On Wed, Dec 05, 2012, Will Nordmeyer wrote: > On Wed, Dec 5, 2012 at 10:47 AM, Dr. Stephen Henson <st...@openssl.org> wrote: > > On Wed, Dec 05, 2012, Will Nordmeyer wrote: > > > >> They are US. gov't certificates & CRLs, so providing them is a little > >> complicated. Before I had the proper root & intermediate CAs loaded > >> and hashed, I would get errors about missing certs in the chain. > >> Similarly, before I loaded the CRL, it would have issues. > >> > >> The CERTs are in PEM formats, as well as the CRLs. > >> > > > > I'd suggest you try a version of OpenSSL from the website to see if you have > > problems with that. > > > > Version "1.0.0-25" or "1.0.0-fips" is not a standard OpenSSL version. > > > I installed 1.0.1c (and verified it is the one being called). > > When I first reran the commands as I listed earlier, I got > error 20 at 0 depth lookup:unable to get local issuer certificate > > I added -CApath /etc/ssl/certs and everything comes back OK again.
Try a sanity check on a certificate, for example: openssl x509 -in TestForty_Expired.pem -noout -dates Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org