OpenSSL "verify -CAfile" - Specify Root CA Certificate

Q

How to specify the root CA certificates that close the signing chain for the server certificate for OpenSSl "verify" command? I have downloaded the root CA certificate in a file.

✍: FYIcenter.com

A

If you have the root CA certificate downloaded in a file, you can provide it to the OpenSSL "verify" command using the "-CAfile" option as shown below:

C:\Users\fyicenter>\local\openssl\openssl.exe

OpenSSL> verify -untrusted twitter_chain.pem -CAfile DigiCert.pem twitter.pem

twitter.pem: OK

The result is good. The certificate validation passed. Let's review the "verify" command options and arguments again:

  • "twitter.pem" argument specifies the server certificate.
  • "-untrusted twitter_chain.pem" option specifies intermediate CA certificates that used in the signing chain of the server certificate.
  • "-CAfile VeriSign.pem" option specifies the root CA certificate that signs the last intermediate CA certificate in the chain.

 

OpenSSL "verify" Command

⇒⇒OpenSSL Tutorials

2012-07-24, 6520👍, 0💬