openssl verify with concatenated CA
b_duvvuri at yahoo.com
Wed Dec 21 17:26:18 UTC 2022
I have a concatenated file containing root CA and intermediate CA (say concat.pem, having the 2 CA certificates) copied to a directory say "ca"
I have a entity certificate (cert1) signed by above intermediate CA (say inter.pem)
The observation is
This command works : openssl verify -CAfile ca/concat.pem cert1
This command does not work: openssl verify -CApath ca cert1 ((ca directory has concat.pem in hash.0 format))
But if we copy the intermediate CA as well to the ca/ directory, the above command works
If verification with -CAfile with a concatenated CA file works, when the same file is present in the "ca" directory and is specified as option to -CApath directory, why verification fails?
More information about the openssl-users