When parsing a PEM string containing a chain of certificates, createCertificateChain calls PEM_read_bio_X509 until it returns NULL (end of chain). But this will have set OpenSSL's internal error chain. Creating a new OpenSSL context has the side effect of clearing this chain, but if you are using a context which has already been created, the context sees that the error chain is set and fails. All that is needed is for createCertificateChain to clear the OpenSSL error chain before returning. JIRA: LINK-1868 Change-Id: Ife2a3dabfeecff9e430648d63e4b4ba001e80a00