0

I want to use the verify command on the commandline to verify a certificate using a CSCA file. This is my call with successful result:

openssl verify -verbose -CAfile CSCA_Certificate.pem cert.pem
cert.pem: OK

To make this work, I had to convert the files to PEM format. However, I want to use the DER encoded representations. This call fails:

openssl verify -verbose -CAfile CSCA_Certificate.der cert.der

The "-CAform" paramater is not recognized by openssl. I get the standard "usage" message. Does anyone have a hint on this? I'm quite new in openssl. Thank you!

Improve this question

1 Answer 1

Reset to default
0

I have been working with OpenSSL since January and I have noticed the same thing when signing certificate requests. It seems that OpenSSL is buggy if a DER certificate is used for certain operations. For that reason, I primarily use certificates encoded in PEM.

Improve this answer
2
  • Can you edit your answer with a solution to help OP
    – Sam
    Commented May 18, 2017 at 9:37
  • @Sam I really don't have an answer. I don't think there is one; It is just a limitation of OpenSSL.
    – MOT
    Commented May 18, 2017 at 9:41

You must log in to answer this question.

Not the answer you're looking for? Browse other questions tagged .