[openssl-users] How to prove a Certificate is Signed or not

morthalan morthalaanilreddy at gmail.com
Thu May 3 12:26:44 UTC 2018 

Sorry for the insufficient explanation on what I did.

I have implemented one c++ code(csrReq.cpp) to generate certificate signing
request(certReq.pem) along with private key(csrPkey.pem). Another c++ code
(signcode.cpp)is to read the user data from certReq.pem and generate the
Signed Certificate(SignedCertificate.pem).

Here the public key will be included in certReq.pem. So signcode.cpp will
take the public from from certReq.pem then generate  SignedCertificate.pem
using it. 

After the generation of SignedCertificate.pem. I would like to write
function to verify the SignedCertificate.pem, whether it is signed or not.

Is there any possibility to check the signature of SignedCertificate.pem.



d3x0r wrote
> a root cert is the self signed cert.
> 
> 
> On Thu, May 3, 2018 at 2:50 AM, morthalan <

> morthalaanilreddy@

> >
> wrote:
> 
>> But In my case, I do not have any root certificate. I have only one
>> signed
>> certificate (SignedCertificate.pem) and one certificate signing request
>> (certReq.pem) . So when I use it as below
>>
>> openssl verify -CAfile SignedCertificate.pem SignedCertificate.pem
>>
>> I am getting error  "error 20 at 0 depth lookup:unable to get local
>> issuer
>> certificate".
>> I believe it is for verifying certificate chain trust. Correct me if I am
>> wrong. Is there anyway to manipulate it?
>>
>>
>> Richard Levitte - VMS Whacker-2 wrote
>> > openssl verify -CAfile your_ca_cert.pem SignedCertificate.pem
>> >
>> > Hope that helped
>> >
>> > Cheers,
>> > Richard
>> >
>> > openssl-users mailing list
>> > To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
>>
>>
>>
>>
>>
>> --
>> Sent from: http://openssl.6102.n7.nabble.com/OpenSSL-User-f3.html
>> --
>> openssl-users mailing list
>> To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
>>
> 
> -- 
> openssl-users mailing list
> To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users





--
Sent from: http://openssl.6102.n7.nabble.com/OpenSSL-User-f3.html

More information about the openssl-users mailing list