate has depth 1, its issuer has depth 0.

-- 
	Viktor.



More information about the openssl-users mailing list