Verification Q

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|

Verification Q

David Reid-3
Quick reality check please? :-) (We all need 'em!)

3 certificates,

1. Self signed 'CA' cert
2. Certificate created using cert #1
3. Certificate created using cert #2

Certs 1 & 2 have had their hashed symlink created into a directory
'certdir'.

Which of these *should* work?

openssl verify -CApath certdir cert#1
openssl verify -CApath certdir cert#2
openssl verify -CApath certdir cert#3

Thanks.

david
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]
Reply | Threaded
Open this post in threaded view
|

Re: Verification Q

Dr. Stephen Henson
On Sat, Aug 13, 2005, David Reid wrote:

> Quick reality check please? :-) (We all need 'em!)
>
> 3 certificates,
>
> 1. Self signed 'CA' cert
> 2. Certificate created using cert #1
> 3. Certificate created using cert #2
>
> Certs 1 & 2 have had their hashed symlink created into a directory
> 'certdir'.
>
> Which of these *should* work?
>
> openssl verify -CApath certdir cert#1
> openssl verify -CApath certdir cert#2
> openssl verify -CApath certdir cert#3
>

The verification process needs to be able to build a path to the root CA and
the root CA has to be trusted.

So all of those should work.

Steve.
--
Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage
OpenSSL project core developer and freelance consultant.
Funding needed! Details on homepage.
Homepage: http://www.drh-consultancy.demon.co.uk
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]