[openssl-users] openssl verify with crl_check_all and partial chain flags
Magar, Minoda Collins
minoda.magar at collins.com
Wed Feb 6 23:31:53 UTC 2019
Hi all,
While trying to verify a client certificate using openssl verify with -crl_check_all and –partial_chain options set , I get the following error:
error 8 at 1 depth lookup: CRL signature failure
error client1.pem: verification failed
Here is the command used:
openssl verify -crl_check -crl_check_all -CAfile ca_chain_crl.pem -partial_chain -show_chain client1.pem
ca_chain_crl.pem file has one intermediate and one root certificate and two CRLs(issued by the intermediate and root CAs).
Openssl verify without –partial_chain or –crl_check_all works.
Are we not supposed to use openssl verify with these two options set at the same time?
Thanks
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20190206/5c904021/attachment-0001.html>
More information about the openssl-users
mailing list