科技改变生活-雨落星辰 - 所有的伟大,都源于一个勇敢的开始

    最新消息:雨落星辰是一个专注网站SEO优化、网站SEO诊断、搜索引擎研究、网络营销推广、网站策划运营及站长类的自媒体原创博客
    你的位置: 首页>programmer>Openssl 3.4.1 verify Certificates Fail - Stack Overflow

    Openssl 3.4.1 verify Certificates Fail - Stack Overflow

    programmeradmin2浏览0评论

    I tried using openssl verify to verify the end-entity certificate. The certificate chain is root -> CA -> cert, and I used the command: openssl verify -CAfile ca_root.der -untrusted ca_kdh.der cert.der. However, I encountered the following error:

    C=US, O=TR34 Samples, CN=TR34 Sample KDH 1
error 20 at 0 depth lookup: unable to get local issuer certificate
error cert.der: verification failed
841E0000:error:1100009E:X509 V3 routines:ossl_x509v3_cache_extensions:invalid certificate:crypto\x509\v3_purp.c:637:

    For the same certificate chain, I used certutil to verify it, and the verification was successful, although it indicated that the certificate had expired.

    Below is my certificate file:

    root

    -----BEGIN CERTIFICATE-----
MIIDPDCCAiSgAwIBAgIFNAAAAAEwDQYJKoZIhvcNAQELBQAwPzELMAkGA1UEBhMC
VVMxFTATBgNVBAoTDFRSMzQgU2FtcGxlczEZMBcGA1UEAxMQVFIzNCBTYW1wbGUg
Um9vdDAeFw0xMDExMDIwMDAwMDBaFw0zMDEwMjcyMzU5NTlaMD8xCzAJBgNVBAYT
AlVTMRUwEwYDVQQKEwxUUjM0IFNhbXBsZXMxGTAXBgNVBAMTEFRSMzQgU2FtcGxl
IFJvb3QwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDeZ10uwGLGQWI4
AG+CbKUnGCWD8q3S/owdgeatXsHoWzm+r5cIlNsrTyJ3OXlUHBIj1RqCth/1QYwe
XzZ5J8m6qsMvPhYgVdB3bsOSQiXD30LCI4/5qqo+ikcocVKs48ypFH1fgiC+c0hL
CN7XQ/ekPubrmGGZ0RFFC2oV8FB6tOBy3bjbFpbIAB/XmWd+g185anJp6twtesIK
vaod2I3UhW/xGhdqfDlAvH1gmszJ88Ud0AF8P+3Zx70L/er6CwkWH5xx6SrnOvF1
rbFTy+/OLDoPzeo5TEQjCjf4LtxEjrmwZp/ILpQ15pmprjGRrU7qXc0dLNw75sdR
B45sE4afAgMBAAGjPzA9MA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFIKDHIan
OuC29C5MzvfJw6JPSsnsMAsGA1UdDwQEAwIBBjANBgkqhkiG9w0BAQsFAAOCAQEA
zP2PtLg0ePSOxWB47oKHmrHUaBAaaC1RKYzcEyyTXwOdR1NuH0sB7Z5Si2nFJgsv
eFu2hixQLnhuXGP4gTOP/Mu5Kf5O4wi1D2xzGt6JVQIKW//eBgjeUd+GzRiHMPvM
TAb1DVf1DQRQ37kiJY6FlpxBBolmFzwmZkPp50vu3bgjSs1nAnG//PUXq03wqojh
Rqp1Q9MtGGpOnCv/mFyw3hR16Eqg9YVgTWg3wq+H74JZiWrTBq33kT9NMYf1jIMo
A1exxP5BvJaTBE2wcEPVAAdzjmeoFqUjWZGoBff8hT2KqDo01SC46Aa6z1bQZWhO
kCETYhPBMp8I9cRBZQS2/g==
-----END CERTIFICATE-----

