The depth should be greater than or equal to the depth of the CA chain. i.e. if
you have:
Certificate
Intermediate CA 1
Intermediate CA 2
Root CA
... you need a depth of 4.
More specifically if the Root CA is not found within your verify depth, then the
verification will fail.
There is a more extensive discussion of this issue recently in the past so just
check out the archive.
G.
"Auteria Wally Winzer Jr." <[EMAIL PROTECTED]> on 12/01/2001 22:19:09
Please respond to [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
cc: (bcc: George Shaw/EMEA/Viewlocity)
Subject: -verify option for s_client
Can someone provide an example of the -verify depth option
for s_client. I'm trying to verify the cert/key and don't know
what arg for the depth to use. This is what I have so far:
openssl s_client -connect localhost:993 -verify <what to use?>
Thanks.
- Wally Winzer Jr.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
