AnsweredAssumed Answered

OPENSSL to verify CSF & IMG certificates

Question asked by satyadamarla on Jul 12, 2017
Latest reply on Jul 12, 2017 by satyadamarla

Hello,

 

There are three certificates: SRK, CSF & IMG.

 

SRK is kind of intermediary certificate, whereas CSF and IMG are subordinate or user certificate. The SRK certificate is signed by CA whereas the CSF/IMG are signed by SRK.

 

I tried to verify the SRK and it works well:


openssl verify -CAfile CA1_sha256_3072_65537_v3_ca_crt.pem SRK1_sha256_3072_65537_v3_ca_crt.pem
SRK1_sha256_3072_65537_v3_ca_crt.pem: OK

 

Whereas when I try to verify the IMG and CSF with SRK or CA, it doesn't work:

 

openssl verify -CAfile SRK1_sha256_3072_65537_v3_ca_crt.pem CSF1_1_sha256_3072_65537_v3_usr_crt.pem
CSF1_1_sha256_3072_65537_v3_usr_crt.pem: CN = SRK1_sha256_3072_65537_v3_ca
error 2 at 1 depth lookup:unable to get issuer certificate

openssl verify -CAfile SRK1_sha256_3072_65537_v3_ca_crt.pem IMG1_1_sha256_3072_65537_v3_usr_crt.pem
IMG1_1_sha256_3072_65537_v3_usr_crt.pem: CN = SRK1_sha256_3072_65537_v3_ca
error 2 at 1 depth lookup:unable to get issuer certificate

 

Can anyone suggest me how to verify CSF & IMG certificates properly?

 

Greets,

Satya

Outcomes