The chain certificate file, as the name indicates provides a complete path for trust verification. Above we the the certificate chain for the SSL certificate … You can rate examples to help us improve the quality of examples. The first certificate in the output will be the one belonging to the server. This establishes a chain of trust that can verify the validity of a certificate. As a pre-requisite, download and install OpenSSL on the host machine. For example, Microsoft’s IIS and Exchange Server have wizards to create the certificate request. Certificates 2 to 5 are intermediate certificates. When a certificate is issued, the CA performs a validation of the entity requesting the certificate. We want to verify them orderly. ... Use this command if you want to add PEM certificates (domain.crt and ca-chain.crt) to a PKCS7 file (domain.p7b): The Resin config parameter is used to specify a certificate chain. It is used to reference a file that is a concatenation of: your certificate file the intermediate (untrusted) certificate the root (trusted) certificate. lately, the trend is to increase key size for added protection, making 2048 bit standard, and 4096 bit are not uncommon. openssl pkcs12 -in name.pfx -nokeys -cacerts -out CAchain.pem. openssl req -new -x509 -keyout private/cakey.pem -out cacert.pem -days 365 -config openssl.cnf. Display the contents of a certificate: openssl x509 -in cert.pem -noout -text The certificate chain failed OpenSSL’s verification: Security: 5: Jun 12, 2018: J: The certificate chain failed OpenSSL verification: Security: 4: May 24, 2018: OpenSSL Alternative chains certificate forgery (CVE-2015-1793) Security: 2: Jul 10, 2015: L: SSL Certificate Chain Order Intermediate Certs: Security: 12: Aug 25, 2014 You can examine the certificate to ensure that it conforms, using OpenSSL: openssl s_client -connect server_name:port>