On 15-07-2010 21:26, Hugo Garza wrote:
Hello All, I'm trying to get a basic root CA setup with an intermediate CA
to handle all the end user certificate signing.
So far I've created a Root CA
I created an intermediate CA and signed it's certificate with the Root CA
I created an end user certificate and signed it with the intermediate CA.
Now I want to be able to just import the Root CA and have all end user
certificates be verified.
I tried running:
openssl verify -CAfile ../root/ca-cert.crt user.crt
and it returns with
error 20 at 0 depth lookup:unable to get local issuer certificate
Thanks for any help.
All of the certificates in the chain from user.crt to ca-cert.crt
(inclusive) need to be provided as input. It is your choice if
the intermediary cert is included in ca-cert.crt or in user.crt.
In a real application/protocol (such as SSL), the intermediary cert
would typically be included in the appropriate protocol or message
field. SSL/TLS puts the list of certificates in the "Certificate"
handshake message, S/MIME (CMS/PKCS#7) puts the list of certificates
in the "certificates" member of the SignedData ASN.1 structure.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager majord...@openssl.org