Commercial SSL Certificate Chain Checks
SSL Certificate chain checks
- Once we got certificate from the client, if multiple .crt files.. combine them into a single certificate and if its single certificate just keep as it is
- then we can check the certificate content with following command
openssl x509 -in certificate.crt -text -noout
- then depending on certificate authority we need to downlaod and add intermediate certificates
- downloaded intermediate certificates should be valid more than year, as of our generated certificate
- to combine our generated certificate and intermediate_bundle certificate into a single cerrtificate use below command (with appropriate names)
cat generated.crt intermediate_bundle.crt > resulting.crt
- Once its ready we can check details of certificate with below command (with resulting certificate name)
cat apoyar_2024.crt | awk -v cmd="openssl x509 -subject -issuer -noout" '/-----BEGIN/ { c = $0; next } c { c = c "\n" $0 } /-----END/ { print c|cmd; close(cmd); c = 0 }'
- Then, once we apply it on website, we can check the chain of certificate authorities at below site weather its broken or not.