Verify a certificate chain using openssl verify

Question

I\'m building a own certificate chain with following componenents:

Root Certificate - Intermediate Certificate - User Certificate

Root Cert

Answer 1

From verify documentation:

If a certificate is found which is its own issuer it is assumed to be the root CA.

In other words, root CA needs to self signed for verify to work. This is why your second command didn't work. Try this instead:

openssl verify -CAfile RootCert.pem -untrusted Intermediate.pem UserCert.pem

It will verify your entire chain in a single command.