Is there any way to look up a certificate from OpenSSL's default store if I know the subject or the hash of the one I want, or perhaps if I have a certificate that was signed by it?
I can verify the certificate (and thus determine that the issuer is in the standard set) with
openssl verify myCert.pem
and I can get the subject or hash of the one I want with
openssl x509 -issuer -noout -in myCert.pem
openssl x509 -issuer_hash -noout -in myCert.pem
but I don't know how to then get the issuer certificate itself.
I need this so I can do an OCSP lookup to see if the certificate has been revoked.
Thanks!