This post has NOT been accepted by the mailing list yet.
This post was updated on .
Hi at all! I'm no OpenSSL expert, but I fully understand how certificates and cryptography works.
Anyway, I have bought a digital certificate from a trusted CA. They gave me my certificate, its private key, and other CA certificates which are part of the chain. They were packed into a PFX file, so I exported them into single PEM files (the ones with base64 encoded data).
I use OpenSSL like this:
openssl cms -nosmimecap -md sha256 -binary -nodetach -outform DER -sign -signer mycert.pem -inkey mykey.pem -in filetosign.txt -out signedfile.cms I strictly need a non-detached signature.
If I verify my signed file with the loads of tool available online, they say my signature is not trusted.
So, I think it's something to do with CA certificates which my CA gave me.
I tried with the -certfile command, specifing CA certificates, but nothing.
Since I'm no OpenSSL expert, and I haven't found the answer to my problem, can you help me, please?
Thanks in advance!