I have a SSL certificate. I want to check if the certificate is intact or corrupted. Are there any tool to check this?
Problem is we are unable to get this certificate working in Websphere 8.0 and I was thinking if this cert file could be corrupted.
问问题
12179 次
1 回答
12
是的,您可以使用 openssl(适用于 windows 和 *nix)检查证书。
openssl x509 -in certificate.crt -text -noout
更新
更准确地说,您可以分别比较密钥和证书的模数和公共指数,以保证证书与密钥匹配并且证书没有损坏。
openssl rsa -noout -modulus -in server.key.pem | openssl sha1;\
openssl x509 -noout -modulus -in server.crt | openssl sha1
有效的输出看起来像
7298b69426656f7a8ab3ef9686bc0a79588850e7
7298b69426656f7a8ab3ef9686bc0a79588850e7
手动修改证书后,输出将是。
7298b69426656f7a8ab3ef9686bc0a79588850e7
bd439a18d2d3689470e209dbd45b85a41db7230c
命令
openssl x509 -in certificate.crt -text -noout
用于验证证书链但不检查损坏。手动修改的证书可以返回看起来有效的输出,但RSA Public Key: (4096 bit) Modulus (4096 bit):只有通过上述检查才能检测到部件的问题。
于 2012-07-30T05:32:33.783 回答