Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Is there a way to check if the SSL digital certificate is valid without installing on the web server?

Tags:

https

ssl

ca

digital-certificate

Are there any tools or mechanism(s) which can help validate a CA issued SSL certificate before installing it on the target web server?

like image 365
Suresh Kumar Avatar asked Sep 30 '13 08:09

Suresh Kumar

People also ask

How do I test an SSL certificate on my computer?

To view certificates for the current userSelect Run from the Start menu, and then enter certmgr. msc. The Certificate Manager tool for the current user appears. To view your certificates, under Certificates - Current User in the left pane, expand the directory for the type of certificate you want to view.

Do I need an SSL certificate if I don't have a website?

So, to answer the question “do I need an SSL certificate?” The answer is unequivocally “yes!” When users connect to websites without SSL/TLS certificates via the insecure HTTP protocol, it means their information transmits through insecure connections (HTTP).

How do I know if my SSL certificate Cannot be trusted?

The most common cause of a "certificate not trusted" error is that the certificate installation was not properly completed on the server (or servers) hosting the site. Use our SSL Certificate tester to check for this issue. In the tester, an incomplete installation shows one certificate file and a broken red chain.

2 Answers

Yes, you can use openssl to create a test server for your certificate with the s_server command. This creates a minimal SSL/TLS server that responds to HTTP requests on port 8080:

openssl s_server -accept 8080 -www -cert yourcert.pem -key yourcert.key -CAfile chain.pem

yourcert.pem is the X.509 certificate, yourcert.key is your private key and chain.pem contains the chain of trust between your certificate and a root certificate. Your CA should have given you yourcert.pem and chain.pem.

Then use openssl's s_client to make a connection:

openssl s_client -connect localhost:8080 -showcerts -CAfile rootca.pem

or on Linux:

openssl s_client -connect localhost:8080 -showcerts -CApath /etc/ssl/certs

Caution: That command doesn't verify that the host name matches the CN (common name) or SAN (subjectAltName) of your certificate. OpenSSL doesn't have a routine for the task yet. It's going to be added in OpenSSL 1.1.

like image 156
Christian Heimes Avatar answered Nov 29 '22 09:11

Christian Heimes

The best and easiest way to validate the SSL issued by your CA is to decode it.

Here is a helpful link the will help you do that: http://www.sslshopper.com/csr-decoder.html

Hope this helps!

like image 38
ReinaD Avatar answered Nov 29 '22 08:11

ReinaD
Sign in to Comment

Related questions

Issue with Self Signed Cert in WCF - Must have Private Key
How do I install SSL certificates on OS X so I can clone projects from Github?
keytool can't find alias
Simple example using Erlang for https post
Custom nginx error page for "The SSL certificate error"
Apache - AH00341: winnt_accept: Asynchronous AcceptEx failed
Can't use Amazon S3 API over SSL?
How to install ssl certificate on aws ec2 apache2 ubuntu? [closed]
What is the best practice for auto switching from HTTP to HTTPS
Invalid keystore format with SSL in Tomcat 6
FtpWebRequest "The remote certificate is invalid according to the validation procedure"
Disabling SSL Certificate Validation for Active Directory server using spring-ldap 1.3.1
RabbitMQ: handshake error when attempting to use SSL certificates
Could not create SSL/TLS secure channel for Facebook
node.js - how to check/get ssl certificate expiry date
InsecureRequestWarning + pytest
What happens if I have expired additional certificate in the chain with alternate trust path?
SSL Socket connect timeout
"550 SSL/TLS required on the data channel" using Apache Commons FTPSClient
Remove SSL integration from a specific folder using htaccess

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!