On 2005.05.24 at 11:14:08 +0100, Chris Covell wrote: > But if I try and verify the signature using (as described in the > OpenSSL command line manual): > > openssl smime -verify -inform PEM -in signature.pk7 -signer > signer_pub.key -certfile certs.pem -content content > > I get the message: > > Verification failure > 1319:error:21075075:PKCS7 routines:PKCS7_verify:certificate verify > error:pk7_smime.c:222:Verify error:unable to get local issuer > certificate > > I am sure I am nearly there, can anyone help me please ?
It asks for local (i.e. trusted) certificate of security authority, who've issued (i.e. signed) signer's certificate. Either provide path to the place where your trusted certificates are stored using -CAfile or -CAdir argument, or specify -noverify to prevent it from verifying certificate chain. OpenSSL understands two forms of CA certificate storage 1. CAfile - file where PEM-formatted certificates are just concatenated 2. CAdir - directory where there are individual PEM certificate files whose names are hashes obtained by openssl x509 -hash command. ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]