Problem with verifying root certificate GlobalSign

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|

Problem with verifying root certificate GlobalSign

Martijn Moret
Hi all,

A partner that we need to communicate with has a certificate signed by
globalsign. I downloaded the certificates from:
http://support.globalsign.net/en/serversign/server_faq_body.cfm

When converting these to PEM and running them trough the openssl verify
command, i get the following error:

# openssl verify Root.pem
Root.pem: /C=BE/O=GlobalSign nv-sa/OU=Root CA/CN=GlobalSign Root CA
error 18 at 0 depth lookup:self signed certificate
OK

This is the same for the two intermediates.

I tried this with the Verisign root CA and Intermediates, they are
verified OK:
# openssl verify verisign.pem
verisign.pem: OK

Any hints??

Regards
Martijn

______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]
Reply | Threaded
Open this post in threaded view
|

Re: Problem with verifying root certificate GlobalSign

Dr. Stephen Henson
On Tue, Feb 21, 2006, Martijn Moret wrote:

> Hi all,
>
> A partner that we need to communicate with has a certificate signed by
> globalsign. I downloaded the certificates from:
> http://support.globalsign.net/en/serversign/server_faq_body.cfm
>
> When converting these to PEM and running them trough the openssl verify
> command, i get the following error:
>
> # openssl verify Root.pem
> Root.pem: /C=BE/O=GlobalSign nv-sa/OU=Root CA/CN=GlobalSign Root CA
> error 18 at 0 depth lookup:self signed certificate
> OK
>
> This is the same for the two intermediates.
>
> I tried this with the Verisign root CA and Intermediates, they are
> verified OK:
> # openssl verify verisign.pem
> verisign.pem: OK
>
> Any hints??
>

That's because it isn't trusted. If you do:

openssl verify -CAfile root.pem foo.pem

where "foo.pem" is the root or intermediate CA it should work.

Steve.
--
Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage
OpenSSL project core developer and freelance consultant.
Funding needed! Details on homepage.
Homepage: http://www.drh-consultancy.demon.co.uk
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]