If you have an SSL certificate on a Linux or Unix system, you can check it using the
openssl command with openssl verify
/path_to_certificate/certificate, e.g., as below:
# openssl verify /etc/ssl/certs/example.crt /etc/ssl/certs/example.crt: /C=US/CN=example.com error 18 at 0 depth lookup:self signed certificate OK
In the case above, the country specified with the domain is the
United States as shown by /C=US and the common name
specified for the domain when the certificate was created and for which the certificate should be valid is example.com
as shown by /CN=example.com.
The certificate is self-signed, which results in the error 18
message.
The dates for which the certificate is valid can be specified with
openssl x509 -in /path_to_certificate/certificate -text | grep Not
as shown below:
# openssl x509 -in /etc/ssl/certs/example.crt -text | grep Not
Not Before: Oct 11 21:06:30 2013 GMT
Not After : Oct 11 21:06:30 2014 GMTIn the case above, the certificate is valid from October 11, 2013 through October 11, 2014. After October 11, 2014, anyone visiting the website for which the certificate was used for HTTPS connections will be warned by his/her browser that there is a problem with the certificate because it will have expired.
X.509 specifies standard formats for public key certificates, certificate revocation lists, attribute certificates, and a certification path validation algorithm.
References:
- OpenSSL: The Open Source toolkit for SSL/TLS
-
Troubleshooting with openssl
Date: February 11, 2010
MoonPoint Support
