OpenSSL certificate checking
Check a certificate
Information about it (signing authority, expiration date, etc.):
openssl x509 -in server.crt -text -noout
Check a key
Check the SSL key and verify the consistency:
openssl rsa -in server.key -check
Check a CSR
Verify the CSR and print CSR data filled in when generating the CSR:
openssl req -text -noout -verify -in server.csr
Verify a certificate and key matches
The checksums can be compared to verify that the certificate and key match.
openssl x509 -noout -modulus -in server.crt | openssl md5
openssl rsa -noout -modulus -in server.key | openssl md5
Verifying that a Certificate is issued by a CA
Verify that a certificate was issued by a specific CA, given that CA's certificate
openssl verify -verbose -CAfile cacert.pem server.crt
server.crt: OK
Information about it (signing authority, expiration date, etc.):
openssl x509 -in server.crt -text -noout
Check a key
Check the SSL key and verify the consistency:
openssl rsa -in server.key -check
Check a CSR
Verify the CSR and print CSR data filled in when generating the CSR:
openssl req -text -noout -verify -in server.csr
Verify a certificate and key matches
The checksums can be compared to verify that the certificate and key match.
openssl x509 -noout -modulus -in server.crt | openssl md5
openssl rsa -noout -modulus -in server.key | openssl md5
Verifying that a Certificate is issued by a CA
Verify that a certificate was issued by a specific CA, given that CA's certificate
openssl verify -verbose -CAfile cacert.pem server.crt
server.crt: OK
Komentar