HostAndUserCert < LCG

TWiki>

LCG Web>LCGGridDeployment>LCGProductionServices>HostAndUserCert (2007-02-23, YvanCalas)

EditAttachPDF

LCG Production Services - LCG Grid Deployment

How to request a new host certificate
How to check the certificate in "clear" text
How to know the get subject and end of validity of a certificate
How to check that the a certificate matchs with his associated private key
How to check if the host certificate is valid for use as SSL server

How to request a new host certificate

See the following wiki page.

How to check the certificate in "clear" text

    openssl x509 -text -in hostcert.pem

How to know the get subject and end of validity of a certificate

    openssl x509 -subject -in hostcert.pem
    openssl x509 -enddate -in hostcert.pem

Other fields value are also available (check it with openssl x509 -help).

How to check that the a certificate matchs with his associated private key

    openssl pkcs12 -export -in hostcert.pem -inkey hostkey.pem -out /dev/null

It it does not match, the error message "No certificate matches private key" is displayed.

How to check if the host certificate is valid for use as SSL server

    openssl verify -CApath /etc/grid-security/certificates/ -purpose sslserver hostcert.pem

Check the man page: openssl verify -help

-- YvanCalas - 23 Feb 2007

Topic revision: r1 - 2007-02-23 - YvanCalas

LCG Wikis

LCG Service
Coordination

LCG Grid
Deployment

LCG
Apps Area

Public webs

Welcome Guest

- Cern Search
- TWiki Search
- Google Search
LCG All webs

Copyright &© 2008-2021 by the contributing authors. All material on this collaboration platform is the property of the contributing authors.
or Ideas, requests, problems regarding TWiki? use Discourse or Send feedback