[openssl-users] How to prove a Certificate is Signed or not

Richard Levitte levitte at openssl.org
Thu May 3 09:24:48 UTC 2018


openssl verify -CAfile your_ca_cert.pem SignedCertificate.pem

Hope that helped

Cheers,
Richard

In message <1525335799770-0.post at n7.nabble.com> on Thu, 3 May 2018 01:23:19 -0700 (MST), morthalan <morthalaanilreddy at gmail.com> said:

morthalaanilreddy> No, technically not. I am just searching for a simple method just to check a
morthalaanilreddy> certificate is signed by CA or not. 
morthalaanilreddy> Because. Something like signing check, I am not quite sure, I do not have
morthalaanilreddy> proper knowledge on Openssl.
morthalaanilreddy> 
morthalaanilreddy> 
morthalaanilreddy> d3x0r wrote
morthalaanilreddy> > https://github.com/d3x0r/sack.vfs/blob/master/src/tls_interface.cc#L1538
morthalaanilreddy> > this routine does cert validation but I don't thkn that's what you want
morthalaanilreddy> > 
morthalaanilreddy> > this verified on a connection....
morthalaanilreddy> > https://github.com/d3x0r/SACK/blob/master/src/netlib/ssl_layer.c#L274
morthalaanilreddy> > 
morthalaanilreddy> > which boils down to....
morthalaanilreddy> > SSL_get_peer_certificate ,  SSL_get_verify_result
morthalaanilreddy> > 
morthalaanilreddy> > On Thu, May 3, 2018 at 12:06 AM, Anil kumar Reddy <
morthalaanilreddy> 
morthalaanilreddy> > morthalaanilreddy@
morthalaanilreddy> 
morthalaanilreddy> >> wrote:
morthalaanilreddy> > 
morthalaanilreddy> >> Hi everyone,
morthalaanilreddy> >>
morthalaanilreddy> >> I am new to opennssl and now I am completely confused. Please help me out
morthalaanilreddy> >> to solve my issue.
morthalaanilreddy> >>
morthalaanilreddy> >> I have implemented a code to sign the given CSR certificate
morthalaanilreddy> >> (certReq.pem),
morthalaanilreddy> >> then generate openssl signed Certificate (SignedCertificate.pem) using
morthalaanilreddy> >> the
morthalaanilreddy> >> details of certReq,pem. The code is like self signing, but I have added
morthalaanilreddy> >> new
morthalaanilreddy> >> functions to enter additional issuer details. Now I have two private keys
morthalaanilreddy> >> one from CA, another from CSR, one CSR (certReq.pem) and Signed
morthalaanilreddy> >> Certificate
morthalaanilreddy> >> (SignedCertificate.pem). In SignedCertificate.pem, the subject details
morthalaanilreddy> >> and
morthalaanilreddy> >> the issuer details are different. There is no problem with codes.
morthalaanilreddy> >>
morthalaanilreddy> >> The issue is:
morthalaanilreddy> >> I am unable to find out the exact command lines or c/c++ program
morthalaanilreddy> >> functions
morthalaanilreddy> >> to prove the SignedCertificate.pem is signed or not. I have spent more
morthalaanilreddy> >> than
morthalaanilreddy> >> one day on researching, but I am end up with confusion. I do not have any
morthalaanilreddy> >> digital certificate chain.
morthalaanilreddy> >>
morthalaanilreddy> >>
morthalaanilreddy> >> Could anyone kindly provide any information regarding this.
morthalaanilreddy> >>
morthalaanilreddy> >> Thanks in advance,
morthalaanilreddy> >>
morthalaanilreddy> >> --
morthalaanilreddy> >> openssl-users mailing list
morthalaanilreddy> >> To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
morthalaanilreddy> >>
morthalaanilreddy> >>
morthalaanilreddy> > 
morthalaanilreddy> > -- 
morthalaanilreddy> > openssl-users mailing list
morthalaanilreddy> > To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
morthalaanilreddy> 
morthalaanilreddy> 
morthalaanilreddy> d3x0r wrote
morthalaanilreddy> > https://github.com/d3x0r/sack.vfs/blob/master/src/tls_interface.cc#L1538
morthalaanilreddy> > this routine does cert validation but I don't thkn that's what you want
morthalaanilreddy> > 
morthalaanilreddy> > this verified on a connection....
morthalaanilreddy> > https://github.com/d3x0r/SACK/blob/master/src/netlib/ssl_layer.c#L274
morthalaanilreddy> > 
morthalaanilreddy> > which boils down to....
morthalaanilreddy> > SSL_get_peer_certificate ,  SSL_get_verify_result
morthalaanilreddy> > 
morthalaanilreddy> > On Thu, May 3, 2018 at 12:06 AM, Anil kumar Reddy <
morthalaanilreddy> 
morthalaanilreddy> > morthalaanilreddy@
morthalaanilreddy> 
morthalaanilreddy> >> wrote:
morthalaanilreddy> > 
morthalaanilreddy> >> Hi everyone,
morthalaanilreddy> >>
morthalaanilreddy> >> I am new to opennssl and now I am completely confused. Please help me out
morthalaanilreddy> >> to solve my issue.
morthalaanilreddy> >>
morthalaanilreddy> >> I have implemented a code to sign the given CSR certificate
morthalaanilreddy> >> (certReq.pem),
morthalaanilreddy> >> then generate openssl signed Certificate (SignedCertificate.pem) using
