Verify: SSL Certificate Under OpenSSL

All UNIX / Linux applications linked against the OpenSSL libraries can verify certificates signed by a recognized certificate authority (CA). How do I verify SSL certificates using OpenSSL command line toolkit itself under UNIX like operating systems without using third party websites?

You can pass the verify option to openssl command to verify certificates as follows:
$ openssl verify pem-file
$ openssl verify mycert.pem
$ openssl verify

Sample outputs: OK

You will see OK message if everything checks out. If a certificate has expired, it will complain about it. Please note that OpenSSL won’t verify a self-signed certificate. You can also retrieve the certificate as follows and verify the same:
$ mkdir -p ~/.cert/
$ cd ~/.cert/
$ openssl s_client -showcerts -connect

Copy from the “—–BEGIN CERTIFICATE—–” to the “—–END CERTIFICATE—–” , and save it in your ~/.cert/ directory as file. By default OpenSSL is configured to use various certificate authorities your system trusts and stored in /usr/lib/ssl/ directory. You can verify this using the following command:
$ openssl version -d
Sample outputs:

OPENSSLDIR: "/usr/lib/ssl"

Another option is to get certificate from the CA repository:
$ wget -O ~/.cert/
Finally, create a symbolic link to files named by the hash values using c_rehash, enter:
$ c_rehash ~/.cert/
To confirm you have the correct and working certificates, enter:
$ openssl s_client -CApath ~/.cert/ -connect

References (suggested readings):

🐧 Get the latest tutorials on Linux, Open Source & DevOps via RSS feed or Weekly email newsletter.

🐧 0 comments... add one

CategoryList of Unix and Linux commands
Disk space analyzersdf ncdu pydf
File Managementcat cp mkdir tree
FirewallAlpine Awall CentOS 8 OpenSUSE RHEL 8 Ubuntu 16.04 Ubuntu 18.04 Ubuntu 20.04
Network UtilitiesNetHogs dig host ip nmap
OpenVPNCentOS 7 CentOS 8 Debian 10 Debian 8/9 Ubuntu 18.04 Ubuntu 20.04
Package Managerapk apt
Processes Managementbg chroot cron disown fg jobs killall kill pidof pstree pwdx time
Searchinggrep whereis which
User Informationgroups id lastcomm last lid/libuser-lid logname members users whoami who w
WireGuard VPNAlpine CentOS 8 Debian 10 Firewall Ubuntu 20.04
0 comments… add one

Leave a Reply

Your email address will not be published.

Use HTML <pre>...</pre> for code samples. Still have questions? Post it on our forum