I am trying to write a code which receives a pcap
file as an input and returns invalid certificates from it.
I have parsed certificate chains, and I'm trying to verify them.
Because I get the certificates chains out of a pcap
the chain length are not constant (sometimes they includes only 1 certificate that is selfsigned (and valid)).
Let cert0.pem
be the servers certificate and certk.pem
the root CAs certificate.
According to my research online I'm trying to verify the certificate as follows:
Create a file
certs.pem
which contains the certificate chain in the order:
certk.pem
,certk-1.pem
,... ,cert0.pem
use the command (
ca.pem
is a file containing root certificates):openssl verify -CAfile ca.pem certs.pem
But sometimes the verification goes wrong even for valid certificates, as in the following output:
C = US, O = GeoTrust Inc., CN = GeoTrust Global CA <br>
error 20 at 0 depth lookup: unable to get local issuer certificate<br>
error certs.pem: verification failed
please help me, how can I verify the certificate chain ?
Additionally is there a way to add a host name verification in the same line? (I have tried to add "-verify_hostname name
" but again, the output was unexpected).