OpenSSL "verify -CAfile" - Specify Root CA Certificate

Q

How to specify the root CA certificates that close the signing chain for the server certificate for OpenSSl "verify" command? I have downloaded the root CA certificate in a file.

✍: FYIcenter.com

A

If you have the root CA certificate downloaded in a file, you can provide it to the OpenSSL "verify" command using the "-CAfile" option as shown below:

C:\Users\fyicenter>\local\openssl\openssl.exe

OpenSSL> verify -untrusted twitter_chain.pem -CAfile DigiCert.pem twitter.pem

twitter.pem: OK

The result is good. The certificate validation passed. Let's review the "verify" command options and arguments again:

  • "twitter.pem" argument specifies the server certificate.
  • "-untrusted twitter_chain.pem" option specifies intermediate CA certificates that used in the signing chain of the server certificate.
  • "-CAfile VeriSign.pem" option specifies the root CA certificate that signs the last intermediate CA certificate in the chain.

 

OpenSSL "genpkey" Command for RSA Keys

Download Root CA Certificate

OpenSSL "verify" Command

⇑⇑ OpenSSL Tutorials

2012-07-24, 11979👍, 0💬