[openssl-users] verify certificate chain (in memory)
ls00722 at yahoo.com
Sun Mar 6 01:19:52 UTC 2016
I just tried combine root and intermediate into single file.
I got "unable to get local issuer certificate" error.
I guess my code is wrong since I am not able to find a complete example on how to verify a in-memory certificate.
All examples are based on the fact that certificate is a file (thus use LOOK_UP API, etc).
----- Original Message -----
From: Ángel González <angel at tls.16bits.net>
To: openssl-users at openssl.org
Sent: Saturday, March 5, 2016 8:44 AM
Subject: Re: [openssl-users] verify certificate chain (in memory)
Lei Sun wrote:
> In my project I need to verify certificate chain sent from server.
> The chain has root->inter mediate -> server, 3 level chain. The
> server certificate files can be verified by "openssl verify" command:
> openssl verify -CAfile root.crt server.crt
> But I had to combine the root cert and intermediate cert into single
> file, to verify the whole chain via command line.
Have you tried combining the intermediate and the server cert into a
single file? That should work, and is more akin to the actual behavior
(the server sends its certificate plus any intermediates, and the
client should only need the root).
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
More information about the openssl-users