[openssl-dev] Cannot verify self-signed certificates?
Blumenthal, Uri - 0553 - MITLL
uri at ll.mit.edu
Tue Dec 15 22:56:59 UTC 2015
On 12/15/15, 17:51 , "openssl-dev on behalf of Viktor Dukhovni"
<openssl-dev-bounces at openssl.org on behalf of openssl-users at dukhovni.org>
wrote:
>>On Dec 15, 2015, at 5:30 PM, Blumenthal, Uri - 0553 - MITLL
>><uri at ll.mit.edu> wrote:
>>
>>$ openssl verify --help
>> usage: verify [-verbose] [-CApath path] [-CAfile file] [-purpose
>>purpose]
>> [-crl_check] [-no_alt_chains] [-attime timestamp] [-engine e] cert1
>>cert2
>> ...
>
>That's fine, but have you tried it? The option is documented in
>1.1.0, and not 1.0.2, and yet it is available in both.
Yeah… And it does not complain… Unfortunately, right now most of my cert
chains are of length 1, so I can’t give it a good try. :-(
And without a decent description of what it is supposed to do, I’m a bit
lost...
$ openssl verify -verbose -CAfile ~/Certs/RabbitMQ_CA.pem -partial_chain
-purpose sslclient RabbitMQ_Dev.pem
RabbitMQ_Dev.pem: OK
$ openssl verify -verbose -CAfile ~/Certs/RabbitMQ_CA.pem -purpose
sslclient RabbitMQ_Dev.pem
RabbitMQ_Dev.pem: OK
$
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4308 bytes
Desc: not available
URL: <http://mta.openssl.org/pipermail/openssl-dev/attachments/20151215/8b97f13d/attachment.bin>
More information about the openssl-dev
mailing list