Misunderstanding openssl verify

Viktor Dukhovni openssl-users at dukhovni.org
Mon Aug 16 14:04:38 UTC 2021

> On 16 Aug 2021, at 9:41 am, Ken Goldman <kgoldman at us.ibm.com> wrote:
> Adding -check_ss_sig correctly causes a signature failure.

Well, there you are.  See the documentation of "check_ss_sig":

       Verify the signature on the self-signed root CA. This is
       disabled by default because it doesn't add any security.

> It seems as though the 'verify' command checks the issuer,
> but not the signature of the certificate - the last parameter.

As documented.


More information about the openssl-users mailing list