openssl verify -untrusted intermediate-ca.pem your-cert.pem
Put the list of intermediate CA (in PEM format, concatenated ) in intermediate-ca.pem, and use the "-untrusted" option. That name tricked me initially, and that's the one to use.
The above command is to use the system CA list to verify the cert. If you have your own CA, just use the option "-CAfile your-ca.pem".
No comments:
Post a Comment