[openssl-users] How to prove a Certificate is Signed or not

morthalan morthalaanilreddy at gmail.com
Thu May 3 08:23:19 UTC 2018


No, technically not. I am just searching for a simple method just to check a
certificate is signed by CA or not. 
Because. Something like signing check, I am not quite sure, I do not have
proper knowledge on Openssl.


d3x0r wrote
> https://github.com/d3x0r/sack.vfs/blob/master/src/tls_interface.cc#L1538
> this routine does cert validation but I don't thkn that's what you want
> 
> this verified on a connection....
> https://github.com/d3x0r/SACK/blob/master/src/netlib/ssl_layer.c#L274
> 
> which boils down to....
> SSL_get_peer_certificate ,  SSL_get_verify_result
> 
> On Thu, May 3, 2018 at 12:06 AM, Anil kumar Reddy <

> morthalaanilreddy@

>> wrote:
> 
>> Hi everyone,
>>
>> I am new to opennssl and now I am completely confused. Please help me out
>> to solve my issue.
>>
>> I have implemented a code to sign the given CSR certificate
>> (certReq.pem),
>> then generate openssl signed Certificate (SignedCertificate.pem) using
>> the
>> details of certReq,pem. The code is like self signing, but I have added
>> new
>> functions to enter additional issuer details. Now I have two private keys
>> one from CA, another from CSR, one CSR (certReq.pem) and Signed
>> Certificate
>> (SignedCertificate.pem). In SignedCertificate.pem, the subject details
>> and
>> the issuer details are different. There is no problem with codes.
>>
>> The issue is:
>> I am unable to find out the exact command lines or c/c++ program
>> functions
>> to prove the SignedCertificate.pem is signed or not. I have spent more
>> than
>> one day on researching, but I am end up with confusion. I do not have any
>> digital certificate chain.
>>
>>
>> Could anyone kindly provide any information regarding this.
>>
>> Thanks in advance,
>>
>> --
>> openssl-users mailing list
>> To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
>>
>>
> 
> -- 
> openssl-users mailing list
> To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users


d3x0r wrote
> https://github.com/d3x0r/sack.vfs/blob/master/src/tls_interface.cc#L1538
> this routine does cert validation but I don't thkn that's what you want
> 
> this verified on a connection....
> https://github.com/d3x0r/SACK/blob/master/src/netlib/ssl_layer.c#L274
> 
> which boils down to....
> SSL_get_peer_certificate ,  SSL_get_verify_result
> 
> On Thu, May 3, 2018 at 12:06 AM, Anil kumar Reddy <

> morthalaanilreddy@

>> wrote:
> 
>> Hi everyone,
>>
>> I am new to opennssl and now I am completely confused. Please help me out
>> to solve my issue.
>>
>> I have implemented a code to sign the given CSR certificate
>> (certReq.pem),
>> then generate openssl signed Certificate (SignedCertificate.pem) using
>> the
>> details of certReq,pem. The code is like self signing, but I have added
>> new
>> functions to enter additional issuer details. Now I have two private keys
>> one from CA, another from CSR, one CSR (certReq.pem) and Signed
>> Certificate
>> (SignedCertificate.pem). In SignedCertificate.pem, the subject details
>> and
>> the issuer details are different. There is no problem with codes.
>>
>> The issue is:
>> I am unable to find out the exact command lines or c/c++ program
>> functions
>> to prove the SignedCertificate.pem is signed or not. I have spent more
>> than
>> one day on researching, but I am end up with confusion. I do not have any
>> digital certificate chain.
>>
>>
>> Could anyone kindly provide any information regarding this.
>>
>> Thanks in advance,
>>
>> --
>> openssl-users mailing list
>> To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
>>
>>
> 
> -- 
> openssl-users mailing list
> To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users


d3x0r wrote
> https://github.com/d3x0r/sack.vfs/blob/master/src/tls_interface.cc#L1538
> this routine does cert validation but I don't thkn that's what you want
> 
> this verified on a connection....
> https://github.com/d3x0r/SACK/blob/master/src/netlib/ssl_layer.c#L274
> 
> which boils down to....
> SSL_get_peer_certificate ,  SSL_get_verify_result
> 
> On Thu, May 3, 2018 at 12:06 AM, Anil kumar Reddy <

> morthalaanilreddy@

>> wrote:
> 
>> Hi everyone,
>>
>> I am new to opennssl and now I am completely confused. Please help me out
>> to solve my issue.
>>
>> I have implemented a code to sign the given CSR certificate
>> (certReq.pem),
>> then generate openssl signed Certificate (SignedCertificate.pem) using
>> the
>> details of certReq,pem. The code is like self signing, but I have added
>> new
>> functions to enter additional issuer details. Now I have two private keys
>> one from CA, another from CSR, one CSR (certReq.pem) and Signed
>> Certificate
>> (SignedCertificate.pem). In SignedCertificate.pem, the subject details
>> and
>> the issuer details are different. There is no problem with codes.
>>
>> The issue is:
>> I am unable to find out the exact command lines or c/c++ program
>> functions
>> to prove the SignedCertificate.pem is signed or not. I have spent more
>> than
>> one day on researching, but I am end up with confusion. I do not have any
>> digital certificate chain.
>>
>>
>> Could anyone kindly provide any information regarding this.
>>
>> Thanks in advance,
>>
>> --
>> openssl-users mailing list
>> To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
>>
>>
> 
> -- 
> openssl-users mailing list
> To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users





--
Sent from: http://openssl.6102.n7.nabble.com/OpenSSL-User-f3.html


More information about the openssl-users mailing list