User Tools

Site Tools


howtos:test_a_certificate_chain

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

howtos:test_a_certificate_chain [d/m/Y H:i] (current)
Line 1: Line 1:
 +With OpenSSL you start a server instance:
  
 +<​code>​
 +openssl s_server -accept 9000 -cert cert.pem -key cert.key -CAfile ca.pem
 +Enter pass phrase for cert.key:
 +</​code>​
 +
 +^ Parameter ​ ^ Explanation ​          |
 +| s_server ​ | Start a SSL server ​         |
 +| -accept 9000    | Make the server listen on port 9000 |
 +| -cert cert.pem ​  | Use the certificate in the file cert.pem |
 +| -key cert.key | Use the private key in the file cert.key ​  |
 +| -CAfile ca.pem | Use the CA chain file ca.pem |
 +
 +What this command does is start a SSL server instance where it sends the certificate (cert.pem) and to make the certificate verifiable the CA chain (ca.pem) is appended.
 +
 +This process will show if the chain corresponds to the certificate.
 +
 +To test run this:
 +
 +<​code>​
 +openssl s_client -connect localhost:​9000
 +CONNECTED(00000003)
 +depth=2 /​C=US/​O=thawte,​ Inc./​OU=Certification Services Division/​OU=For Test Purposes Only.  No assurances./​CN=thawte Trial Secure Server Root CA
 +verify error:​num=19:​self signed certificate in certificate chain
 +verify return:0
 +---
 +Certificate chain
 + 0 s:/​C=DK/​ST=Copenhagen/​L=Copenhagen/​O=Medcom/​OU=IT/​OU=For Test Purposes Only.  No assurances./​CN=test.domain.com
 +   ​i:/​C=US/​O=Thawte,​ Inc./​OU=Certification Services Division/​OU=For Test Purposes Only.  No assurances./​CN=Thawte Trial Secure Server CA
 + 1 s:/​C=US/​O=Thawte,​ Inc./​OU=Certification Services Division/​OU=For Test Purposes Only.  No assurances./​CN=Thawte Trial Secure Server CA
 +   ​i:/​C=US/​O=thawte,​ Inc./​OU=Certification Services Division/​OU=For Test Purposes Only.  No assurances./​CN=thawte Trial Secure Server Root CA
 + 2 s:/​C=US/​O=thawte,​ Inc./​OU=Certification Services Division/​OU=For Test Purposes Only.  No assurances./​CN=thawte Trial Secure Server Root CA
 +   ​i:/​C=US/​O=thawte,​ Inc./​OU=Certification Services Division/​OU=For Test Purposes Only.  No assurances./​CN=thawte Trial Secure Server Root CA
 +---
 +Server certificate
 +-----BEGIN CERTIFICATE-----
 +MIIDuzCCAqOgAwIBAgIQGpdMvqOpRl0RRpfwudI5jTANBgkqhkiG9w0BAQUFADCB
 +qDELMAkGA1UEBhMCVVMxFTATBgNVBAoTDFRoYXd0ZSwgSW5jLjEoMCYGA1UECxMf
 +Q2VydGlmaWNhdGlvbiBTZXJ2aWNlcyBEaXZpc2lvbjEwMC4GA1UECxMnRm9yIFRl
 +c3QgUHVycG9zZXMgT25seS4gIE5vIGFzc3VyYW5jZXMuMSYwJAYDVQQDEx1UaGF3
 +dGUgVHJpYWwgU2VjdXJlIFNlcnZlciBDQTAeFw0xMDA5MDIwMDAwMDBaFw0xMDA5
 +MjMyMzU5NTlaMIGfMQswCQYDVQQGEwJESzETMBEGA1UECBMKQ29wZW5oYWdlbjET
 +MBEGA1UEBxQKQ29wZW5oYWdlbjEPMA0GA1UEChQGTWVkY29tMQswCQYDVQQLFAJJ
 +VDEwMC4GA1UECxQnRm9yIFRlc3QgUHVycG9zZXMgT25seS4gIE5vIGFzc3VyYW5j
 +ZXMuMRYwFAYDVQQDFA1ocy5rbXMubWVkY29tMIGfMA0GCSqGSIb3DQEBAQUAA4GN
 +ADCBiQKBgQDs0GceZbIumDfPLVhW9sDcRk6T5UwHAjor3r9HyTZLIF+Py8aF1Qcq
 +w/​eZY8jaQWzqTqKj4LBS2RSTv+J0JmlUPDl+iOOQreMDl91F9+6nJi+py1RhchfP
 +13fC57cpeRhn5mBSxiRqbcpTtFgnxFdJzrn1fHc0RZySMAiupkWxQwIDAQABo2ww
 +ajAMBgNVHRMBAf8EAjAAMDsGA1UdHwQ0MDIwMKAuoCyGKmh0dHA6Ly9jcmwudGhh
 +d3RlLmNvbS9UaGF3dGVUcmlhbFNTTENBLmNybDAdBgNVHSUEFjAUBggrBgEFBQcD
 +AQYIKwYBBQUHAwIwDQYJKoZIhvcNAQEFBQADggEBADHBJLNwiS5kPY6RA/​Fsz82v
 +Tho5QH/​TXlUhmcSxcfFMo4oD0kx3EPzv0cfIrm9aUtHsd9uehcbTEnhFZzM3VZdN
 +6xawfuS8oMVEjH4MS/​GRyQHEQ/​kAx4EZLXAAsbKzzHd+uOgZSOa595biGxVxiP8P
 +7TLXDKrV4/​f7Y4h6VbkJH8k9p/​qvDWZMqwA8K8Av348mR0Y3R5BphRtc9Rnq8tKF
 +JjNAks6UD0E9rGY/​3ouslNKP++yHess8JHtM8BmeVPAev6GyXHz5EsaQmKnubo61
 +jlYa5t0ep8/​9iyP00KPcdHwWwa6i9BGVp7s96vUD0nxhXvmYENeNT4/​lYsKWzb8=
 +-----END CERTIFICATE-----
 +subject=/​C=DK/​ST=Copenhagen/​L=Copenhagen/​O=Medcom/​OU=IT/​OU=For Test Purposes Only.  No assurances./​CN=test.domain.com
 +issuer=/​C=US/​O=Thawte,​ Inc./​OU=Certification Services Division/​OU=For Test Purposes Only.  No assurances./​CN=Thawte Trial Secure Server CA
 +---
 +No client certificate CA names sent
 +---
 +SSL handshake has read 3642 bytes and written 255 bytes
 +---
 +New, TLSv1/​SSLv3,​ Cipher is DHE-RSA-AES256-SHA
 +Server public key is 1024 bit
 +Secure Renegotiation IS supported
 +Compression:​ NONE
 +Expansion: NONE
 +SSL-Session:​
 +    Protocol ​ : TLSv1
 +    Cipher ​   : DHE-RSA-AES256-SHA
 +    Session-ID: 0A2080D06C5FDCE6FDC51A25A6943D5EFC547F670350A6FE4AE9664CF0535EF7
 +    Session-ID-ctx: ​
 +    Master-Key: 936154921AA8759400E1BE3B63B702B68954F13C4875777EAEF402C513AEAC932243B8B6138850F3AC10F342D95F998C
 +    Key-Arg ​  : None
 +    Start Time: 1283518640
 +    Timeout ​  : 300 (sec)
 +    Verify return code: 19 (self signed certificate in certificate chain)
 +---
 +
 +
 +</​code> ​
howtos/test_a_certificate_chain.txt · Last modified: d/m/Y H:i (external edit)