This shows you the differences between two versions of the page.
— |
howtos:how_do_i_verify_a_certificate [d/m/Y H:i] (current) |
||
---|---|---|---|
Line 1: | Line 1: | ||
+ | Use the verify option to verify certificates. | ||
+ | |||
+ | <code> | ||
+ | openssl verify cert.pem | ||
+ | </code> | ||
+ | |||
+ | If your local OpenSSL installation recognizes the certificate or its signing authority and everything else (dates, signing chain, etc.) checks out, you’ll get a simple OK message. | ||
+ | |||
+ | <code> | ||
+ | $ openssl verify remote.site.pem | ||
+ | remote.site.pem: OK | ||
+ | </code> | ||
+ | |||
+ | For this to work openssl needs to have access to the CA that issued the certificate. Otherwise you will get an error like: | ||
+ | |||
+ | <code> | ||
+ | error 2 at 1 depth lookup:unable to get issuer certificate | ||
+ | </code> | ||
+ | |||
+ | To import CA certificates see here: [[Import CA certificates for openssl to use]] | ||