Question #193682 on HIPL changed: https://answers.launchpad.net/hipl/+question/193682 Status: Open => Answered Henrik Ziegeldorf proposed the following answer: "openssl verify -CAfile ca-root-cert.pem host-cert.der" this doesn't work because the second certificate is in DER-encoding. openssl expects PEM if you don't indicate otherwise (you can actually observe that by the call to PEM_read_bio). Try: cat host-cer.der | openssl x509 -inform DER > host-cert.pem Then: openssl verify -CAfile ca-root-cert.pem host-cert.pem This should result in: host-cert.pem: OK Hope that helps. -- You received this question notification because you are a member of HIPL core team, which is an answer contact for HIPL.