If the output of the command contains ‘OK’, the chain is complete.
Verifying the certificate chain partially
If the certificate chain is not complete, there are two ways to find out which part didn’t fit. The easier one needs OpenSSL 1.0.2g or later which is not easily available for many systems still in use, like RHEL 6 or Ubuntu 14.04. As I haven’t encountered this requirement too often, it’s not very elaborate.
Via “openssl verify -partial_chain” (OpenSSL version >= 1.0.2g)
Do this for every part of the chain you want to test: