[openssl-users] Fwd to openssl-users Re: [openssl-dev] Why the issuer cannot be found?

Erwann Abalea erwann.abalea at opentrust.com
Fri Apr 3 08:56:54 UTC 2015

(Forwarded to openssl-users)

The subjectName of file4.pem matches the issuerName of file3.pem, the 
signature block in file3.pem, when verified with the public key of 
file4.pem, gives a correct signature for the tbsCertificate of file3.pem.
But Openssl also (incorrectly, IMO) checks that file4.pem.SKI matches 
file3.pem.AKI, and refuses to go further (here, AKI doesn't match SKI).


Le 03/04/2015 03:10, Yuting Chen a écrit :
> I used OpenSSL to verify a certificate file (file3.pem) against 
> another certificate file (file4.pem). OpenSSL reports that it cannot 
> find the issuer of the cert in file3.pem; while when I displays 
> file3.pem and file4.pem, it appears that the issuer of the cert in 
> file3.pem is the same as the subject of the cert in file4.pem. Did I 
> miss anything?

More information about the openssl-users mailing list