    ca_kdh

    -----BEGIN CERTIFICATE-----
MIIDPjCCAiagAwIBAgIFNAAAAAUwDQYJKoZIhvcNAQELBQAwPzELMAkGA1UEBhMC
VVMxFTATBgNVBAoTDFRSMzQgU2FtcGxlczEZMBcGA1UEAxMQVFIzNCBTYW1wbGUg
Um9vdDAeFw0xMDExMDIwMDAwMDBaFw0yNTEwMjgyMzU5NTlaMEExCzAJBgNVBAYT
AlVTMRUwEwYDVQQKEwxUUjM0IFNhbXBsZXMxGzAZBgNVBAMTElRSMzQgU2FtcGxl
IENBIEtESDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAK76HXOWw9uk
meVdeqUHFKxedcEnHZAA6u7SoAerZGZwUV9DISyKILwyy2exzV1xL2Z3b3dtWLxf
gXMMU5Y2IitEKMiq/PzQDLzoSXBwZsGUbQ6vsjMTtqatvyPpIvWV0e5XpsS+AU1q
ZOXZxFQpySBBDh8Swl5VAAZdSXpHeM8DVg3oEYbO1+W3R0odRwPqr5RAajxzFE34
yXH4ec8zro6YSN5QUbRgKaYslJe86GrxUkYLOUOuJM/5zoj1pQSF2hSz0x3Txp3y
QQXSUmJT6jiJ/hxv2DOoE69D/sQMQPiC2t5O6/5YAUSN3L2d5Pu2nVaggQ4IK3Mq
NeoqFnByhv8CAwEAAaM/MD0wDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQUuCpY
Cg159koHx1irw5NlY183yhgwCwYDVR0PBAQDAgEGMA0GCSqGSIb3DQEBCwUAA4IB
AQCb+yPhlvcoHPANAfIV6DVxd7CoPzLihuz4VjE24OQZ8LvIa5l++fmeD3mwonKO
CVAu1zBO1qzguAP1nybImPeoFPpMGUq0A+HpmY0cFhUW5HcYrFp4UnUyPqOtmKVA
7kr2W5qMPoMcuDO778vNQXNDyeskBOi+LMfdVy1OFIW7OS+L9xp5L2k4koMCyjse
65sUl87YMe+EOqVYWCImFmgjilnAn2uF3cn9BheEXstxyPJ7RNxLFPNqv7lFQkgm
SfKTqvfEYirqrAinZBVp9uU6ZOEE+C84pKCXZDrcuQf8EVJK9HLX0NCQcxfD32OU
7N32YnGn+yrjDPjVgXyDVt+D
-----END CERTIFICATE-----

    cert

    -----BEGIN CERTIFICATE-----
MIIDUTCCAjmgAwIBAgIFNAAAAAYwDQYJKoZIhvcNAQELBQAwQTELMAkGA1UEBhMC
VVMxFTATBgNVBAoTDFRSMzQgU2FtcGxlczEbMBkGA1UEAxMSVFIzNCBTYW1wbGUg
Q0EgS0RIMB4XDTEwMTEwMjAwMDAwMFoXDTIwMTAyOTIzNTk1OVowQDELMAkGA1UE
BhMCVVMxFTATBgNVBAoTDFRSMzQgU2FtcGxlczEaMBgGA1UEAxMRVFIzNCBTYW1w
bGUgS0RIIDEwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDD648pBL7L
b5Hvyjjbt13ZGTHKj+IRZj9Ib8q6B6DC7YfLUobFCNotHw7e3cCn21xgXby5q3PR
YbsaDxsO5VV4D697yrpeBt/viJ5R9o/mXcIa8AA6hvFwbkYeFQK+pFh3uuICZY+8
ouvtVpIBhjV/cU5b7slwoeqICKn0Ji8vZEOCedh8ZMF+ObpxMPR7SqRBNkP4aphi
o1rZNz2OLSjFksilIXMbqVyORDJ6uw7OUL+ubOjq9JNOlIxqO4vr4mimknvIfhrn
ktUxUzmbS4KILJp55DHRDc5YQHBTuSv21tZyKbtyquAQgn5xJtdXBAbKqp9NtPKM
S9ZKnvyYoOrNAgMBAAGjUTBPMAkGA1UdEwQCMAAwCwYDVR0PBAQDAgbAMAkGA1Ud
EwQCMAAwHQYDVR0OBBYEFA8RoQrHXhlpbL0WonoyGxhajYcHMAsGA1UdDwQEAwIG
wDANBgkqhkiG9w0BAQsFAAOCAQEAjadCTzoj3bOETDwaxSm3rRO/pbKj86kUVQL7
rFQIgqZTkIGY/ljVwlJpNReYCVeJKAnpNEDw1+IWO/QoLDLy1XyZhGj4luLGqO4v
HrdsA8g9j4Wj60+G7I+P/RJuP2orslSLV7JTiKwvrMI8jPUv0I3Q7ADbDH7MCCHG
gd+ubgVCWWt0vYXIbzfXpB6Q0bMjjHlQAklqq4oAGrvEr/mcVNbNAXR2Ind+IPQB
SBAjlWsUN87K5SkeSTO+EU/OG4I+TFFVy7gxQr0VQ4KbCK4fTIcYcZgtiorW6If0
C1gvjNMu6DCl1aTjAzp6QV/rkYG+1Lk91eN8BF5jKBPOQMScrA==
-----END CERTIFICATE-----

    I tried using openssl verify to verify the end-entity certificate. The certificate chain is root -> CA -> cert, and I used the command: openssl verify -CAfile ca_root.der -untrusted ca_kdh.der cert.der. However, I encountered the following error:

    C=US, O=TR34 Samples, CN=TR34 Sample KDH 1
error 20 at 0 depth lookup: unable to get local issuer certificate
error cert.der: verification failed
841E0000:error:1100009E:X509 V3 routines:ossl_x509v3_cache_extensions:invalid certificate:crypto\x509\v3_purp.c:637:

    For the same certificate chain, I used certutil to verify it, and the verification was successful, although it indicated that the certificate had expired.

    与本文相关的文章

    发布评论

    评论列表(0)

    1. 暂无评论