verify without issuer-certificate?

[ch]

hi!

Can I verify a message or just a certificate WITHOUT having all the 
issuer certificats (up to the RootCA) in my store??
Is there a option in the commandline tools? I was not able to find one 
in the man-pages.


thanks,
chris
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   majord...@openssl.org

Re: verify without issuer-certificate?

[Bernhard Froehlich]

Am 19.04.2011 09:19, schrieb ch:

hi!

Can I verify a message or just a certificate WITHOUT having all the 
issuer certificats (up to the RootCA) in my store??
Is there a option in the commandline tools? I was not able to find one 
in the man-pages.




You can verify a message without checking the certificate's validity by 
using the -noverify option of openssl smime 
(http://www.openssl.org/docs/apps/smime.html#-noverify).


You can not check a certificate's validity without the certificate chain 
leading to a CA certificate trusted by you (not necessarily, but usually 
a root certificate). And it would not make any sense either.


Hope it helps
Ted
;)

--
PGP Public Key Information
Download complete Key from http://www.convey.de/ted/tedkey_convey.asc
Key fingerprint = 31B0 E029 BCF9 6605 DAC1  B2E1 0CC8 70F4 7AFB 8D26

__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   majord...@openssl.org

RE: verify without issuer-certificate?

[faraz]

__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   majord...@openssl.org