Menu
I have a SSL certificate. I want to check if the certificate is intact or corrupted. Are there any tool to check this?
Problem is we are unable to get this certificate working in Websphere 8.0 and I was thinking if this cert file could be corrupted.
644
Yes, you can check a certificate with openssl (available for windows and *nix).
openssl x509 -in certificate.crt -text -noout
Reference
Update
To be more precise, you can compare the modulus and public exponent of the key and certificate respectively to guarantee that certificate matches the key and that the certificate has not been corrupted.
openssl rsa -noout -modulus -in server.key.pem | openssl sha1;\
openssl x509 -noout -modulus -in server.crt | openssl sha1
Valid output would look like
7298b69426656f7a8ab3ef9686bc0a79588850e7
7298b69426656f7a8ab3ef9686bc0a79588850e7
After hand modifying the cert the output would be.
7298b69426656f7a8ab3ef9686bc0a79588850e7
bd439a18d2d3689470e209dbd45b85a41db7230c
The command
openssl x509 -in certificate.crt -text -noout
is used for verifying certificate chains but not checking for corruption. A hand modified certificate could return valid looking output but a problem with the RSA Public Key: (4096 bit) Modulus (4096 bit): part would only be detectable with the above check.
Another Reference
160
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
