User Tools

Site Tools


howtos:view_the_signer_of_a_certificate

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

howtos:view_the_signer_of_a_certificate [d/m/Y H:i] (current)
Line 1: Line 1:
 +(Note: This requires OpenSSL version 0.9.8a or higher.) You may want to find out what Certificate Authority (CA) signed a particular certificate. OpenSSL terms this CA as the "​issuer"​. You can view the issuer of a certificate,​ and you can also view the hash of the issuer. The hash is useful if you have named your certificates with their hash value. You could then quickly match the issuer hash with the certificate hash file name. Here's an openssl command to output this information:​
 +
 +    > openssl x509 -in cert.pem -noout -issuer -issuer_hash
 +    issuer= /​C=US/​ST=Illinois/​L=Urbana/​O=NCSA/​CN=www.ncsa.uiuc.edu/​emailAddress=webmaster@ncsa.uiuc.edu
 +    be7cee67
 +    >
 +
 +Here's an explanation of the command line options:
 +
 +    * -in cert.pem - read in the certificate in question from the file cert.pem.
 +    * -noout - do not output the PEM-encoded version of the certificate.
 +    * -issuer - output the issuer'​s Distinguished Name (DN).
 +    * -issuer_hash - output the hash of the certificate issuer'​s name. (Option available in version 0.9.8a and above.)
 +
 +
 +Note that this command only gives you the entity that signed this certificate. It does NOT give you the root CA, since a certificate chain can contain many entities. To get to the root CA, you have to keep running this command on the "​issuer"​ until you find a self-signed certificate (i.e. the "​issuer"​ equals the "​subject"​).
 +
  
howtos/view_the_signer_of_a_certificate.txt · Last modified: d/m/Y H:i (external edit)