OpenSSL> verify -CAfile C:\mycert.pem C:\mycert.pem
Close. You need to add the CA’s root certificate with -CAfile; and not your end entity certificate. Something like:
openssl verify -CAfile C:\ca-cert.pem C:\mycert.pem
Also, if there is an intermediate certificate, then it needs to be added to mycert.pem. So mycert.pem will actually have two (or more) certificates (rather than one).
Adding all required certificates to mycert.pem in an effort to build a valid chain solves the “which directory” problem. Its a well known problem in PKI. Essentially, a client (like me) does not know where to go to get missing intermediate certificates.