While trying to verify a client certificate using openssl verify with -crl_check_all and –partial_chain options set , I get the following error:
error 8 at 1 depth lookup: CRL signature failure
error client1.pem: verification failed
Here is the command used:
openssl verify -crl_check -crl_check_all -CAfile ca_chain_crl.pem -partial_chain -show_chain client1.pem
ca_chain_crl.pem file has one intermediate and one root certificate and two CRLs(issued by the intermediate and root CAs).
Openssl verify without –partial_chain or –crl_check_all works.
Are we not supposed to use openssl verify with these two options set at the same time?