intermediate CA
Hello, My question is: I created a certificate chain: usr.cert-CA_1.cert-CA.cert. where CA.cert is self-signed certificate and is imported as trusted certificate. Signing CA_1's request with CA's private key and certificate generates CA_1.cert. Signing usr's request with CA_1's private key and CA_1.cert generates usr.cert. However, when I tried to verify the certificate chain using a third party software, I got the following error: CA_1.cert is not a valid CA. But with certificate chain containing only two certificates: usr.cert-CA.cert, the verification is ok. SO my question is that how can i create a valid intermediate CA? Thanks, Wu __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: verify the digital signature
Thanks, Nils. But which openssl command can I use to generate a public key file or extract public key from certificate file? On Thu, 13 Nov 2003, Nils Larsch wrote: Jia L Wu wrote: Hi, I used the following command to creat a signature. openssl dgst -sign private_keyFile -out outFile inputFile However why the signature can not be verified using corresponding self-signed certificate. openssl dgst -signature signatureFile -verify certFile inputFile What's wrong? Thanks. What's the error message ? Btw: the '-verify' option expects a public key (and not a certificate). Nils __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
verify the digital signature
Hi, I used the following command to creat a signature. openssl dgst -sign private_keyFile -out outFile inputFile However why the signature can not be verified using corresponding self-signed certificate. openssl dgst -signature signatureFile -verify certFile inputFile What's wrong? Thanks. __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
pkcs7 file in crypto/pkcs7/p7 and crypto/pkcs7/t
Hi, Can anyone tell me what file formate are the files in crypto/pkcs7/p7/ and crypto/pkcs7/t/ driectories? For the files in p7 directory, I can not load them using openssl pkcs7 command either in der or pem form. For the most files in t directory, openssl pkcs7 -text -noout returns nothing. Thanks! Wu __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]