The following steps are used to validate the SSL certificates with openssl command
Check the Certificate Chain: To check the certificate chain and ensure that it’s valid, you can use the openssl verify
command. This command will check if the certificate chain is valid up to a trusted root certificate.
openssl verify -CAfile gd_bundle-g2-g1.crt abc.crt
In this command:
gd_bundle-g2-g1.crt
is the file containing the trusted root certificates (the certificate authority bundle).
abc.crt
is the certificate you want to verify.
If the certificate chain is valid, you’ll see a message like: abc.crt: OK
.
Check Certificate Details:
To view detailed information about a certificate, you can use the openssl x509
command. For example, to view the details of the abc.crt
certificate:
openssl x509 -in abc.crt -text
This will display all the information about the certificate, including its subject, issuer, validity dates, and more.
Check the Private Key and Certificate Match:
To verify if a private key (abc.key
) matches a certificate (abc.crt
), you can use the openssl rsa
and openssl x509
commands together:
openssl rsa -noout -modulus -in abc.key | openssl md5
openssl x509 -noout -modulus -in abc.crt | openssl md5
If the modulus values printed by these commands match, it indicates that the private key and certificate match.
Check Certificate Expiry Date:
To check the expiry date of a certificate, you can use the openssl x509
command:
openssl x509 -enddate -noout -in abc.crt
This will display the certificate’s expiry date.
These OpenSSL commands provide various ways to validate SSL certificates and perform different checks. Adjust the commands based on your specific requirements for certificate validation.