Salz, Rich wrote:
>
> The following certs were generated using a popular commercial CA.
>
> The cert-sign cert verifies okay; the cert-sign cert does NOT verify
Err would you like to try that again but without the contradiction this
time? :-)
> the crl-sign cert -- OpenSSL verify command claims the padding is wrong.
>
> Any clues? Any die-hard DER bit-twiddlers have any advice?
>
Seems like it doesn't like that certificates signature. I've tried IE5
on the same certificates and it also says cert-sign is OK but crl-sign
has an invalid signature.
Steve.
--
Dr Stephen N. Henson. http://www.drh-consultancy.demon.co.uk/
Personal Email: [EMAIL PROTECTED]
Senior crypto engineer, Celo Communications: http://www.celocom.com/
Core developer of the OpenSSL project: http://www.openssl.org/
Business Email: [EMAIL PROTECTED] PGP key: via homepage.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
