The following openssl commands are handy for verifying/inspecting/converting keys/certificates and inspecting CRLs:
# Check a private key
openssl rsa -in /etc/apache2/ssl/server.key -check -noout -text
# Verify this cert against this CA list
openssl verify -verbose -purpose sslserver -CAfile /etc/ssl/cacert.pem /etc/apache2/ssl/server.pem
# Display cert details
openssl x509 -in /var/cert.pem -text -noout
# What purposes does this cert have?
openssl x509 -in mycert.pem -purpose
# Connect to a server and show the certs
openssl s_client -debug -connect localhost:443 -showcerts
# Inspect a CRL
openssl crl -inform DER -in blah.crl -text -noout
# Convert DER (.crt .cert .der) to PEM
openssl x509 -inform der -in cert.cer -out cert.pem
# Inspect DER without converting
openssl x509 -inform der -in cert.cer -noout -text
No comments:
Post a Comment