لطفا منتظر باشید ...
Recipe 4.4 Validating an SSL Certificate
4.4.1 Problem
You want to check that an
SSL
certificate is valid.
4.4.2 Solution
If your system's certificates are kept in a file (as
in Red Hat):
$ openssl ... -CAfile file_of_CA_certificates ...
If they are kept in a directory (as in SuSE):
$ openssl ... -CAdir directory_of_CA_certificates ...
For example, to check the certificate for the secure
IMAP server on
mail.server.net against the
system trusted certificate list on a Red Hat host:
$ openssl s_client -quiet -CAfile /usr/share/ssl/cert.pem -connect mail.server.net:993
To check the certificate of a secure web site
https://www.yoyodyne.com/ from a SuSE host
(recall HTTPS runs on port 443):
$ openssl s_client -quiet -CAdir /usr/share/ssl/certs -connect www.yoyodyne.com:443
If you happen to have a certificate in a file
cert.pem, and you want to validate it, there is a
separate validate command:
$ openssl validate -CA... -in cert.pem
Add -inform der if the certificate is in the
binary DER format
rather than PEM.
4.4.3 Discussion
Red Hat 8.0 comes with a set of
certificates for some well-known Internet Certifying Authorities in
the file /usr/share/ssl/cert.pem. SuSE 8.0 has a
similar collection, but it is instead stored in a directory with a
particular structure, a sort of hash table implemented using symbolic
links. Under SuSE, the directory
/usr/share/ssl/certs contains each certificate
in a separate file, together with the links.
If the necessary root certificate is present in the given file, along
with any necessary intermediate certificates not provided by the
server, then openssl can validate the server
certificate.
|
4.4.4 See Also
openssl(1).
