[openssl-users] Certificate validating (openssl -verify ...) and interpreting messages

Walter H. Walter.H at mathemainzel.info
Wed May 18 17:26:28 UTC 2016


running this:

openssl verify -CAfile /etc/pki/tls/certs/ca-bundle.trust.crt 
-trusted_first -untrusted /tmp/chain.pem /tmp/cert.pem

/tmp/chain.pem contains a root certificate
/tmp/cert.pem contains a certificate that was signed by this root 

I get the following output

/tmp/cert.pem: CN = ..., O = ..., ST = ..., C = ...
error 19 at 1 depth lookup:self signed certificate in certificate chain

of couse the number 19 means 'self signed certificate in certificate chain'
as shown here: https://www.openssl.org/docs/manmaster/apps/verify.html

but what does the number 1 (at ... depth) say?

does this reference a certificate of the whole chain, if so, which one 
the root or the other one?

Thanks for help;

Greetings from Austria,

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4312 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20160518/16ab358e/attachment.bin>

More information about the openssl-users mailing list