[openssl-users] cert chain file ordering question
J Decker
d3ck0r at gmail.com
Tue Jan 9 23:04:04 UTC 2018
The certs are built into a stack... they are pushed... so element 0 is the
last thing in the list.
The chain starts with 0, and then can search the rest.
On Tue, Jan 9, 2018 at 2:55 PM, Norm Green <norm.green at gemtalksystems.com>
wrote:
> On 1/9/2018 6:03 AM, Benjamin Kaduk wrote:
>
>> Did you try something like (with a 1.1.0 installation):
>>
>> openssl verify -CAfile RootCA.pem -untrusted chain.pem chain.pem
>>
>> with the leaf certificate as the first one in chain.pem?
>>
>
> Same result. The only way it seems to work is if the leaf cert appears at
> the end of the file.
>
> Norm
>
>
> --
> openssl-users mailing list
> To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20180109/a4ddc8f1/attachment.html>
More information about the openssl-users
mailing list