On Wed, 29 Oct 2008, Sven Garly wrote:

> What I don't seem to be able to do is verify 3 with 2: openssl verify
> -CAfile 2 3
>
> I get:
> 3: /C=GB/ST=Berkshire/L=Newbury/O=My Company Ltd/OU=2
> error 2 at 1 depth lookup:unable to get issuer certificate
>
> What am I doing wrong? Should I be able to verify a chain of certificates
> one at a time (i.e.verify 2 against 1 then later 3 against 2)?


Read the error message? OpenSSL doesn't know where to get 1's certificate
(the issuer of 2's certificate). It can't pull it out of thin air. Try
appending the contents of file 1 to file 2. (adding 1's certificate to 2's
bundle).

Cheers, Chris.
--
_____ __ _
\ __/ / ,__(_)_ | Chris Wilson <0000 at qwirx.com> - Cambs UK |
/ (_/ ,\/ _/ /_ \ | Security/C/C++/Java/Ruby/Perl/SQL Developer |
\ _/_/_/_//_/___/ | Stop nuclear war http://www.nuclearrisk.org |
__________________________________________________ ____________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager majordomo@openssl.org