I just tried combine root and intermediate into single file. I got "unable to get local issuer certificate" error. I guess my code is wrong since I am not able to find a complete example on how to verify a in-memory certificate. All examples are based on the fact that certificate is a file (thus use LOOK_UP API, etc). Any references? Thanks chris ----- Original Message ----- From: ?ngel Gonz?lez <angel@xxxxxxxxxxxxxx> To: openssl-users at openssl.org Sent: Saturday, March 5, 2016 8:44 AM Subject: Re: verify certificate chain (in memory) Lei Sun wrote: > Hi: > In my project I need to verify certificate chain sent from server. > The chain has root->inter mediate -> server, 3 level chain. The > server certificate files can be verified by "openssl verify" command: > > openssl verify -CAfile root.crt server.crt > OK. > > But I had to combine the root cert and intermediate cert into single > file, to verify the whole chain via command line. Have you tried combining the intermediate and the server cert into a single file? That should work, and is more akin to the actual behavior (the server sends its certificate plus any intermediates, and the client should only need the root). Kind regards -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
