[openssl-users] openssl -check

Jakob Bohm jb-openssl at wisemo.com
Thu Sep 7 09:45:16 UTC 2017


On 07/09/2017 07:58, "Georg Höllrigl" wrote:
> *Gesendet:* Mittwoch, 06. September 2017 um 18:06 Uhr
> *Von:* "Jakob Bohm" <jb-openssl at wisemo.com>
> *An:* openssl-users at openssl.org
> *Betreff:* Re: [openssl-users] openssl -check
> On 06/09/2017 16:18, "Georg Höllrigl" wrote:
> > Hello,
> > Is there a way to verifiy a cert?
> > I'm thinking about some equivalent to
> > openssl rsa -noout -in example.key -check
> > but for the public part.
> > I found some broken certifiate (lines in the PEM encoding got swapped)
> > openssl x509 -in broken.cer but see no way to verify...
> > compareing with the original cert shows different thumbprint... but
> > shouldn't there be some kind of checksum to verify?
> The signature on a certificate is a very strong checksum.
>
> For certificates that are not self-signed, openssl x509 -verify should
> do it.
> Agreed. That would be exactly what I had in mind - but it's not working.
> -verify only exists for "openssl req" to check a CSR?
> I've created an example broken certificate from google:
>
Sorry, I got the syntax wrong.

It's simply openssl verify

Enjoy

Jakob
-- 
Jakob Bohm, CIO, Partner, WiseMo A/S.  https://www.wisemo.com
Transformervej 29, 2860 Søborg, Denmark.  Direct +45 31 13 16 10
This public discussion message is non-binding and may contain errors.
WiseMo - Remote Service Management for PCs, Phones and Embedded



More information about the openssl-users mailing list