Verify a certificate

To verify a certificate and it’s chain, use below openssl command

openssl verify -CAfile chain.pem devicecert.pem

where chain.pem is the certificate chain for the devicecert.pem certificate.

To construct chain.pem, download the CA certificates that form the chain upto the root certificate and concatenate them

cat l1_root_ca.pem l2_intermediate_ca.pem l3_intermediate_ca.pem > chain.pem

where l1_root_ca.pem is the root CA certificate in pem format and l2_intermediate_ca.pem, l3_intermediate_ca.pem are the intermediate CA certificates.