A blog for Linux Lovers.

Posted by sibu on February 8, 2012

Verify the Certificates using openssl command

If you need to check the information within a Certificate, CSR or Private Key you can use following cmmans

  • Check a Certificate Signing Request (CSR)

openssl req -text -noout -verify -in CSR.csr

  • Check a private key

openssl rsa -in privateKey.key -check

  • Check a certificate

openssl x509 -in certificate.crt -text -noout

  • Check a PKCS#12 file (.pfx or .p12)

openssl pkcs12 -info -in keyStore.p12

Debugging Using OpenSSL

If you are receiving an error that the private doesn’t match the certificate or that a certificate that you installed to a site is not trusted, try one of these commands..

  • Check an MD5 hash of the public key to ensure that it matches with what is in a CSR or private key

openssl x509 -noout -modulus -in certificate.crt | openssl md5
openssl rsa -noout -modulus -in privateKey.key | openssl md5
openssl req -noout -modulus -in CSR.csr | openssl md5

  • All the certificates (including Intermediates) should be displayed

openssl s_client -connect

Add A Comment