[openssl-users] openssl -check

Jakob Bohm jb-openssl at wisemo.com
Wed Sep 6 16:06:51 UTC 2017

On 06/09/2017 16:18, "Georg Höllrigl" wrote:
> Hello,
> Is there a way to verifiy a cert?
> I'm thinking about some equivalent to
> openssl rsa -noout -in example.key -check
> but for the public part.
> I found some broken certifiate (lines in the PEM encoding got swapped)
> openssl x509 -in broken.cer but see no way to verify...
> compareing with the original cert shows different thumbprint... but 
> shouldn't there be some kind of checksum to verify?
The signature on a certificate is a very strong checksum.

For certificates that are not self-signed, openssl x509 -verify should
do it.


Jakob Bohm, CIO, Partner, WiseMo A/S.  https://www.wisemo.com
Transformervej 29, 2860 Søborg, Denmark.  Direct +45 31 13 16 10
This public discussion message is non-binding and may contain errors.
WiseMo - Remote Service Management for PCs, Phones and Embedded

More information about the openssl-users mailing list