Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

how to check if a SSL certificate is corrupt or not?

I have a SSL certificate. I want to check if the certificate is intact or corrupted. Are there any tool to check this?

Problem is we are unable to get this certificate working in Websphere 8.0 and I was thinking if this cert file could be corrupted.

like image 644
KK99 Avatar asked Jul 30 '12 05:07

KK99


1 Answers

Yes, you can check a certificate with openssl (available for windows and *nix).

openssl x509 -in certificate.crt -text -noout

Reference

Update

To be more precise, you can compare the modulus and public exponent of the key and certificate respectively to guarantee that certificate matches the key and that the certificate has not been corrupted.

openssl rsa -noout -modulus -in server.key.pem | openssl sha1;\
openssl x509 -noout -modulus -in server.crt | openssl sha1

Valid output would look like

7298b69426656f7a8ab3ef9686bc0a79588850e7
7298b69426656f7a8ab3ef9686bc0a79588850e7

After hand modifying the cert the output would be.

7298b69426656f7a8ab3ef9686bc0a79588850e7
bd439a18d2d3689470e209dbd45b85a41db7230c

The command

openssl x509 -in certificate.crt -text -noout

is used for verifying certificate chains but not checking for corruption. A hand modified certificate could return valid looking output but a problem with the RSA Public Key: (4096 bit) Modulus (4096 bit): part would only be detectable with the above check.

Another Reference

like image 160
Gerard Sexton Avatar answered Sep 20 '22 10:09

Gerard Sexton