MoonPoint Support Logo


Shop Amazon Warehouse Deals - Deep Discounts on Open-box and Used ProductsAmazon Warehouse Deals

Advanced Search
Sun Mon Tue Wed Thu Fri Sat

Sun, Oct 13, 2013 10:10 pm

Verifying an SSL Certificate

If you have an SSL certificate on a Linux or Unix system, you can check it using the openssl command with openssl verify /path_to_certificate/certificate, e.g., as below:
# openssl verify /etc/ssl/certs/example.crt
/etc/ssl/certs/example.crt: /C=US/
error 18 at 0 depth lookup:self signed certificate

In the case above, the country specified with the domain is the United States as shown by /C=US and the common name specified for the domain when the certificate was created and for which the certificate should be valid is as shown by /

The certificate is self-signed, which results in the error 18 message.

The dates for which the certificate is valid can be specified with openssl x509 -in /path_to_certificate/certificate -text | grep Not as shown below:

# openssl x509 -in /etc/ssl/certs/example.crt -text | grep Not
            Not Before: Oct 11 21:06:30 2013 GMT
            Not After : Oct 11 21:06:30 2014 GMT

In the case above, the certificate is valid from October 11, 2013 through October 11, 2014. After October 11, 2014, anyone visiting the website for which the certificate was used for HTTPS connections will be warned by his/her browser that there is a problem with the certificate because it will have expired.

X.509 specifies standard formats for public key certificates, certificate revocation lists, attribute certificates, and a certification path validation algorithm.


  1. OpenSSL: The Open Source toolkit for SSL/TLS
  2. Troubleshooting with openssl
    Date: February 11, 2010
    MoonPoint Support

[/security/encryption/openssl] permanent link

Once You Know, You Newegg AliExpress by

Shop Amazon Local - Subscribe to Deals in Your Neighborhood

Valid HTML 4.01 Transitional

Privacy Policy   Contact

Blosxom logo