JKJS
Got answer of my own question:
1)Created root CA certificate by these commands:
openssl req -newkey rsa:1024 -sha1 -keyout rootkey.pem -out rootreq.pem
openssl x509 -req -in rootreq.pem -sha1 -signkey rootkey.pem -out rootcert.pem
2)Installed CA certificate as trusted certificate by following commands:
sudo mkdir /usr/share/ca-certificates/extra
sudo cp rootcert.pem /usr/share/ca-certificates/extra/rootcert.crt
sudo dpkg-reconfigure ca-certificates
sudo update-ca-certificates
3)Created intermediate certificate signed by root CA by following commands:
openssl req -newkey rsa:1024 -sha1 -keyout skey.pem -out sreq.pem
sudo openssl x509 -req -in sreq.pem -sha1 -CA /etc/ssl/certs/rootcert.pem -CAkey rootkey.pem -CAcreateserial -out scert.pem
4)Created client certificate signed by intermediate CA by following commands:
openssl req -newkey rsa:1024 -sha1 -keyout ckey.pem -out creq.pem
openssl x509 -req -in creq.pem -sha1 -CA scert.pem -CAkey skey.pem -CAcreateserial -out ccert.pem
Now, Chain Of Trust is working fine:
1)verification of root CA
openssl verify rootcert.pem
rootcert.pem: OK
2)verification of intermediate CA
openssl verify scert.pem
scert.pem: OK
3)verification of client certificate
openssl verify -CAfile scert.pem ccert.pem
ccert.pem: OK
