openssl verify with concatenated CA

Bala Duvvuri b_duvvuri at yahoo.com
Wed Dec 21 17:26:18 UTC 2022


I have a concatenated file containing root CA and intermediate CA (say concat.pem, having the 2 CA certificates) copied to a directory say "ca"

I have a entity certificate (cert1) signed by above intermediate CA (say inter.pem)

The observation is 

This command works : openssl verify -CAfile ca/concat.pem cert1

This command does not work: openssl verify -CApath ca cert1  ((ca directory has concat.pem in hash.0 format))
But if we copy the intermediate CA as well to the ca/ directory, the above command works

If verification with -CAfile with a concatenated CA file works, when the same file is present in the "ca" directory and is specified as option to -CApath directory, why verification fails?

Thanks
Bala


More information about the openssl-users mailing list