December 4, 2014

how to verify certificate signed by intermediate CA

 openssl verify -untrusted intermediate-ca.pem your-cert.pem

Put the list of intermediate CA (in PEM format, concatenated ) in intermediate-ca.pem, and use the "-untrusted" option. That name tricked me initially, and that's the one to use. 

The above command is to use the system CA list to verify the cert. If you have your own CA, just use the option "-CAfile your-ca.pem".

No comments:

Post a Comment