> From: owner-openssl-us...@openssl.org On Behalf Of Yessica De
Ascencao
> Sent: Wednesday, 16 March, 2011 16:23
> How I can verify a document that was signed with a certificate of
level three.
> That is, I have a Root CA, then a certification authority and
finally
> the certificate whichsigned the document.
> How I can do to check the list of trusted certificates.
Actually you're verifying a timestamped signature, not just a signature;
the principles are similar but the details are different.
> This is because I have a Root CA that issued a CERTIFIED for TSA,
and
> the TSAissued a certificate for a TSS which is implemented with openTSA.
When applied
> . / openssl ts-verify-data-file-in response9.tsr
ACstamping-SHA256.pem cafile
That's bogus and can't possibly have done what you say. You must mean
./openssl ts -verify -data file -in rspfile -CAfile cafile
(assuming openssl, or a link to it, is in your data directory;
that's usually not best practice, although the program doesn't mind).
Spacing, presence or absence of hyphens, and capitalization are all
critical.
> throws ... ts_rsp_verify.c:246: unable to get issuer certificate
Concatenate (at least) those three (PEM) certs into one file
and give that to -CAfile, or put them as separate (PEM) files
in a directory *with hashlinks* and give that to -CApath.
I think it also works to use a combination, but that's confusing.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager majord...@openssl.org
