> > > openssl verify -CAfile chain.crt my.cert.crt > > IF you have installed some 'common' or 'standard' CAs in your > system's default truststore -- or if you're using a packaged > build that does so for you -- turn that off to make sure it > doesn't silently 'fill in' certs for you, something like: > > openssl verify -CAfile chain.crt -CApath /dev/null my.cert.crt > Thanks, that make sense. However the output is basically the same as the original error when I was using the "-chain" command.
error 20 at 0 depth lookup:unable to get local issuer certificate I spent a long time on the phone with Network Solutions today and they claim up and down the river that it is not their problem. However when I generate a p12 file with the chain files they supplied and last years certificate, it works fine. When I create a p12 with the same chain files and options but use this years certificate -- doesn't work. OR using the verify comparison, last years crt w/ this years chain file: ../p12/www.example.com.crt: OK versus the above error ouput The only way they will give any feedback is at $60/half hour. Nice support team. > > > ______________________________________________________________________ > OpenSSL Project http://www.openssl.org > User Support Mailing List openssl-users@openssl.org > Automated List Manager majord...@openssl.org > -- "Beware of all enterprises that require new clothes." -- Henry David Thoreau