Elixir Certificate chain path validation

I have a use case where the certificate chain has to be validated for PKI. I have two certs, one is the device cert and the other is the certificate_chain. Both are in pem format. The :public_key.pkix_path_validation/3 seems promising but I don’t know how to give the chain in der format.
I am converting the device cert to der using X509.Certificate.to_der but how will I convert the chain to der, since it has 3 certificates( Root_CA, Intermediate_CA, Signing_CA) and when I convert it using the X509 library and give it to :public_key.pkix_path_validation/3 .
Basically I want to achieve the alternative to “openssl verify -CAfile certs/root_ca.pem -untrusted cert_chain.pem certs/device_cert.pem” in elixir.

1 Like