beer9
asked on
How ca.crt.pem works?
I maintains one application use allows two way ssl communication in order to do authentication and encryption for communication. I see my application use public key and private key and kept a file ca.crt.pem in their conf directory. It is the public key of CA which signs my application's Private key.
Now my question is what is the use of ca.crt.pem here? Does my application provide it's own public key and ca.crt.pem to client in order to do the verification of application's certificate?
Now my question is what is the use of ca.crt.pem here? Does my application provide it's own public key and ca.crt.pem to client in order to do the verification of application's certificate?
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Hi beer9
The openssl command to interrogate keys/certificates varies depending on the type.
To verify your CA (in your case cacert.pem by the sound of it) use the following:
openssl x509 -in cacert.pem -text -noout
and look for the line near the top of the output which begins "Data:" - this will tell you everything about the ca cert such as the issuer, the validity period and serial number.
To check a private key:
openssl rsa -in privateKey.key -check
in general to check a certificate:
openssl x509 -in certificate.crt -text -noout
you can also use the openssl command to check the validity of a certificate on a remote host like so:
openssl s_client -connect www.hsbc.co.uk:443
which will display the certifiate info for HSBC UK's web server. You can also use openssl to convert between different types of certificate should you have applications which require that.
Anything else I can help with?
The openssl command to interrogate keys/certificates varies depending on the type.
To verify your CA (in your case cacert.pem by the sound of it) use the following:
openssl x509 -in cacert.pem -text -noout
and look for the line near the top of the output which begins "Data:" - this will tell you everything about the ca cert such as the issuer, the validity period and serial number.
To check a private key:
openssl rsa -in privateKey.key -check
in general to check a certificate:
openssl x509 -in certificate.crt -text -noout
you can also use the openssl command to check the validity of a certificate on a remote host like so:
openssl s_client -connect www.hsbc.co.uk:443
which will display the certifiate info for HSBC UK's web server. You can also use openssl to convert between different types of certificate should you have applications which require that.
Anything else I can help with?
ASKER
Thank you! :-)
ASKER
I would like to know if I have CA's cert and my own cert(public key) which was signed by CA. Then How can I verify whether CA has signed my public key(cert)? If I use below openssl command then which information would be required to confirm it? Signature? Thanks!
Open in new window