*I found the issue and fixed it but that leads to a question of security* The error is here. The x509 that I want to check I also provide as the issuer since it was issued by the same issuer.
x <== is the X509 loaded req->url = url; req->cert = x; req->issuer = x; but instead I change this and get a Good code back as a response. Using root issuer. req->url = url; req->cert = x; req->issuer = issuerRoot; <=== The x509 I want to check is 1000.pem and the issuer file I use is cacert.pem. But is having the cacert.pem available for the program secure? The root certificate I created puts the private away and we use cacert.pem. *Create CA signing key* openssl req -new -x509 -days 3650 -extensions v3_ca -keyout ./demoCA/private/cakey.pem -out ./demoCA/cacert.pem -config myconfig.cnf -batch -passout pass:password *Just want to make sure there are no mistakes here.* -- View this message in context: http://openssl.6102.n7.nabble.com/OSCP-request-tp45835p45874.html Sent from the OpenSSL - User mailing list archive at Nabble.com. ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
