Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
ls -1
# false-root.pem
# intermediate.pem
# leaf.pem
# root.pem
openssl x509 -noout -issuer -in leaf.pem
# issuer= /C=FR/ST=Paris/L=Paris/O=Gandi/CN=Gandi Standard SSL CA 2
openssl x509 -noout -subject -issuer -in intermediate.pem
# subject= /C=FR/ST=Paris/L=Paris/O=Gandi/CN=Gandi Standard SSL CA 2
# issuer= /C=US/ST=New Jersey/L=Jersey City/O=The USERTRUST Network/CN=USERTrust RSA Certification Authority
openssl x509 -noout -subject -in root.pem
# subject= /C=US/ST=New Jersey/L=Jersey City/O=The USERTRUST Network/CN=USERTrust RSA Certification Authority
openssl x509 -noout -subject -issuer -in false-root.pem
# subject= /C=US/O=Let's Encrypt/CN=Let's Encrypt Authority X3
openssl verify -CAfile <(cat intermediate.pem root.pem) leaf.pem
# leaf.pem: OK
openssl verify -CAfile <(cat intermediate.pem false-root.pem) leaf.pem
# leaf.pem: C = FR, ST = Paris, L = Paris, O = Gandi, CN = Gandi Standard SSL CA 2
# error 2 at 1 depth lookup:unable to get issuer certificate
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment