OpenSSL "verify -CAfile" - Specify Root CA Certificate

Q

How to specify the root CA certificates that close the signing chain for the server certificate for OpenSSl "verify" command? I have downloaded the root CA certificate in a file.

✍: FYIcenter.com

A

If you have the root CA certificate downloaded in a file, you can provide it to the OpenSSL "verify" command using the "-CAfile" option as shown below:

C:\Users\fyicenter>\local\openssl\openssl.exe

OpenSSL> verify -untrusted twitter_chain.pem -CAfile DigiCert.pem twitter.pem

twitter.pem: OK

The result is good. The certificate validation passed. Let's review the "verify" command options and arguments again:

"twitter.pem" argument specifies the server certificate.
"-untrusted twitter_chain.pem" option specifies intermediate CA certificates that used in the signing chain of the server certificate.
"-CAfile VeriSign.pem" option specifies the root CA certificate that signs the last intermediate CA certificate in the chain.

⇒ OpenSSL "genpkey" Command for RSA Keys

⇐ Download Root CA Certificate

⇑ OpenSSL "verify" Command

⇑⇑ OpenSSL Tutorials

2012-07-24, 8438👍, 0💬

OpenSSL "verify -CAfile" - Specify Root CA Certificate
How to specify the root CA certificates that close the signing chain for the server certificate for OpenSSl "verify" command? I have downloaded the root CA certificate in a file. If you have the root CA certificate downloaded in a file, you can provide it to the OpenSSL "verify" command using the "-... 2012-07-24, 8439👍, 0💬

OpenSSL "verify" - Verify or Validate Certificate
How to verify or validate a certificate using OpenSSL "verify" command? I got a certificate from the Web site server and want to see if it is valid. If you have a certificate stored in a file, you can try to validate it or verify it with the OpenSSL "verify" command as shown below: C:\Users\fyicente... 2012-07-24, 8175👍, 0💬

Download Root CA Certificate
How to download the certificate from a root CA? I need to the root CA certificate to close the certification validation chain. If you know the CN (Common Name) of the root CA, for example "DigiCert High Assurance EV Root CA", you can search and download it our certificate database at certificate.fyi... 2012-07-24, 8138👍, 0💬

OpenSSL "verify" Command Options
What can I use OpenSSL "verify" command for? What are options supported by the "verify" command? OpenSSL "verify" command is a utility to verify certificates. Here are options supported by the "verify" command: C:\Users\fyicenter>\loc al\openssl\openssl.exeOpenSSL> verify -h usage: ver... 2012-07-24, 5842👍, 0💬

What Is Java Keystore File
What is a Java Keystore file? I heard that it used to provide CA certificates to Java applications. A Java Keystore file is a specially formatted file used to store cryptographic keys and certificates. A Java KeyStore file can be used to store 3 types of entries: 1. PrivateKeyEntry - This type of en... 2012-07-24, 5275👍, 0💬

OpenSSL Verify Operation Steps
How does the OpenSSL verify operation work? What are the steps used by OpenSSL to verify a certificate? The OpenSSL verify operation uses the same functions as the internal SSL and S/MIME verification, therefore this description applies to these verify operations too. There is one crucial difference... 2012-07-24, 4525👍, 0💬

File Name Extensions Used for Certificates
What are file name extensions used for certificates? I see .cer files on my Windows computer. Most commonly used file name extensions for X.509 certificates are: .cer - Used for certificate files in binary DER format. Could also be used for certificate files in text PEM format. .crt - Used for certi... 2012-07-25, 4226👍, 0💬

Example of X.509 Certificate Data Structure
Can you show me an example of X.509 certificate data structure? Here is an example of X.509 Version 3 certificate data structure: Certificate: Data: Version: 3 (0x2) Serial Number: 1 (0x1) Signature Algorithm: md5WithRSAEncryption Issuer: C=ZA, ST=Western Cape, L=Cape Town, O=Thawte Consulting cc, O... 2012-07-24, 4139👍, 0💬

Distinguished Names on Certificates
What are distinguished names on certificates? I see "C=US" on in many certificates. Distinguished Names are used in X.509 certificates to identify entities, such as those which are named by the subject and issuer (signer) fields. The X.509 standard defines the following fields for Distinguished Name... 2012-07-25, 3773👍, 0💬

All rights in the contents of this web site are reserved by the individual author. fyicenter.com does not guarantee the truthfulness, accuracy, or reliability of any contents.