Verify Certificate


How to verify certificate & it content with the help of openssl set of commands. 

1. Verify the subject and issuer of a certificate

[root@fedora101 CA]# openssl x509 -subject -issuer -enddate -noout -in /tmp/fedora101.crt 
subject= /C=IN/ST=UP/O=Plentree Enterprise Ltd/CN=Amit Vashist/emailAddress=plentree.ca@vashist.com
issuer= /C=IN/ST=UP/L=Meerut/O=Plentree Enterprise Ltd/CN=Amit Vashist/emailAddress=plentree.ca@vashist.com
notAfter=Apr 10 18:15:02 2016 GMT
[root@fedora101 CA]#

2. Verify all content of a certificate

[root@fedora101 CA]# openssl x509 -in /tmp/fedora101.crt -noout -text
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 1 (0x1)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: C=IN, ST=UP, L=Meerut, O=Plentree Enterprise Ltd, CN=Amit Vashist/emailAddress=plentree.ca@vashist.com
        Validity
            Not Before: Apr 11 18:15:02 2015 GMT
            Not After : Apr 10 18:15:02 2016 GMT
        Subject: C=IN, ST=UP, O=Plentree Enterprise Ltd, CN=Amit Vashist/emailAddress=plentree.ca@vashist.com
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                Public-Key: (2048 bit)
                Modulus:
                    00:c1:33:64:98:25:a1:72:5c:28:37:97:e1:b8:24:
                    f0:7b:5d:0e:45:d6:93:7d:d6:3f:33:3a:19:97:9b:
                    f3:5e:5c:d1:e2:47:37:e7:4b:35:4e:9f:45:bc:0b:
                    ad:0f:37:21:f1:40:aa:bd:3a:62:4c:ba:66:1b:36:
                    62:da:44:e6:53:25:09:f2:63:69:9a:35:50:f7:a2:
                    5d:68:88:de:5b:89:08:bc:0f:7b:6b:7e:a6:df:ab:
                    e2:0b:4e:97:b8:e3:62:a3:64:44:07:3f:07:1b:8e:
                    f5:bb:21:68:32:db:78:76:a3:f1:84:82:32:97:0a:
                    34:58:22:3c:28:fb:53:a3:d3:aa:e6:c6:34:65:8e:
                    25:2e:5b:f4:b4:b2:87:36:6d:75:3c:e7:bf:fa:0e:
                    db:cd:f1:99:d9:16:1a:3a:f3:3c:35:3d:b0:f7:76:
                    a2:7e:bc:d0:72:b9:0d:49:80:f4:89:be:0a:ff:3e:
                    70:cf:c2:79:be:d5:69:d7:7e:ff:0b:32:f6:d5:9b:
                    ab:b4:bd:44:a2:29:21:8a:d2:d6:0c:5f:45:c5:44:
                    6f:72:f7:17:2e:d5:a8:64:c4:e3:58:a9:70:4f:b8:
                    5d:8e:3f:25:07:0d:01:7a:97:a9:eb:df:ca:08:83:
                    55:b3:af:3b:6a:46:b2:51:70:3b:a2:12:e9:39:02:
                    24:29
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Basic Constraints: 
                CA:FALSE
            Netscape Comment: 
                OpenSSL Generated Certificate
            X509v3 Subject Key Identifier: 
                D6:6E:9E:60:23:85:D1:ED:21:33:22:59:1C:96:CE:B0:38:5C:37:39
            X509v3 Authority Key Identifier: 
                keyid:2A:FC:86:41:D9:84:9E:9C:B6:6A:0C:19:B1:8C:A8:A4:A1:A4:97:EA

    Signature Algorithm: sha256WithRSAEncryption
         6c:53:ec:27:a6:2e:b7:b0:ec:58:b2:40:71:f7:e7:68:6a:9a:
         d6:58:db:0a:ed:a1:10:15:b9:dd:1e:50:73:c3:8b:4d:bb:7b:
         d6:a9:24:24:29:b5:f2:f0:41:70:f5:8e:77:dd:c0:28:d4:a4:
         a7:4b:67:1d:4b:fc:46:7a:a2:c6:74:2b:85:a2:53:f3:53:3a:
         fb:45:30:ab:9b:7a:dd:66:0e:33:40:a5:3f:95:3a:07:4d:f0:
         ba:58:e5:a7:bf:16:ff:7d:ee:36:c7:00:d6:37:1f:15:ef:a4:
         75:d0:91:f2:27:7a:9d:0c:97:42:65:62:2c:f8:d7:34:e3:83:
         9e:2a:a7:b1:c2:0a:f1:65:37:79:73:ed:77:4e:c7:9d:b0:f3:
         51:f1:d7:39:cf:1c:e9:06:08:43:61:a3:fe:e1:18:4e:7e:00:
         bf:5b:29:22:ef:96:50:1e:d9:4d:d2:0f:41:b8:66:73:5a:0f:
         2e:49:b8:ee:de:b8:51:3c:57:ac:88:8f:6a:30:a5:ba:42:02:
         20:7e:0f:9b:5d:83:d9:66:5d:62:f1:8d:fe:29:c4:fd:4b:da:
         aa:81:a1:ed:8e:27:98:41:c7:14:4b:f7:b6:44:df:d4:7a:68:
         9f:dc:c9:5c:fb:e6:c0:5a:c2:21:bc:4b:bf:6a:6d:78:a3:57:
         c3:1b:8e:fd
[root@fedora101 CA]# ^C

3. Verify that the certificate is valid for server authentication.

[root@fedora101 CA]# openssl verify -purpose sslserver -CAfile certs/ca.crt /tmp/fedora101.crt 
/tmp/fedora101.crt: OK
[root@fedora101 CA]#

Happy Learning 🙂 🙂

Cheers!!!

Advertisements

About Amit Vashist

Amit Vashist is someone who brings with him a treasure full of experience of over 8 years in open source technologies. When it comes to virtualization he has single handedly managed end-to-end migration projects in KVM and Xen that involved right from sizing the systems to P2V of existing physical servers. He understands what can go wrong in virtualized world and how to take care of it. He also has root level knowledge on Red Hat platforms and has commissioned & Lamp; Provides Corporate Training over Red Hat HA clusters. Now days Supporting Telecom Giant Billing & Support system, gaining experience on JBoss, Splunk, SQL, Nagios, Apache & Fuse ..etc.
This entry was posted in Linux, OpenSSL and tagged , , , , , , , , . Bookmark the permalink.

One Response to Verify Certificate

  1. Pingback: OpenSSL | Share our secret

Please share your valuable suggestions/comments..!!!

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s