brandon/oam
1
0
Fork 0
mirror of https://gitea.com/mcereda/oam.git synced 2026-02-09 05:44:23 +00:00
Code Issues Packages Projects Releases Wiki Activity

fix(snippets/openssl): verify certificate

Browse Source
This commit is contained in:
Michele Cereda
2024-11-13 22:56:50 +01:00
parent 24548f4800
commit cf14d13a2e
1 changed files with 3 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
snippets/openssl.sh
View File

@@ -111,8 +111,9 @@ openssl x509 -in 'certificate.crt' -fingerprint -md5 -noout # fingerprint as
# Verify certificate chains
# If a certificate is its own issuer, it is assumed to be the root CA (needs to be self signed)
openssl verify 'certificate.crt' # root and *all* intemediate certificates need to be trusted by the local machine
openssl verify -untrusted 'intermediate-ca-chain.pem' 'certificate.crt' # the root certificate need to be trusted by the local machine
openssl verify -CAFile 'root.crt' -untrusted 'intermediate-ca-chain.pem' 'child.crt'
openssl verify -untrusted 'intermediate-ca-chain.pem' 'certificate.crt' # the root certificate needs to be trusted by the local machine
openssl verify -purpose 'sslserver' -untrusted 'chain.pem' 'fullchain.pem'
openssl verify -CAfile 'root.crt' -untrusted 'intermediate-ca-chain.pem' 'child.crt'
# Verify certificates served by remote servers cover the given hostnames
# Checks mutlidomain certificates properly cover all the hostnames