Re: Problem with verifying root certificate GlobalSign
On Tue, Feb 21, 2006, Martijn Moret wrote:
> Hi all,
> A partner that we need to communicate with has a certificate signed by
> globalsign. I downloaded the certificates from:
> http://support.globalsign.net/en/serversign/server_faq_body.cfm >
> When converting these to PEM and running them trough the openssl verify
> command, i get the following error:
> # openssl verify Root.pem
> Root.pem: /C=BE/O=GlobalSign nv-sa/OU=Root CA/CN=GlobalSign Root CA
> error 18 at 0 depth lookup:self signed certificate
> This is the same for the two intermediates.
> I tried this with the Verisign root CA and Intermediates, they are
> verified OK:
> # openssl verify verisign.pem
> verisign.pem: OK
> Any hints??
That's because it isn't trusted. If you do:
openssl verify -CAfile root.pem foo.pem
where "foo.pem" is the root or intermediate CA it should work.