Categories:
Android (13)
Apple Mac (27)
DH Keys (39)
DSA Keys (83)
EC Keys (2463)
Firefox (30)
General (10)
Google Chrome (25)
Intermediate CA (152)
Java VM (29)
JDK Keytool (28)
Microsoft CertUtil (29)
Microsoft Edge (9)
Mozilla CertUtil (21)
OpenSSL (236)
Other (7)
Portecle (38)
Publishers (6622)
Revoked Certificates (16)
Root CA (85)
RSA Keys (5335)
Tools (46)
Tutorial (1)
What Is (22)
Windows (127)
Collections:
Other Resources:
OpenSSL "verify" - Verify or Validate Certificate
How to verify or validate a certificate using OpenSSL "verify" command? I got a certificate from the Web site server and want to see if it is valid.
✍: FYIcenter.com
If you have a certificate stored in a file, you can try to validate it or verify it with the OpenSSL "verify" command as shown below:
C:\Users\fyicenter>\local\openssl-win32\bin\openssl.exe OpenSSL> verify twitter.pem twitter.pem: /1.3.6.1.4.1.311.60.2.1.3=US/1.3.6.1.4.1.311.60.2.1.2=Delaware /2.5.4.15=Private Organization/serialNumber=4337446/C=US/postalCode=94107 /ST=California/L=San Francisco/streetAddress=795 Folsom St, Suite 600 /O=Twitter, Inc./OU=Twitter Security/CN=twitter.com error 20 at 0 depth lookup:unable to get local issuer certificate twitter.pem: businessCategory = Private Organization, jurisdictionC = US, jurisdictionST = Delaware, serialNumber = 4337446, street = Suite 900, street = 1355 Market St, postalCode = 94103, C = US, ST = California, L = San Francisco, O = "Twitter, Inc.", OU = Twitter Security, CN = twitter.com error 20 at 0 depth lookup:unable to get local issuer certificate error in verify OpenSSL> x509 -in twitter.pem -noout -issuer issuer= /C=US/O=DigiCert Inc/OU=www.digicert.com/CN=DigiCert SHA2 Extended Validation Server CA
The certification validation failed with the error message: "unable to get local issuer certificate". Based on the OpenSSL documentation, the cause of the error is the issuer certificate could not be found: this occurs if the issuer certificate of an untrusted certificate cannot be found.
The output of the "x509 -in twitter.pem -noout -issuer" command tells us that the issuer of the certificate in "twitter.pem" is "DigiCert SHA2 Extended Validation Server CA". We need to find a way to provide the certificate of "DigiCert SHA2 Extended Validation Server CA" to pass the validation.
If you don't have "twitter.pem" certificate file this tutorial, you can create one using "openssl -s_client -connect www.twitter.com:443 > twitter.pem" command.
⇒ OpenSSL "verify -untrusted" - Specify Untrusted Certificate
2012-07-24, 10060🔥, 0💬
Popular Posts:
Certificate summary - Owner: *.sciencedirect.com, LexisNexis, LexisNexis, L=Miamisburg, ST=OHIO, US ...
Certificate Summary: Subject: Entrust Certification Authority - L1M Issuer: Entrust Root Certificati...
Certificate summary - Owner: GeoTrust SSL CA - G3, GeoTrust Inc., US Issuer: GeoTrust Global CA, Geo...
How to rename a keystore entry with Portecle? To rename a keystore entry: Right-click on the keystor...
What is FYIcenter Public/Private Key Decoder and Viewer? FYIcenter Public/Private Key Decoder and Vi...