Reputation: 1989
how to check if a SSL certificate is corrupt or not?
I have a SSL certificate. I want to check if the certificate is intact or corrupted. Are there any tool to check this?
Problem is we are unable to get this certificate working in Websphere 8.0 and I was thinking if this cert file could be corrupted.
Upvotes: 7
Views: 15779
Answers (1)
Reputation: 3210
Yes, you can check a certificate with openssl (available for windows and *nix).
openssl x509 -in certificate.crt -text -noout
Update
To be more precise, you can compare the modulus and public exponent of the key and certificate respectively to guarantee that certificate matches the key and that the certificate has not been corrupted.
openssl rsa -noout -modulus -in server.key.pem | openssl sha1;\
openssl x509 -noout -modulus -in server.crt | openssl sha1
Valid output would look like
7298b69426656f7a8ab3ef9686bc0a79588850e7
7298b69426656f7a8ab3ef9686bc0a79588850e7
After hand modifying the cert the output would be.
7298b69426656f7a8ab3ef9686bc0a79588850e7
bd439a18d2d3689470e209dbd45b85a41db7230c
The command
openssl x509 -in certificate.crt -text -noout
is used for verifying certificate chains but not checking for corruption. A hand modified certificate could return valid looking output but a problem with the RSA Public Key: (4096 bit) Modulus (4096 bit): part would only be detectable with the above check.
Upvotes: 13
Related Questions
- How to recognize fake SSL certificates?
- How can you verify validity of an HTTPS/SSL certificate in .NET?
- SSL Certificate not trusted
- How to fix https certificate issue?
- Verifying a certificate
- Openssl - How to check if a certificate is revoked or not
- Is my SSL certificate valid?
- Check whether the certificate is valid or not
- SSL certificate verification fails, how to figure out what's causing it?
- how to a website SSL certificate is valid or not?