I completed the following steps to generate my SSL cert request:
openssl genrsa -out key 2048
openssl req -new -key key -out csr
Then I submitted my csr to my signing authority, and got my cert back.
I put in in a file named "cert"
Now I want to verify that the cert is correct.
openssl verify cert
I get the original O and OU results back, but additionally I get the following error:
error 20 at 0 depth lookup:unable to get local issuer certificate
Am I correctly verifying the cert, and if so, why am I getting this error? If not, what am I doing wrong?
Openssl is trying to check the issuer certificate in order to verify your certificate you need to extend your command as follows:-
openssl verify [-CAfile cafile] file
where file is the cert you previously specified and cafile is the cafile of the root CA.
Mark Sutton
http://www.blacktipconsulting.com
Is the CA cert of the issuer present on your system ? You have to check that the issuer's certificate chain is installed in order to validate in-depth your certificate. On most linuxes, public certificate are stored under /etc/ssl.