Verify SSL Certificate Using OpenSSL Tools

zero comment
OpenSSL SSL

This guide provides instructions to verify and simulate SSL certificates using OpenSSL commands.

1. Check Individual Certificate Details:

Command: openssl x509 -in my.crt -text -noout

This command displays the details of the certificate stored in ‘my.crt’.

2. Verify the Chain of Trust:

Command: cat intermeidate.crt root.crt > chain.crt

Command: openssl verify -CAfile chain.crt  my.crt

This command checks the certificate chain starting from the root certificate to the intermediate and ending at your specific certificate.

3. Check what certificate servers are sending:

Command: openssl s_client -connect example.com:443 -showcerts

4. Simulate Server Configuration:

Start the server:

openssl s_server -cert my.crt -key my.key -CAfile intermediate.crt -www

This starts with a simple SSL/TLS server using the specified certificates and key.

Start the client:

openssl s_client -connect localhost:4433

This simulates an SSL/TLS client connecting to the server you started.

Outcome: If at the end of the client output you see “Verify return code: 0 (ok)”, then your SSL configuration is set up correctly.

To understand how SSL Chain works please visit  how-ssl-certificate-chain-works

admin

Leave a Reply

Your email address will not be published. Required fields are marked *

Related Articles

How to Create a Self-Signed SSL Certificate
Read More
How to Install an SSL Certificate on NGINX
Read More
How to Install an SSL Certificate on Apache
Read More