I just figured out that client and server works fine if I generate the certificates using openssl tools.The difference between the two certification generation is in AuthorityKeyIdentifier extension in child (client/server) cert.
I have openssl-cert-generator.bat, my-cert-generator.bat. I am using
* I tried with -Veify 9 option. No change in the output still fails with same error (unable to get local issuer certificate).* However with the change in syntax of openssl verify (as you suggested), the verification is failing
server.pem - has only ServerCert does not include ServiceProvideCA--
Thanks Victor,But I am able to veify the certs using following commandclientChain.pem has ServiceProviderCA and ClientCert (in that order)serverChain.pem has ServiceProviderCA and ServerCert (in that order)
C:\OpenSSL\bin>openssl verify -CApath \certs clientChain.pem c:\certs\clientChain.pem: OKC:\
Hi, I am using to OpenSSL as TLS client and server. I am using certificate chain of size 3 on both sides. On Server SideRootCA (root.pem)ServiceProviderCA (
spca.pem)ServerCert (server.pem)On Client SideRootCA (root.pem)ServiceProviderCA (spca.pem)ClientCert (client.pem)I have placed the certs an
