Verification failed, probably due to a bug

[floyd-fuh]

As I couldn't find which openssl version (or OS for that matter) you require to run this project, I tried running with OpenSSL 1.0.2g... is that fine?

Anyway, I get:

$ ./clone-cert.sh cert.pem 
Verification failed, probably due to a bug

So I changed to set -o xtrace and it seems to run quite far but then:

$ ./clone-cert.sh cert.pem 
[...]
+ diff -q /dev/fd/63 /dev/fd/62
++ openssl x509 -in cert.pem.cert -pubkey -noout
++ openssl rsa -in cert.pem.key -pubout
+ openssl verify -CAfile cert.pem.CA.cert cert.pem.cert
+ echo Verification failed, probably due to a bug
Verification failed, probably due to a bug

Running only the verification:

$ openssl verify -CAfile cert.pem.CA.cert cert.pem.cert
cert.pem.cert: C = DE, O = EXAMP AG, OU = YxxxxxxxYxxxxxxx, CN = EXAMP-Yxxxxxxx Yxxxxxx AG, UID = 12344e8f-1034-2e81-7c3f-e516bf364951
error 20 at 0 depth lookup:unable to get local issuer certificate

Any ideas?

[AdrianVollmer]

I encountered an issue with openssl 1.0.x that I didn't have with openssl 1.1.1, so you might want to give that a shot. It had to do with the -addext option of openssl req. I though I fixed it though.

Hard to say what went wrong without having the actual certificate. A known issue is if the cert is holding an ECC public key but was signed with an RSA key or vice versa. Could that be the case with your cert?