[CentOS] install Verisign/NetSol CA bundle

sbeam sbeam at onsetcorps.net
Tue Sep 30 19:18:48 UTC 2008


I have a client-provided SSL cert that seems to be provided by Verisign but 
issued by my good friends at Network Problems. I thought this was part of 
default cert.pem, but maybe not.

The docs on Verisign's site are... ahem... unhelpful.

I have what I think is the correct CA chain for this cert, but still trying to 
determine what marketing terms overlap with what reality. But how is it to be 
tested?

here is the info ( nj.pem contains the Certificate and the Private Key )

$ openssl verify nj.pem
nj.pem: /C=US/postalCode=99999/ST=OH/L=Columbus/streetAddress=4111 XXXX 
Ave./O=XYZ Inc./OU=Secure Link SSL Pro/CN=xyz.foo.com
error 20 at 0 depth lookup:unable to get local issuer certificate

$ openssl x509 -noout -in nj.pem -issuer
issuer= /C=US/O=Network Solutions L.L.C./CN=Network Solutions Certificate 
Authority

So if append the correct CA certs to my nj.pem, then 'openssl verify' should 
be happy, is this correct?

thanks!



More information about the CentOS mailing list