If my CA file includes the self signed Root 1 cert, but not the "Root 2
cert" I get "Verify return code: 19 (self signed certificate in
If I add the Root 2 cert to the CA file everything is fine.
If I try openssl verify on the Server's cert with a CA file including
Intermediate cert and self-signed Root 1 cert, but not Root 2 cert,
verify reports OK.
My view was that the Root 1 cert in the CA file should verify the chain.
Obviously it does not, but why?
Are two certificates with the same subject but different issuer
considered different? Or is this an issue with my ancient openssl version?
PGP Public Key Information
Key ID = 7AFB8D26
Key fingerprint = 31B0 E029 BCF9 6605 DAC1 B2E1 0CC8 70F4 7AFB 8D26