Notes on Reference Citations - Version 2.70, by Dr. Herong Yang
'Validating a Certificate Path with OpenSSL' tutorial was cited in an it1352.com blog in 2016.
The Validating a Certificate Path with OpenSSL tutorial was cited in an it1352.com blog in 2016.
Subject: SSL证书链包如何工作？(How does an SSL certificate chain bundle work?) Date: Nov 15, 2016 Author: IT屋 Source: http://www.it1352.com/505844.html I've created a chain hierarchy like this. root-ca ==> signing-ca ==> subordinate-ca ==> server It is mentioned to create chain bundle, the lowest should go first. $ cat server.crt subordinate-ca.crt signing-ca.crt > server.pem But verification fails. $ openssl verify -CAfile root-ca.crt server.pem error 20 at 0 depth lookup:unable to get local issuer certificate However, if I change the order it seems to work. $ cat signing-ca.crt subordinate-ca.crt server.crt > server.pem $ openssl verify -CAfile root-ca.crt server.pem server.pem: OK So what would be the error here? ... More info: According to "http://www.herongyang.com/crypto/openssl_verify_2.html", I perform the following test which works. $ cat signing-ca.crt subordinate-ca.crt > inter.crt $ openssl verify -CAfile root-ca.crt -untrusted inter.crt server.crt server.crt: OK Does that mean all the links are good? ...
Table of Contents