[openssl-users] openssl verify with crl_check_all and partial chain flags

Magar, Minoda Collins minoda.magar at collins.com
Wed Feb 6 23:31:53 UTC 2019

Hi all,

While trying to verify a client certificate using openssl verify with -crl_check_all and –partial_chain options set , I get the following error:
error 8 at 1 depth lookup: CRL signature failure
error client1.pem: verification failed

Here is the command used:
openssl verify -crl_check -crl_check_all  -CAfile ca_chain_crl.pem -partial_chain -show_chain client1.pem

ca_chain_crl.pem file has one intermediate and one root certificate and two CRLs(issued by the intermediate and root CAs).

Openssl verify without –partial_chain or –crl_check_all works.

Are we not supposed to use openssl verify with these two options set at the same time?


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20190206/5c904021/attachment-0001.html>

More information about the openssl-users mailing list