[openssl-users] openssl verify reporting errors where there are none

Dr. Stephen Henson steve at openssl.org
Tue May 3 13:27:17 UTC 2016

On Tue, May 03, 2016, Graham Leggett wrote:

> Hi all,
> I am trying to use ???openssl verify??? as a sanity check to determine whether a set of certificates are sane and valid in a script that issues (or reissues) the certificates, and I???m struggling with the output of the ???openssl verify??? command.
> This is output I get while verifying three certificates in a chain:
> minfrin at localhost:~$ openssl verify -issuer_checks -trusted root-ca.crt -untrusted intermediate.crt cert.crt 
> Is there a way to suppress these spurious messages so I only see actual errors?

Don't use -issuer_checks: it prints debugging information about certificates
rejected during the verify process and it is quite normal for you to get that
kind of output.

Since this option is often the cause of confusion it has been removed from
OpenSSL 1.1.0.

Dr Stephen N. Henson. OpenSSL project core developer.
Commercial tech support now available see: http://www.openssl.org

More information about the openssl-users mailing list