This guide provides instructions to verify and simulate SSL certificates using OpenSSL commands.
1. Check Individual Certificate Details:
Command: openssl x509 -in my.crt -text -noout
This command displays the details of the certificate stored in ‘my.crt’.
2. Verify the Chain of Trust:
Command: cat intermeidate.crt root.crt > chain.crt
Command: openssl verify -CAfile chain.crt my.crt
This command checks the certificate chain starting from the root certificate to the intermediate and ending at your specific certificate.
3. Verify CA certificate by openssl command directly:
Command: openssl s_client -connect example.com:443 -CAfile rootCA.crt
4. Check what certificate servers are sending:
Command: openssl s_client -connect example.com:443 -showcerts
5. Simulate Server Configuration:
Start the server:
openssl s_server -cert my.crt -key my.key -CAfile intermediate.crt -www
This starts with a simple SSL/TLS server using the specified certificates and key.
Start the client:
openssl s_client -connect localhost:4433
This simulates an SSL/TLS client connecting to the server you started.
Outcome: If at the end of the client output you see “Verify return code: 0 (ok)”, then your SSL configuration is set up correctly.
To understand how SSL Chain works please visit how-ssl-certificate-chain-works
