Ajeet kumar.S wrote:
>
> Dear All,
>
> I want to verify the peer certificate (server
> certificate). For that we need CA Certificate, Let me know we required
> ROOT CA certificate in PEM format or in any other format, open ssl
> will support.
>
> Actually I called *SSL_CTX_load_verify_locations()* after that I
> called *SSL_CTX_set_verify()*.
>
> But I saw response: certificate expire. But I saw in certificate it
> is mention end validation date in 2014.Actually I converted *.der*
> format certificate to *.pem* format using openssl utility. I tried
> *.der* certificate directly but also not get success. Please let me
> know what is reason behind it? How we can remove this error?
>
You can use the "openssl verify" command line tool to verify the state
of the
certificate chain (expiry, purpose, completeness of the chain). The internal
verification mechanisms called during SSL session setup use the same
routines.
Best regards,
Lutz
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager [EMAIL PROTECTED]
