Hi all,
I have generated certificate chain using Openssl(OpenSSL 0.9.8e). The
certificate hierarchy is as follows:
ca.pem ---->cert1.pem---->cert2.pem----->last.pem
Openssl doesn't give any error when verifying these certificate
chain(Certificate chain verification is successful) during TLS
connection establishment(Connection establishment is successful) but
when verified using Openssl command /openssl verify /gives following error:
*# openssl verify -CAfile ca.pem -untrusted cert1.pem cert2.pem last.pem*
cert2.pem: OK
last.pem: /C=IN/O=Xyz/OU=CableLabs Key Distribution Center/CN=kdc.xyz.com
error 20 at 0 depth lookup:unable to get local issuer certificate
The Subject and Issuer names in certificates are correct. Please let me
know the cause of error and changes required in the certificate hierarchy.
Regards,
Vinay
