Hi All: I am using X509_STORE_CTX_get1_chain() to get web site's full certificate chain. Now I am encounter an issue that some web site does not return intermediate CA certificate but only web site leaf certificate. For example. https://globaltrade.usbank.com Below is certificate I get. Subject: /C=US/ST=Minnesota/L=St. Paul/O=U.S. Bank/OU=ISS/CN=globaltrade.usbank.com Issuer: /C=US/O=VeriSign, Inc./OU=VeriSign Trust Network/OU=Terms of use at https://www.verisign.com/rpa (c)10/CN=VeriSign Class 3 Secure Server CA - G3 As my environment missing "VeriSign Class 3 Secure Server CA - G3" certificate. When open web site in Browsers (Chrome on windows), I can see certificate chain is built successfully, I think this is because browser should recognize "VeriSign Class 3 Secure Server CA - G3" this intermediate CA, and automatically installed crt into system. So my question is how can I achieve same as browsers with openssl, with openssl I can get error info. But where can I use program to download VeriSign G3 certificate and installed automatically, then I can build full certificate chain. Peer cert subject[/C=US/ST=Minnesota/L=St. Paul/O=U.S. Bank/OU=ISS/CN=globaltrade.usbank.com] depth[0] error[20] Peer cert subject[/C=US/ST=Minnesota/L=St. Paul/O=U.S. Bank/OU=ISS/CN=globaltrade.usbank.com] depth[0] error[27] Peer cert subject[/C=US/ST=Minnesota/L=St. Paul/O=U.S. Bank/OU=ISS/CN=globaltrade.usbank.com] depth[0] error[21] -- Rejoice,I Desire!
