'Validating a Certificate Path with OpenSSL' tutorial was cited in an blog in 2016.

The Validating a Certificate Path with OpenSSL tutorial was cited in an blog in 2016.

Subject: SSL证书链包如何工作?(How does an SSL certificate chain bundle work?)
Date: Nov 15, 2016
Author: IT屋

I've created a chain hierarchy like this.
   root-ca ==> signing-ca ==> subordinate-ca ==> server

It is mentioned to create chain bundle, the lowest should go first.
   $ cat server.crt subordinate-ca.crt signing-ca.crt > server.pem

But verification fails.
   $ openssl verify -CAfile root-ca.crt server.pem
   error 20 at 0 depth lookup:unable to get local issuer certificate

However, if I change the order it seems to work.
   $ cat signing-ca.crt subordinate-ca.crt server.crt > server.pem
   $ openssl verify -CAfile root-ca.crt server.pem
   server.pem: OK

So what would be the error here?


More info: According to
I perform the following test which works.

   $ cat signing-ca.crt subordinate-ca.crt > inter.crt
   $ openssl verify -CAfile root-ca.crt -untrusted inter.crt server.crt
   server.crt: OK

Does that mean all the links are good?


Table of Contents

 About This Book

 Reference Citations in 2021

 Reference Citations in 2020

 Reference Citations in 2019

 Reference Citations in 2018

 Reference Citations in 2017

Reference Citations in 2016

 Java Server Accepts TLS 1.2 Only

 cliente soap java

 Android Hints Tweaks and Tips

 [Tutorial] - Play HD Videos with ffplay

 Comment ouvrir les fichiers XML

 Počítačová síť a internet

 Deploying Embarcadero Delphi XE7 and C++ Builder XE7 Applications

 Change XSD root namespace in BizTalk

 Заставить пример java + ssl работать


 General Relativity for Laypeople – A First Primer

 XML Dynamic Key Encryption Approach

 Подключение к MS SQL Server из NetBeans

 TCP SSL 서버 성능테스트 관련 질문

 Tạo cửa sổ con nằm trong cửa sổ tab chính trong Java

 FAQ DMP Compatibilité

 How does PHP determine the character encoding in browser POST request data?

 Implementing the Information Security using Modified RSA

 Recording Video of an Android Device

 Getting error for SOAP request "InvalidSecurity: ..."


 Finding JNDI/LDAP Connection Security Protocol

 how to import x509.pem pk8 file into jks(keystore)

 Reference Citations in 2015

 Reference Citations in 2014

 Reference Citations in 2013

 Reference Citations in 2012

 Reference Citations in 2011

 Reference Citations in 2010

 Reference Citations in 2009

 Reference Citations in 2008

 Reference Citations in 2007

 Reference Citations in 2006

 Reference Citations in 2005

 Reference Citations in 2004

 Reference Citations in 2003