Testing x509 Certificates

2011-01-08 One-minute read

Navigating the openssl suite of subcommands is time consuming.

Here’s my list of frequently used commands for easy reference:

Examining the certificates being offered by a host (replace imap/https with any service, -starttls imap can be eliminated if you are checking a service that provides tls from the start):

openssl s_client -starttls imap -showcerts -connect chavez.mayfirst.org:imap
openssl s_client -showcerts -connect chavez.mayfirst.org:https

Examine a certificate signing request:

openssl req -text -verify -noout -in /path/to/file.csr 

Examine a x509 certificate:

openssl x509  -noout -text -purpose -in path/to/file.crt