Hi,
The external shell script certificate validation stuff should work.
should, aye. however, the current openssl 'verify' has the following openssl verify -help usage: verify [-verbose] [-CApath path] [-CAfile file] [-purpose purpose] [-crl_check] [-engine e] cert1 cert2 ... recognized usages: sslclient SSL client sslserver SSL server nssslserver Netscape SSL server smimesign S/MIME signing smimeencrypt S/MIME encryption crlsign CRL signing any Any Purpose ocsphelper OCSP helper - this is on latest RHEL release (and therefore CentOS etc) - theres no 'purpose' flag like the current 'bleeding edge' OpenSSL manual describes :-( (i'm thinking of compiling my own local restrained copy to try out leaving the distro stuff well-alone) alan