Verify: SSL Certificate Under OpenSSL

All UNIX / Linux applications linked against the OpenSSL libraries can verify certificates signed by a recognized certificate authority (CA). How do I verify SSL certificates using OpenSSL command line toolkit itself under UNIX like operating systems without using third party websites?

You can pass the verify option to openssl command to verify certificates as follows:
$ openssl verify pem-file
$ openssl verify mycert.pem
$ openssl verify cyberciti.biz.pem

Sample outputs:

ADVERTISEMENTS

cyberciti.biz.pem: OK

You will see OK message if everything checks out. If a certificate has expired, it will complain about it. Please note that OpenSSL won’t verify a self-signed certificate. You can also retrieve the www.example.com certificate as follows and verify the same:
$ mkdir -p ~/.cert/www.example.com/
$ cd ~/.cert/www.example.com/
$ openssl s_client -showcerts -connect www.example.com:443

Copy from the “—–BEGIN CERTIFICATE—–” to the “—–END CERTIFICATE—–” , and save it in your ~/.cert/www.example.com/ directory as www.example.com.pem file. By default OpenSSL is configured to use various certificate authorities your system trusts and stored in /usr/lib/ssl/ directory. You can verify this using the following command:
$ openssl version -d
Sample outputs:

OPENSSLDIR: "/usr/lib/ssl"

Another option is to get certificate from the CA repository:
$ wget https://certs.godaddy.com/repository/gd_bundle.crt -O ~/.cert/www.example.com/gd.pem
Finally, create a symbolic link to files named by the hash values using c_rehash, enter:
$ c_rehash ~/.cert/www.example.com/
To confirm you have the correct and working certificates, enter:
$ openssl s_client -CApath ~/.cert/mail.example.com/ -connect www.example.com:443

References (suggested readings):

🐧 Get the latest tutorials on SysAdmin, Linux/Unix, Open Source/DevOps topics:
CategoryList of Unix and Linux commands
File Managementcat
FirewallCentOS 8 OpenSUSE RHEL 8 Ubuntu 16.04 Ubuntu 18.04 Ubuntu 20.04
Network Utilitiesdig host ip nmap
OpenVPNCentOS 7 CentOS 8 Debian 10 Debian 8/9 Ubuntu 18.04 Ubuntu 20.04
Package Managerapk apt
Processes Managementbg chroot cron disown fg jobs killall kill pidof pstree pwdx time
Searchinggrep whereis which
User Informationgroups id lastcomm last lid/libuser-lid logname members users whoami who w
WireGuard VPNCentOS 8 Debian 10 Firewall Ubuntu 20.04

ADVERTISEMENTS
0 comments… add one

Leave a Reply

Your email address will not be published.

Use HTML <pre>...</pre>, <code>...</code> and <kbd>...</kbd> for code samples.