User Tools

Site Tools


howtos:test_a_certificate_chain
no way to compare when less than two revisions

Differences

This shows you the differences between two versions of the page.


howtos:test_a_certificate_chain [02/12/2018 21:34] (current) – created - external edit 127.0.0.1
Line 1: Line 1:
 +With OpenSSL you start a server instance:
  
 +<code>
 +openssl s_server -accept 9000 -cert cert.pem -key cert.key -CAfile ca.pem
 +Enter pass phrase for cert.key:
 +</code>
 +
 +^ Parameter  ^ Explanation           |
 +| s_server  | Start a SSL server          |
 +| -accept 9000    | Make the server listen on port 9000 |
 +| -cert cert.pem   | Use the certificate in the file cert.pem |
 +| -key cert.key | Use the private key in the file cert.key   |
 +| -CAfile ca.pem | Use the CA chain file ca.pem |
 +
 +What this command does is start a SSL server instance where it sends the certificate (cert.pem) and to make the certificate verifiable the CA chain (ca.pem) is appended.
 +
 +This process will show if the chain corresponds to the certificate.
 +
 +To test run this:
 +
 +<code>
 +openssl s_client -connect localhost:9000
 +CONNECTED(00000003)
 +depth=2 /C=US/O=thawte, Inc./OU=Certification Services Division/OU=For Test Purposes Only.  No assurances./CN=thawte Trial Secure Server Root CA
 +verify error:num=19:self signed certificate in certificate chain
 +verify return:0
 +---
 +Certificate chain
 + 0 s:/C=DK/ST=Copenhagen/L=Copenhagen/O=Medcom/OU=IT/OU=For Test Purposes Only.  No assurances./CN=test.domain.com
 +   i:/C=US/O=Thawte, Inc./OU=Certification Services Division/OU=For Test Purposes Only.  No assurances./CN=Thawte Trial Secure Server CA
 + 1 s:/C=US/O=Thawte, Inc./OU=Certification Services Division/OU=For Test Purposes Only.  No assurances./CN=Thawte Trial Secure Server CA
 +   i:/C=US/O=thawte, Inc./OU=Certification Services Division/OU=For Test Purposes Only.  No assurances./CN=thawte Trial Secure Server Root CA
 + 2 s:/C=US/O=thawte, Inc./OU=Certification Services Division/OU=For Test Purposes Only.  No assurances./CN=thawte Trial Secure Server Root CA
 +   i:/C=US/O=thawte, Inc./OU=Certification Services Division/OU=For Test Purposes Only.  No assurances./CN=thawte Trial Secure Server Root CA
 +---
 +Server certificate
 +-----BEGIN CERTIFICATE-----
 +MIIDuzCCAqOgAwIBAgIQGpdMvqOpRl0RRpfwudI5jTANBgkqhkiG9w0BAQUFADCB
 +qDELMAkGA1UEBhMCVVMxFTATBgNVBAoTDFRoYXd0ZSwgSW5jLjEoMCYGA1UECxMf
 +Q2VydGlmaWNhdGlvbiBTZXJ2aWNlcyBEaXZpc2lvbjEwMC4GA1UECxMnRm9yIFRl
 +c3QgUHVycG9zZXMgT25seS4gIE5vIGFzc3VyYW5jZXMuMSYwJAYDVQQDEx1UaGF3
 +dGUgVHJpYWwgU2VjdXJlIFNlcnZlciBDQTAeFw0xMDA5MDIwMDAwMDBaFw0xMDA5
 +MjMyMzU5NTlaMIGfMQswCQYDVQQGEwJESzETMBEGA1UECBMKQ29wZW5oYWdlbjET
 +MBEGA1UEBxQKQ29wZW5oYWdlbjEPMA0GA1UEChQGTWVkY29tMQswCQYDVQQLFAJJ
 +VDEwMC4GA1UECxQnRm9yIFRlc3QgUHVycG9zZXMgT25seS4gIE5vIGFzc3VyYW5j
 +ZXMuMRYwFAYDVQQDFA1ocy5rbXMubWVkY29tMIGfMA0GCSqGSIb3DQEBAQUAA4GN
 +ADCBiQKBgQDs0GceZbIumDfPLVhW9sDcRk6T5UwHAjor3r9HyTZLIF+Py8aF1Qcq
 +w/eZY8jaQWzqTqKj4LBS2RSTv+J0JmlUPDl+iOOQreMDl91F9+6nJi+py1RhchfP
 +13fC57cpeRhn5mBSxiRqbcpTtFgnxFdJzrn1fHc0RZySMAiupkWxQwIDAQABo2ww
 +ajAMBgNVHRMBAf8EAjAAMDsGA1UdHwQ0MDIwMKAuoCyGKmh0dHA6Ly9jcmwudGhh
 +d3RlLmNvbS9UaGF3dGVUcmlhbFNTTENBLmNybDAdBgNVHSUEFjAUBggrBgEFBQcD
 +AQYIKwYBBQUHAwIwDQYJKoZIhvcNAQEFBQADggEBADHBJLNwiS5kPY6RA/Fsz82v
 +Tho5QH/TXlUhmcSxcfFMo4oD0kx3EPzv0cfIrm9aUtHsd9uehcbTEnhFZzM3VZdN
 +6xawfuS8oMVEjH4MS/GRyQHEQ/kAx4EZLXAAsbKzzHd+uOgZSOa595biGxVxiP8P
 +7TLXDKrV4/f7Y4h6VbkJH8k9p/qvDWZMqwA8K8Av348mR0Y3R5BphRtc9Rnq8tKF
 +JjNAks6UD0E9rGY/3ouslNKP++yHess8JHtM8BmeVPAev6GyXHz5EsaQmKnubo61
 +jlYa5t0ep8/9iyP00KPcdHwWwa6i9BGVp7s96vUD0nxhXvmYENeNT4/lYsKWzb8=
 +-----END CERTIFICATE-----
 +subject=/C=DK/ST=Copenhagen/L=Copenhagen/O=Medcom/OU=IT/OU=For Test Purposes Only.  No assurances./CN=test.domain.com
 +issuer=/C=US/O=Thawte, Inc./OU=Certification Services Division/OU=For Test Purposes Only.  No assurances./CN=Thawte Trial Secure Server CA
 +---
 +No client certificate CA names sent
 +---
 +SSL handshake has read 3642 bytes and written 255 bytes
 +---
 +New, TLSv1/SSLv3, Cipher is DHE-RSA-AES256-SHA
 +Server public key is 1024 bit
 +Secure Renegotiation IS supported
 +Compression: NONE
 +Expansion: NONE
 +SSL-Session:
 +    Protocol  : TLSv1
 +    Cipher    : DHE-RSA-AES256-SHA
 +    Session-ID: 0A2080D06C5FDCE6FDC51A25A6943D5EFC547F670350A6FE4AE9664CF0535EF7
 +    Session-ID-ctx: 
 +    Master-Key: 936154921AA8759400E1BE3B63B702B68954F13C4875777EAEF402C513AEAC932243B8B6138850F3AC10F342D95F998C
 +    Key-Arg   : None
 +    Start Time: 1283518640
 +    Timeout   : 300 (sec)
 +    Verify return code: 19 (self signed certificate in certificate chain)
 +---
 +
 +
 +</code> 
howtos/test_a_certificate_chain.txt · Last modified: 02/12/2018 21:34 by 127.0.0.1