This guide provides step-by-step instructions to verify and simulate SSL certificates using OpenSSL commands.
1. Check Individual Certificate Details:
Command: openssl x509 -in my.crt -text -noout
This command displays the details of the certificate stored in ‘my.crt’.
2. Verify the Chain of Trust:
Command: openssl verify -CAfile intermediate.crt -untrusted root.crt my.crt
This command checks the certificate chain starting from the root certificate to the intermediate and ending at your specific certificate.
3. Simulate Server Configuration:
Start the server:
openssl s_server -cert my.crt -key my.key -CAfile intermediate.crt -www
This starts a simple SSL/TLS server using the specified certificates and key.
Start the client:
openssl s_client -connect localhost:4433
This simulates an SSL/TLS client connecting to the server you started.
Outcome: If at the end of the client output you see “Verify return code: 0 (ok)”, then your SSL configuration is set up correctly.
