ssl - Verify certificates using OpenSSL -

i created 2 intermediate certificates called cert1.crt , cert2.crt signed common cert0 root , need verify them using verify command.

i type:

verify -cafile cert1.crt cert2.crt 

what is:

error 20 @ 0 depth lookup:unable local issuer certificate. 

same error appears when replaced .crt files 2 .pem files generated certificates. doing wrong? use openssl toolkit operating system windows 8.

i don't know how create common cert0 root.

you can following steps:

0) create ca private key , rootreq

$ openssl req -nodes -newkey rsa:1024 -sha1 -keyout rootkey.pem -out rootreq.pem

1) create ca self-signed cert

$ openssl x509 -req -in rootreq.pem -sha1 -signkey rootkey.pem -out rootcert.pem

2) create client private key , certreq

$ openssl req -nodes -newkey rsa:1024 -sha1 -keyout userkey.pem -out userreq.pem

3) create client cert client certreq $ openssl x509 -req -in userreq.pem -sha1 -ca rootcert.pem -cakey rootkey.pem -cacreateserial -out usercert.pem

4) verify cert

$ openssl verify -cafile rootcert.pem usercert.pem

you can repeat step 2) , 3) different output create client certs, , verify them @ step 4).