I am trying to create a certificate chain with OpenSSL but for some reason when I install my root CA in my computer and try to verify the certificate chain, it is always telling me that it can't find the issuer of the certificate. To make thing happen, I have to install intermediate CAs to, wich doesn't make sense.
At start I thought that only the root CA was needed on client computer but now it seems that I will need to deploy all intermediate CAs.
Can you help me understand this ? Am I missing something related to OpenSSL regarding chaining ?
thanks !
Found out that "authorityInfoAccess" extension was missing in my chaining CAs structure. Add it pointing to the right URL and now it is working.