From verify documentation:
If a certificate is found which is its own issuer it is assumed to be the root CA.
In other words, root CA needs to be self signed for verify to work. This is why your second command didn’t work. Try this instead:
openssl verify -CAfile RootCert.pem -untrusted Intermediate.pem UserCert.pem
It will verify your entire chain in a single command.
That’s one of the few legitimate jobs for cat:
openssl verify -verbose -CAfile <(cat Intermediate.pem RootCert.pem) UserCert.pem
Update:
As Greg Smethells points out in the comments, this command implicitly trusts Intermediate.pem. I recommend reading the first part of the post Greg references (the second part is specifically about pyOpenSSL and not relevant to this question).
In case the post goes away I'll quote the important paragraphs:
Unfortunately, an "intermediate" cert that is actually a root / self-signed
will be treated as a trusted CA when using the recommended command given
above:
$ openssl verify -CAfile <(cat geotrust_global_ca.pem rogue_ca.pem)
fake_sometechcompany_from_rogue_ca.com.pem
fake_sometechcompany_from_rogue_ca.com.pem: OK
It seems openssl will stop verifying the chain as soon as a root certificate is encountered, which may also be Intermediate.pem if it is self-signed. In that case RootCert.pem is not considered. So make sure that Intermediate.pem is coming from a trusted source before relying on the command above.