I make new path using hash name/ ".0" extension for certificat/".r0"
extension for CRL

The function: 'verify -CApath @CRLCA\ -issuer_checks -crl_check
"SignCertPEM.cer"

The result is :
SignCertPEM.cer:
/C=FR/O=GIP-CPS/OU=M\xE9decin/CN=0081013443/SN=ROUSSIA/GN=FRANCK
error 29 at 0 depth lookup:subject issuer mismatch
/C=FR/O=GIP-CPS/OU=M\xE9decin/CN=0081013443/SN=ROUSSIA/GN=FRANCK
error 29 at 0 depth lookup:subject issuer mismatch
/C=FR/O=GIP-CPS/OU=M\xE9decin/CN=0081013443/SN=ROUSSIA/GN=FRANCK
error 29 at 0 depth lookup:subject issuer mismatch
/C=FR/O=GIP-CPS/OU=GIP-CPS PROFESSIONNEL/CN=GIP-CPS CLASSE-1
error 29 at 0 depth lookup:subject issuer mismatch
/C=FR/O=GIP-CPS/OU=M\xE9decin/CN=0081013443/SN=ROUSSIA/GN=FRANCK
error 35 at 0 depth lookup:key usage does not include CRL signing

Two questions :

1) Why the "subject issuer mismatch" error ? also when the result is OK

2) For this example what mean the error "key usage does not include CRL
signing" ?

Thanks

Dr Franck ROUSSIA

__________________________________________________ ____________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager majordomo@openssl.org