morthalaanilreddy> >> the
morthalaanilreddy> >> details of certReq,pem. The code is like self signing, but I have added
morthalaanilreddy> >> new
morthalaanilreddy> >> functions to enter additional issuer details. Now I have two private keys
morthalaanilreddy> >> one from CA, another from CSR, one CSR (certReq.pem) and Signed
morthalaanilreddy> >> Certificate
morthalaanilreddy> >> (SignedCertificate.pem). In SignedCertificate.pem, the subject details
morthalaanilreddy> >> and
morthalaanilreddy> >> the issuer details are different. There is no problem with codes.
morthalaanilreddy> >>
morthalaanilreddy> >> The issue is:
morthalaanilreddy> >> I am unable to find out the exact command lines or c/c++ program
morthalaanilreddy> >> functions
morthalaanilreddy> >> to prove the SignedCertificate.pem is signed or not. I have spent more
morthalaanilreddy> >> than
morthalaanilreddy> >> one day on researching, but I am end up with confusion. I do not have any
morthalaanilreddy> >> digital certificate chain.
morthalaanilreddy> >>
morthalaanilreddy> >>
morthalaanilreddy> >> Could anyone kindly provide any information regarding this.
morthalaanilreddy> >>
morthalaanilreddy> >> Thanks in advance,
morthalaanilreddy> >>
morthalaanilreddy> >> --
morthalaanilreddy> >> openssl-users mailing list
morthalaanilreddy> >> To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
morthalaanilreddy> >>
morthalaanilreddy> >>
morthalaanilreddy> > 
morthalaanilreddy> > -- 
morthalaanilreddy> > openssl-users mailing list
morthalaanilreddy> > To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
morthalaanilreddy> 
morthalaanilreddy> 
morthalaanilreddy> d3x0r wrote
morthalaanilreddy> > https://github.com/d3x0r/sack.vfs/blob/master/src/tls_interface.cc#L1538
morthalaanilreddy> > this routine does cert validation but I don't thkn that's what you want
morthalaanilreddy> > 
morthalaanilreddy> > this verified on a connection....
morthalaanilreddy> > https://github.com/d3x0r/SACK/blob/master/src/netlib/ssl_layer.c#L274
morthalaanilreddy> > 
morthalaanilreddy> > which boils down to....
morthalaanilreddy> > SSL_get_peer_certificate ,  SSL_get_verify_result
morthalaanilreddy> > 
morthalaanilreddy> > On Thu, May 3, 2018 at 12:06 AM, Anil kumar Reddy <
morthalaanilreddy> 
morthalaanilreddy> > morthalaanilreddy@
morthalaanilreddy> 
morthalaanilreddy> >> wrote:
morthalaanilreddy> > 
morthalaanilreddy> >> Hi everyone,
morthalaanilreddy> >>
morthalaanilreddy> >> I am new to opennssl and now I am completely confused. Please help me out
morthalaanilreddy> >> to solve my issue.
morthalaanilreddy> >>
morthalaanilreddy> >> I have implemented a code to sign the given CSR certificate
morthalaanilreddy> >> (certReq.pem),
morthalaanilreddy> >> then generate openssl signed Certificate (SignedCertificate.pem) using
morthalaanilreddy> >> the
morthalaanilreddy> >> details of certReq,pem. The code is like self signing, but I have added
morthalaanilreddy> >> new
morthalaanilreddy> >> functions to enter additional issuer details. Now I have two private keys
morthalaanilreddy> >> one from CA, another from CSR, one CSR (certReq.pem) and Signed
morthalaanilreddy> >> Certificate
morthalaanilreddy> >> (SignedCertificate.pem). In SignedCertificate.pem, the subject details
morthalaanilreddy> >> and
morthalaanilreddy> >> the issuer details are different. There is no problem with codes.
morthalaanilreddy> >>
morthalaanilreddy> >> The issue is:
morthalaanilreddy> >> I am unable to find out the exact command lines or c/c++ program
morthalaanilreddy> >> functions
morthalaanilreddy> >> to prove the SignedCertificate.pem is signed or not. I have spent more
morthalaanilreddy> >> than
morthalaanilreddy> >> one day on researching, but I am end up with confusion. I do not have any
morthalaanilreddy> >> digital certificate chain.
morthalaanilreddy> >>
morthalaanilreddy> >>
morthalaanilreddy> >> Could anyone kindly provide any information regarding this.
morthalaanilreddy> >>
morthalaanilreddy> >> Thanks in advance,
morthalaanilreddy> >>
morthalaanilreddy> >> --
morthalaanilreddy> >> openssl-users mailing list
morthalaanilreddy> >> To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
morthalaanilreddy> >>
morthalaanilreddy> >>
morthalaanilreddy> > 
morthalaanilreddy> > -- 
morthalaanilreddy> > openssl-users mailing list
morthalaanilreddy> > To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
morthalaanilreddy> 
morthalaanilreddy> 
morthalaanilreddy> 
morthalaanilreddy> 
morthalaanilreddy> 
morthalaanilreddy> --
morthalaanilreddy> Sent from: http://openssl.6102.n7.nabble.com/OpenSSL-User-f3.html
morthalaanilreddy> 


More information about the openssl-users mailing list