LCG Production Services -
LCG Grid Deployment
How to request a new host certificate
See the following
wiki page.
How to check the certificate in "clear" text
openssl x509 -text -in hostcert.pem
How to know the get subject and end of validity of a certificate
openssl x509 -subject -in hostcert.pem
openssl x509 -enddate -in hostcert.pem
Other fields value are also available (check it with openssl x509 -help).
How to check that the a certificate matchs with his associated private key
openssl pkcs12 -export -in hostcert.pem -inkey hostkey.pem -out /dev/null
It it does not match, the error message "No certificate matches private key" is displayed.
How to check if the host certificate is valid for use as SSL server
openssl verify -CApath /etc/grid-security/certificates/ -purpose sslserver hostcert.pem
Check the man page: openssl verify -help
--
YvanCalas - 23 Feb 2007