Cannot verify openssl smime verify over SSH

Question

I'm trying to SSH into the server at my university in order to do an OpenSSL assignment. I have my self-signed certificate aasignedcert.pem, the private key it was signed with aaprivatekey.pem and my plaintext test.txt.

I first signed my message to create my testsigned.txt file with the command:

openssl smime -sign -signer aasignedcert.pem -in test.txt -inkey aaprivatekey.pem > testsigned.txt

Then, encrypted the file to make testsigned.txt.enc:

openssl smime -encrypt -in testsigned.txt -aes128 aasignedcert.pem > test.txt.enc

To make sure everything works, I decrypted that file and stored it in testsigned.dec.txt:

openssl smime -decrypt -aes128 -in test.txt.enc -inkey aaprivatekey.pem > test.dec.txt

The decrypted file indeed has the original plaintext. Finally, I attempted to verify it using my certificate that I signed it with:

openssl smime -verify -in test.dec.txt -CAfile aasignedcert.pem -certfile aasignedcert.pem

This, however, does not work. Even with fiddling with the parameters, I consistently get this error message:

Verification failure 139814549997256:error:21075075:PKCS7 routines:PKCS7_verify:certificate verify error:pk7_smime.c:342:Verify error:unable to get local issuer certificate

I cannot figure out what I'm doing wrong. Does anyone have an idea?

Answer 1

To suppress the checking of the key certificate when verifying a message you can supply the -noverify parameter to the verify command (though openssl smime verify -noverify does look a bit weird).

Answer 2

How did you create aasignedcert.pem? Perhaps you self-signed it using a local CA that you created? If this is the case, I believe you need to pass the certificate of the CA to the -CAfile argument.

openssl smime -verify -in test.dec.txt -CAfile [certifcate of the CA] -certfile aasignedcert.pem