OpenSSL "verify -CAfile" - Specify Root CA Certificate

Q

How to specify the root CA certificates that close the signing chain for the server certificate for OpenSSl "verify" command? I have downloaded the root CA certificate in a file.

✍: FYIcenter.com

A

If you have the root CA certificate downloaded in a file, you can provide it to the OpenSSL "verify" command using the "-CAfile" option as shown below: 

C:\Users\fyicenter>\local\openssl\openssl.exe

OpenSSL> verify -untrusted twitter_chain.pem -CAfile DigiCert.pem twitter.pem

twitter.pem: OK

The result is good. The certificate validation passed. Let's review the "verify" command options and arguments again:

  • "twitter.pem" argument specifies the server certificate.
  • "-untrusted twitter_chain.pem" option specifies intermediate CA certificates that used in the signing chain of the server certificate.
  • "-CAfile VeriSign.pem" option specifies the root CA certificate that signs the last intermediate CA certificate in the chain.

 

OpenSSL "verify" Command

⇒⇒OpenSSL Tutorials

2012-07-24, 7357👍, 0💬

Firefox General Google Chrome IE (Internet Explorer) Intermediate CA Java VM JDK Keytool Microsoft CertUtil Mozilla CertUtil OpenSSL Other Portecle Public Private Key Publishers Revoked Certificates Root CA Tools Tutorial What Is Windows