[openssl-users] cert chain file ordering question

[Benjamin Kaduk]

On 01/08/2018 06:33 PM, Norm Green wrote:
> This question is regarding OpenSSL 1.1.
>
> Let's say I have this trust hierarchy:
>
> RootCA
> CA1
> CA2
> CA3
> userCert
>
>
> So userCert is signed by CA3, CA3 is signed by CA2, and so on up to
> RootCA, which is a self-signed root cert.
>
> If I combine CA1,CA2,CA3 and userCert into single PEM file, chain.pem,
> the openssl verify command only verifies the chain is correct if the
> order of the file is such that the user cert occurs *last* in the
> chain as follows:
>
> CA1
> CA2
> CA3
> userCert
>
> openssl verify -CAfile RootCA.pem chain.pem
>
>
> What strikes me as odd is the order shown above is the *opposite* of
> what is needed for the SSL_CTX_user_certificate_chain_file() function,
> which requires the highest level CA to appear at the end of the file.
> From the man page:
>
> SSL_CTX_use_certificate_chain_file() loads a certificate chain from
> file into ctx. The certificates must be in PEM format and must be
> sorted starting with the subject's certificate (actual client or
> server certificate), followed by intermediate CA certificates if
> applicable, and ending at the highest level (root) CA.
> SSL_use_certificate_chain_file() is similar except it loads the
> certificate chain into ssl.
>
> Is my understanding of things correct?  Seems like there should be a
> way for the openssl command to verify a chain file which will be used
> with the
> SSL_CTX_use_certificate_chain_file() function.

But the verify command is intended to verify an *individual*
certificate, not a file containing an entire chain -- the specific chain
used is somewhat incidental.

Did you try something like (with a 1.1.0 installation):

openssl verify -CAfile RootCA.pem -untrusted chain.pem chain.pem

with the leaf certificate as the first one in chain.pem?

-Ben