Logo Background

Using openssl To Check SSL Certificates

  • By on October 19, 2009 | No Comments

    If you are from web hosting team dealing with the Apache administration, you might came across on managing the SSL certificates on your Apache server and learn how on the .csr and .crt terminology.

    SSL or Secure Socket Layer is one of the encryption use between the communication of client browser to the server they are connecting to.

    Overview Of SSL Certificates

    So wonder how you can get a free SSL certificates asides from purchasing it with high cost from the provider such as Verisign?

    The answer lies on openssl. By using this tool, you can eventually generate the .csr (Certificate Signing Request) by yourself and deploy the .crt on your Apache server.

    But I don’t recommend the openssl approach as client browser will still see SSL exception, whether to accept a non certified SSL before they can established the HTTPS connection.

    You may use the openssl command as below to view your existing .crt information on the Apache server.

    $ openssl x509 -text -in server.crt | more
            Version: 3 (0x2)
            Signature Algorithm: sha1WithRSAEncryption
            Issuer: O=abc.com, OU=IT Example, C=US, O=SSL Company, 
    CN=SSL Primary Class 2 Certification Authority
                Not Before: Oct 23 00:00:00 2008 GMT
                Not After : Oct 23 23:59:59 2012 GMT
            Subject: O=SSL Company, OU=Servers, CN=ssl.com
                Authority Information Access:
                    OCSP - URI:http://www.verisign.com
    SSL Certificate content removed for security purposes
    -----END CERTIFICATE-----

    Suppose you will see more information compares to above due to certain information was removed due to security reason.

    » Monitor Unix Running Process
Leave a Comment