Start out by finding the location for the certificates to be stored:

<code>
openssl version -d
OPENSSLDIR: "/usr/lib/ssl"
</code>

Directories inside OPENSSLDIR is usually a symbolic link to /etc/ssl, but YMMW.

Now upload the CA certificates in PEM format into OPENSSLDIR/certs.

Next use this script to create the symbolic links inside the certs directory:

<file>
#!/bin/sh
#
# usage: certlink.sh filename [filename ...]

for CERTFILE in $*; do
  # make sure file exists and is a valid cert
  test -f "$CERTFILE" || continue
  HASH=$(openssl x509 -noout -hash -in "$CERTFILE")
  test -n "$HASH" || continue

  # use lowest available iterator for symlink
  for ITER in 0 1 2 3 4 5 6 7 8 9; do
    test -f "${HASH}.${ITER}" && continue
    ln -s "$CERTFILE" "${HASH}.${ITER}"
    test -L "${HASH}.${ITER}" && break
  done
done
</file>

Now go into OPENSSLDIR/certs and run the script:

<code>
certlink.sh CA-certificate1.pem CA-certificate2.pem CA-certificate3.pem
</code>

Now openssl will verify certificates signed by these CA's.