How To Verify Certificate Chain with OpenSSL?


X509 certificates provides the authenticity of provided certificates in a chained manner. Internet world generally uses certificate chains to create and use some flexibility for trust. But this may create some complexity for the system, network administrators and security guys. In this tutorial we will look how to verify a certificate chain.

X509 Certificate

X509 certificates are very popular on the internet. They are used to verify trust between entities. Certificates Authorities generally chains X509 Certificates together. X509 Certificate provides information like , URL, Organization, Signature etc.

Verify Certificate Chain

Say we have 3 certicate chain. We want to verify them orderly. We can use -partial_chain option. with the following steps.

  • c1 is the leaf certificate
  • c2 is middle certificate
  • c3 is the root certificate

Verify c1

We will verify c1 by using c2 certificate

Verify c2

We will verify c2 using c3 certificate

Verify c3

We will verify c3 using Google.pem certificate.In this step we do not need -partial_chain because Google.pem is self signed certificate which means root certificate.

LEARN MORE  How To Convert DER To PEM and PEM to DER Certificate Format with OpenSSL?

You may also like...

Leave a Reply

Your email address will not be published.

Enjoy this blog? Please spread the word :)