So Far as I am able to tell, the openssl verify in the primary circumstance will check the chain and fail, although the next only will Verify the chain within the signing-ca.crt to the root (not needing the opposite certs, so just ignoring them) The pet store also delivers aquarium https://maps.app.goo.gl/9y4LfCmrsyYSbzTo6