I have a certificate C.pfx that was given to me to work with OpenSSL. The certificate C.pfx has the following Certification path: C->B->A
I converted C.pfx to PEM using the following command: openssl pkcs12 -in C.pfx -out C.pem -nodes -- WORKS OK
I opened the certificate C.pem in the file editor and see that it has both RSA PRIVATE KEY and CERTIFICATE parts.
I also see both A and B certificates installed under Trusted Roor Certification Athorities store in Windows XP.
The goal is to sign, encrypt, decrypt and verify a test file using OpenSSL for Windows version 1.0.1c (it's currently the latest version)
I use the following commands:
--TO SIGN--
openssl smime -sign -signer C.pem -in test.txt -out test.tmp -- WORKS OK
--TO ENCRYPT--
openssl smime -encrypt -in test.tmp -out test.enc C.pem -- WORKS OK
--TO DECRYPT--
openssl smime -decrypt -in test.enc -recip C.pem -inkey C.pem -out test1.tmp -- WORKS OK
--TO VERIFY--
openssl smime -verify -in test1.tmp -CAfile "C.pem" -out notes1.txt -- FAILS
I used MMC console to export B and A certificates to CER files and then converted them to PEM using OpenSSL. After that I tried the following 2:
openssl smime -verify -in test1.tmp -CAfile "A.pem" -out notes1.txt -- FAILS
openssl smime -verify -in test1.tmp -CAfile "B.pem" -out notes1.txt -- FAILS
All 3 attempts to VERIFY failed with the following error:
Verification failure
3672:error:21075075:PKCS7 routines:PKCS7_verify:certificate verify error:.\crypt
o\pkcs7\pk7_smime.c:342:Verify error:unable to get local issuer certificate
What am I doing wrong?
