Cannot verify openssl smime verify over SSH

I'm trying to SSH into the server at my university in order to do an OpenSSL assignment. I have my self-signed certificate aasignedcert.pem , the private key it was signed with aaprivatekey.pem and my plaintext test.txt .

I first signed my message to create my testsigned.txt file with the command:

openssl smime -sign -signer aasignedcert.pem -in test.txt -inkey aaprivatekey.pem > testsigned.txt

Then, encrypted the file to make testsigned.txt.enc :

openssl smime -encrypt -in testsigned.txt -aes128 aasignedcert.pem > test.txt.enc

To make sure everything works, I decrypted that file and stored it in testsigned.dec.txt :

openssl smime -decrypt -aes128 -in test.txt.enc -inkey aaprivatekey.pem > test.dec.txt

The decrypted file indeed has the original plaintext. Finally, I attempted to verify it using my certificate that I signed it with:

openssl smime -verify -in test.dec.txt -CAfile aasignedcert.pem -certfile aasignedcert.pem

This, however, does not work. Even with fiddling with the parameters, I consistently get this error message:

Verification failure 139814549997256:error:21075075:PKCS7 routines:PKCS7_verify:certificate verify error:pk7_smime.c:342:Verify error:unable to get local issuer certificate

I cannot figure out what I'm doing wrong. Does anyone have an idea?

---

How did you create aasignedcert.pem? Perhaps you self-signed it using a local CA that you created? If this is the case, I believe you need to pass the certificate of the CA to the -CAfile argument.

openssl smime -verify -in test.dec.txt -CAfile [certifcate of the CA] -certfile aasignedcert.pem

---

要在验证消息时取消对密钥证书的检查，可以将-noverify参数提供给verify命令（尽管openssl smime verify -noverify确实看起来有点奇怪）。

链接地址: http://www.djcxy.com/p/63482.html

上一篇: 在Windows上创建p12 iOS开发人员证书

下一篇: 无法通过SSH验证openssl smime验证