With my electronic id, I have a x509 certificate and I would like to check the validity of this certificate.
I exported and inspect the certificate using
$ pkcs15-tool --read-certificate 02 > mykey.crt
$ openssl x509 -in mykey.crt -issuer -noout
issuer= /C=BE/CN=Citizen CA/serialNumber=200801
I went to the official certificate repository website
and downloaded the citizen200801.crt (cf serial number) file and the Belgium Root CA
file (actually exporting them into PEM files using firefox).
I'm able to verify the CitizenCA certificate
$ openssl verify -CAfile BelgiumRootCA CitizenCA
but I don't understand how to check my certificate
$ openssl verify -CAfile CitizenCA mykey.crt
mykey.crt: C = BE, CN = Citizen CA, serialNumber = 200801
error 2 at 1 depth lookup:unable to get issuer certificate
Any idea ? Thank you