I have 3 certificates, server.crt issued by Intermediate CA which is issued by Root. The server.crt is configured on apache2 (version 2.4.29-1) on Ubuntu 18.04.
However when I am trying to connect to the server URL through openssl (version 1.1.1) using the intermediate CA as the CAfile parameter, I receive error as Verify return code: 2 (unable to get issuer certificate) Command used : openssl s_client -connect server_URL:443 -CAfile Intermediate.pem
But when I try to connect the same URL using the root certificate it works with return code 0. Command used : openssl s_client -connect server_URL:443 -CAfile Root.pem — Works fine
How can I make the the certificate check work using the intermediate CA and not Root certificate.
Note that the below certificate chain verification are all successful.
openssl verify -CAfile root.pem Internal_CA.pem — OK
openssl verify -CAfile root_and_intemediate_combined.pem server.pem — OK
Also I got same results for using both pem and crt formats for all certificates.