Verify a certificate chain using openssl verify

by

From verify documentation:

If a certificate is found which is its own issuer it is assumed to be the root CA.

In other words, root CA needs to be self signed for verify to work. This is why your second command didn’t work. Try this instead:

openssl verify -CAfile RootCert.pem -untrusted Intermediate.pem UserCert.pem

It will verify your entire chain in a single command.

More Related Contents:

  1. Convert PEM traditional private key to PKCS8 private key
  2. Creating a .p12 file
  3. How to generate a self-signed SSL certificate using OpenSSL?
  4. Using openssl to get the certificate from a server
  5. Differences between “BEGIN RSA PRIVATE KEY” and “BEGIN PRIVATE KEY”
  6. Converting pfx to pem using openssl
  7. CMake not able to find OpenSSL library
  8. Use RSA private key to generate public key? [closed]
  9. Converting PKCS#12 certificate into PEM using OpenSSL
  10. Difference between openSSL rsautl and dgst
  11. git 2.20.1.windows.1 does not honor http.sslverify=false
  12. Using OpenSSL what does “unable to write ‘random state'” mean?
  13. Multiple OpenSSL RSA signing methods produce different results
  14. How to extract public key using OpenSSL?
  15. OpenSSL Verify return code: 20 (unable to get local issuer certificate)
  16. How do I manage the error “OpenSSL v1.1.1 ssl_choose_client_version unsupported protocol”? [closed]
  17. Why is Apple Deprecating OpenSSL in MacOS 10.7 (Lion)? [closed]
  18. Correct location of openssl.cnf file
  19. Programmatically Create X509 Certificate using OpenSSL
  20. How to determine SSL cert expiration date from a PEM encoded certificate?
  21. How to generate an openSSL key using a passphrase from the command line?
  22. OpenSSL: unable to verify the first certificate for Experian URL
  23. How to save public key from a certificate in .pem format
  24. Where is the PEM file format specified?
  25. How to create public and private key with openssl?
  26. How to convert an ECDSA key to PEM format
  27. Unable to load Private Key. (PEM routines:PEM_read_bio:no start line:pem_lib.c:648:Expecting: ANY PRIVATE KEY) [closed]
  28. How do I get Visual Studio Code to trust our self-signed proxy certificate?
  29. Cross Compile OpenSSH for ARM
  30. How to make browser trust localhost SSL certificate? [closed]

Leave a Comment