I am using openssl to verify certificates but it seems that at lean in one case, it will fail to verify a certificate even if the browsers to consider the certificate valid.
openssl s_client -connect test.uk.example.com:443 + sed -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p' depth=0 /C=GB/ST=CB/L=Cambridge/O=acme Systems Inc./OU=Development Operations acme/CN=acme.com/CN=*.acme.com/CN=*.uk.acme.com/CN=*.acme.com/CN=*.vmd.acme.com/CN=*.acme.net/CN=*.eng.acme.net verify error:num=20:unable to get local issuer certificate verify return:1 depth=0 /C=GB/ST=CB/L=Cambridge/O=acme Systems Inc./OU=Development Operations acme/CN=acme.com/CN=*.acme.com/CN=*.uk.acme.com/CN=*.acme.com/CN=*.vmd.acme.com/CN=*.acme.net/CN=*.eng.acme.net verify error:num=27:certificate not trusted verify return:1 depth=0 /C=GB/ST=CB/L=Cambridge/O=acme Systems Inc./OU=Development Operations acme/CN=acme.com/CN=*.acme.com/CN=*.uk.acme.com/CN=*.acme.com/CN=*.vmd.acme.com/CN=*.acme.net/CN=*.eng.acme.net verify error:num=21:unable to verify the first certificate verify return:1
The same certificate is properly validated by the browsers.
How should I call oepnssl in order to be sure that the validation passes?
