我有一個鏈.pem-----BEGIN CERTIFICATE-----// My server cert signed by intemediate CA-----END CERTIFICATE----------BEGIN CERTIFICATE-----// My intermediate cert signed by root CA-----END CERTIFICATE----------BEGIN CERTIFICATE-----// My self signed root cert-----END CERTIFICATE-----以及server.key.pem-----BEGIN RSA PRIVATE KEY-----// Private key for server cert-----END RSA PRIVATE KEY-----從那里，我生成一個 pfx 文件 - 其中包含服務(wù)器證書及其私鑰以及鏈的其余部分。openssl pkcs12 -export -out certificate.pfx -inkey server.key.pem -in chain.pem我將導(dǎo)出密碼留空接下來我用 SslStream 托管一個 TcpListenernamespace fun_with_ssl{    internal class Program    {        public static int Main(string[] args)        {            var serverCertificate = new X509Certificate2("certificate.pfx");            var listener = new TcpListener(IPAddress.Any, 1443);            listener.Start();            while (true)            {                using (var client = listener.AcceptTcpClient())                using (var sslStream = new SslStream(client.GetStream(), false))                {                    sslStream.AuthenticateAsServer(serverCertificate, false, SslProtocols.Tls12, false);                    //send/receive from the sslStream                }            }        }    }}但是當(dāng)我嘗試從 openssl 檢查鏈時，它失敗了openssl s_client -connect 127.0.0.1:1443 -CAfile ca.cert.pemCONNECTED(00000005)depth=0 CN = SERVERverify error:num=20:unable to get local issuer certificateverify return:1depth=0 CN = SERVERverify error:num=21:unable to verify the first certificateverify return:1---Certificate chain 0 s:CN = SERVER   i:CN = Intermediate---Server certificate-----BEGIN CERTIFICATE-----// My Server certificate-----END CERTIFICATE-----subject=CN = SERVER我似乎沒有提供中間證書或根證書，以便它可以驗(yàn)證鏈。我在這里缺少什么？在我的場景中，客戶端將擁有根證書公鑰。