Thank You Marek My program work fine with my own cert/private key, but give the following error if I load with real supposed certificate at client program.
~Error with certificate at depth: 0 issuer = /DC=dev/DC=jwrn/CN=JWRN Development subject = /DC=dev/DC=jwrn/CN=Users/CN=mon error 26:unsupported certificate purpose client2.c:67 Error Connecting SSL object 3083613872:error:14090086:SSL routine: SSL_SERVER_CERTIFICATE:certificate verify failed:s3_clnt.c:884; Do you know what it means?? Client's cert format wrong ??? Please help TD -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Marek Marcola Sent: Tuesday, July 03, 2007 17:31 To: openssl-users@openssl.org Subject: Re: Looking for command in openssl to verify CA Hello, > I have a couple CA certificates and couple Cert/Private keys. What > command in openssl allow me to see what Cert/Private keys belong to > what CA ?? To find certificate and private key pair: $ openssl x509 -in vpn-server-crt.pem -modulus -noout Modulus=DDACB7ED10A3AE69E7FB0320471C0C3F9C6A3BC... $ openssl rsa -in vpn-server-key.pem -modulus -noout Modulus=DDACB7ED10A3AE69E7FB0320471C0C3F9C6A3BC... To find CA and certificate pair: $ openssl x509 -in vpn-server-crt.pem -issuer -noout issuer= __issuer_information__ $ openssl x509 -in cacert.pem -subject -noout subject= __issuer_information__ To verify certificate: $ openssl verify -CAfile cacert.pem vpn-server-crt.pem vpn-server-crt.pem: OK Best regards, -- Marek Marcola <[EMAIL PROTECTED]> ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager [EMAIL PROTECTED] ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
