verify without issuer-certificate?

classic Classic list List threaded Threaded
3 messages Options
Reply | Threaded
Open this post in threaded view
|

verify without issuer-certificate?

ch-7
hi!

Can I verify a message or just a certificate WITHOUT having all the
issuer certificats (up to the RootCA) in my store??
Is there a option in the commandline tools? I was not able to find one
in the man-pages.

thanks,
chris
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]
Reply | Threaded
Open this post in threaded view
|

Re: verify without issuer-certificate?

Bernhard Fröhlich-2
Am 19.04.2011 09:19, schrieb ch:
> hi!
>
> Can I verify a message or just a certificate WITHOUT having all the
> issuer certificats (up to the RootCA) in my store??
> Is there a option in the commandline tools? I was not able to find one
> in the man-pages.
>

You can verify a message without checking the certificate's validity by
using the -noverify option of openssl smime
(http://www.openssl.org/docs/apps/smime.html#-noverify).

You can not check a certificate's validity without the certificate chain
leading to a CA certificate trusted by you (not necessarily, but usually
a root certificate). And it would not make any sense either.

Hope it helps
Ted
;)

--
PGP Public Key Information
Download complete Key from http://www.convey.de/ted/tedkey_convey.asc
Key fingerprint = 31B0 E029 BCF9 6605 DAC1  B2E1 0CC8 70F4 7AFB 8D26

______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]
Reply | Threaded
Open this post in threaded view
|

RE: verify without issuer-certificate?

faraz-4
In reply to this post by ch-7


______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]