Commercial SSL Certificate Chain Checks

From Apoyar Wiki
Revision as of 12:28, 29 June 2023 by Admin (talk | contribs) (Created page with "SSL Certificate chain checks ---------------------------- - Once we got certificate from the client, if multiple .crt files.. combine them into a single certificate and if its single certificate just keep as it is - then we can check the certificate content with following command openssl x509 -in certificate.crt -text -noout - then depending on certificate authority we need to downlaod and add intermediate certificates - downloaded intermediate certificates should...")
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to navigation Jump to search

SSL Certificate chain checks

- Once we got certificate from the client, if multiple .crt files.. combine them into a single certificate and if its single certificate just keep as it is


- then we can check the certificate content with following command

openssl x509 -in certificate.crt -text -noout


- then depending on certificate authority we need to downlaod and add intermediate certificates - downloaded intermediate certificates should be valid more than year, as of our generated certificate


- to combine our generated certificate and intermediate_bundle certificate into a single cerrtificate use below command (with appropriate names)

cat generated.crt intermediate_bundle.crt > resulting.crt


- Once its ready we can check details of certificate with below command (with resulting certificate name)

cat apoyar_2024.crt | awk -v cmd="openssl x509 -subject -issuer -noout" '/-----BEGIN/ { c = $0; next } c { c = c "\n" $0 } /-----END/ { print c|cmd; close(cmd); c = 0 }'


- Then, once we apply it on website, we can check the chain of certificate authorities at below site weather its broken or not.

https://www.sslshopper.com/ssl-checker.html

Retrieved from ‘https://wiki.apoyar.eu/index.php?title=Commercial_SSL_Certificate_Chain_Checks&oldid=272