hi hugo, put the rootca and intermediate ca certs in two files (one for subca1 and other for subca2)..(in the order rootca>>subca in the file)suppose it is root_subca.pem.Do this on for both subca's i.e root_subca1.pem and root_subca2.pem.and use the export command on user 1#export SSL_CERT_FILE="path to the root_subca2 cert chain"..i.e on user 1 that has a certificate signed by subca1..and similarly do this on user2 .. i hope this thing will surely wrk out for u.
Depinder On Fri, Jul 16, 2010 at 12:56 AM, Hugo Garza <hir...@gmail.com> wrote: > Hello All, I'm trying to get a basic root CA setup with an intermediate CA > to handle all the end user certificate signing. > > So far I've created a Root CA > I created an intermediate CA and signed it's certificate with the Root CA > I created an end user certificate and signed it with the intermediate CA. > > Now I want to be able to just import the Root CA and have all end user > certificates be verified. > > I tried running: > openssl verify -CAfile ../root/ca-cert.crt user.crt > > and it returns with > error 20 at 0 depth lookup:unable to get local issuer certificate > > Thanks for any help. >
