How to verify SSL certificates on the command line?

To validate an SSL certificate you can use one of the following approaches, depending on the type of the certificate.

PEM format certificate

If you want to validate the PEM format certificate, run the following command:

Copied!

openssl verify cert.pem

CA bundle

If your CA bundle is a file containing additional intermediate certificates in the PEM format, you can use the following command:

Copied!

openssl verify -untrusted ca-bundle cert.pem

If your openssl isn't set up to automatically use an installed set of root certificates (e.g. in /etc/ssl/certs), you can use CApath or CAfile to specify the CA.

We call when your
website goes down

Get notified with a radically better infrastructure monitoring platform.

Got an article suggestion? Let us know

Explore more

SSL certificate

How to generate a private key for the existing .crt file on Nginx?

Unfortunately, this is not possible. You cannot generate a private key out of an existing certificate. If it would be possible, you would be able to impersonate virtually any HTTPS webserver.

Questions

Solved: SSL_Error_rx_record_too_long

The usual cause is that the implementation of SSL on your server is not correct. The error is usually caused by a server-side problem which the server administrator will need to investigate.

Questions

Solved: Unable to configure RSA server private key

This problem may occur if the private key and certificate do not match.

Questions

Where to keep SSL certificates and private keys on Ubuntu and Debian?

To list all available CA SSL certificates run the following lines of code:

Questions

This work is licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License.