The -untrusted argument to verify command takes a single file containing multiple certificates concatenated together. Try adding cert1.pem and cert2.pem into a single file and check again.
Thanks, Sandeep On Tue, Dec 14, 2010 at 12:00 PM, Vinay Kumar L < vinaykuma...@globaledgesoft.com> wrote: > Hi all, > > I have generated certificate chain using Openssl(OpenSSL 0.9.8e). The > certificate hierarchy is as follows: > > ca.pem ---->cert1.pem---->cert2.pem----->last.pem > > Openssl doesn't give any error when verifying these certificate > chain(Certificate chain verification is successful) during TLS connection > establishment(Connection establishment is successful) but when verified > using Openssl command *openssl verify *gives following error: > > *# openssl verify -CAfile ca.pem -untrusted cert1.pem cert2.pem last.pem* > cert2.pem: OK > last.pem: /C=IN/O=Xyz/OU=CableLabs Key Distribution Center/CN=kdc.xyz.com > error 20 at 0 depth lookup:unable to get local issuer certificate > > The Subject and Issuer names in certificates are correct. Please let me > know the cause of error and changes required in the certificate hierarchy. > > Regards, > Vinay > >
