On 07/09/2017 07:58, "Georg Höllrigl" wrote:
*Gesendet:* Mittwoch, 06. September 2017 um 18:06 Uhr *Von:* "Jakob Bohm" <jb-openssl@xxxxxxxxxx> *An:* openssl-users@xxxxxxxxxxx *Betreff:* Re: openssl -check On 06/09/2017 16:18, "Georg Höllrigl" wrote: > Hello, > Is there a way to verifiy a cert? > I'm thinking about some equivalent to > openssl rsa -noout -in example.key -check > but for the public part. > I found some broken certifiate (lines in the PEM encoding got swapped) > openssl x509 -in broken.cer but see no way to verify... > compareing with the original cert shows different thumbprint... but > shouldn't there be some kind of checksum to verify? The signature on a certificate is a very strong checksum. For certificates that are not self-signed, openssl x509 -verify should do it. Agreed. That would be exactly what I had in mind - but it's not working. -verify only exists for "openssl req" to check a CSR? I've created an example broken certificate from google:
Sorry, I got the syntax wrong. It's simply openssl verify Enjoy Jakob -- Jakob Bohm, CIO, Partner, WiseMo A/S. https://www.wisemo.com Transformervej 29, 2860 Søborg, Denmark. Direct +45 31 13 16 10 This public discussion message is non-binding and may contain errors. WiseMo - Remote Service Management for PCs, Phones and Embedded -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
