Saminnet-Search Article Wiki Forum Piwigo SNS Cloud vtiger Sugar
OpenSSL verify

  • Data-Articles
    • Labuanbajo2 (219) Sat09,12:10pm

      Hari pertamaSailingKomodo, kapal kami menuju ke pulau Kanawa. Bukan Kenawa yang di Sumba itu, ya. Karena biasanya sering tertukar. Pulau Kanawa sendiri sebuah pulau kecil yang memiliki dermaga dan sebuah resort. Kalian bisa menginap di resort ini dengan fasilitas antar jemput dari pelabuhan Labuan Bajo-Kanawa. Bisa dilihat paketnya di situs-situs penjualan reservasi hotel. Kami akan mampir untuksn


OpenSSL verify

Before you set up your certificates, it's a good idea to test them to ensure that they are correct and will work together. Here's how you can test the validity of an SSL certificate - also see below for additional checks, especially if your key or certificate is in a different format than .key or .crt:


  • For these examples, assume that certificate.crt is the certificate to be uploaded, certificate.key is the private key for that certificate, and that the certificate chain information is found in certificate-chain.crt.
  • This article assumes you have OpenSSL installed in a place you can test with it.
  • For full details on the OpenSSL flags, see the OpenSSL man page.
  1. Open a command prompt window and cd to the location of your existing certificate, and then verify the certificate chain by using the following command:
    openssl verify -CAfile certificate-chain.crt certificate.crt

    If the response is OK, the check is valid.

  2. Verify that the public keys contained in the private key file and the certificate are the same:
    openssl x509 -in certificate.crt -noout -pubkey
    openssl rsa -in certificate.key -pubout

    The output of these two commands should be exactly the same.

  3. Verify that the private key and public key are a key pair that match:
    openssl rsa -noout -modulus -in certificate.key | openssl md5
    openssl x509 -noout -modulus -in certificate.crt | openssl md5

    The output of these two commands must be exactly the same.

  4. Check the dates that the certificate is valid:
    openssl x509 -noout -in certificate.crt -dates

    Ensure that the current date is between the certificate's start and end dates.

  5. Check the order of your certificates.

    The most common reason for a certificate deployment to fail is that the intermediate/chain certificates are not in the correct order. One method of checking the order via the command is:
    openssl crl2pkcs7 -nocrl -certfile $BUNDLED_CERT | openssl pkcs7 -print_certs -noout

    Your output should look similar to this:

    openssl crl2pkcs7 -nocrl -certfile $BUNDLED_CERT | openssl pkcs7 -print_certs -noout
    subject=/C=US/ST=Massachusetts/L=Boston/O=Acquia Inc/OU=Acquia Hosting/
    issuer=/C=US/O=DigiCert Inc/ SHA2 High Assurance Server CA
    subject=/C=US/O=DigiCert Inc/ SHA2 High Assurance Server CA
    issuer=/C=US/O=DigiCert Inc/ High Assurance EV Root CA
    subject=/C=US/O=DigiCert Inc/ High Assurance EV Root CA
    issuer=/C=US/O=DigiCert Inc/ High Assurance EV Root CA

    These need to conclude with the root certificate or cert most proximate to the root.

Other checks and format conversions

You may have a key or a certificate in a different format than the standard. You can read What is a Pem file and how does it differ from other OpenSSL Generated Key File Formats? for more information on different key formats. Here are some checks you can use:

  • Check to see if your Test Key is in PEM format:

    openssl rsa -inform PEM -in /tmp/certificate.key
  • Check to see if your Test Certificate is in PEM format:

    openssl x509 -inform PEM -in /tmp/certificate.crt
  • View the entire contents of the certificate:

    openssl x509 -in certificate.crt -noout -text
  • Check to see if your Test Certificate is in DER format:

    openssl x509 -in certificate.crt -inform DER -text -noout
  • Convert a certificate in crt format to PEM:

    openssl x509 -in certificate.crt -out certificate.pem -outform PEM
  • Convert a DER format to PEM:

    openssl x509 -in certificate.der -inform DER -out certificate.pem -outform PEM


0 #1 Guest 2019-10-03 00:02
Wonderful blog! I found it while browsing on Yahoo News.
Do you have any suggestions on how to get listed in Yahoo News?
I've been trying for a while but I never seem to
get there! Thanks

Feel free to visit my blog Buy

Articles by Date

TweetTweet Share on LinkedInShare on LinkedIn Share on Google+Google+ Submit to RedditReddit Publish on WordPress WordPress Send emailSend email