LCG Production Services - LCG Grid Deployment

How to request a new host certificate

See the following wiki page.

How to check the certificate in "clear" text

    openssl x509 -text -in hostcert.pem

How to know the get subject and end of validity of a certificate

    openssl x509 -subject -in hostcert.pem
    openssl x509 -enddate -in hostcert.pem

Other fields value are also available (check it with openssl x509 -help).

How to check that the a certificate matchs with his associated private key

    openssl pkcs12 -export -in hostcert.pem -inkey hostkey.pem -out /dev/null

It it does not match, the error message "No certificate matches private key" is displayed.

How to check if the host certificate is valid for use as SSL server

    openssl verify -CApath /etc/grid-security/certificates/ -purpose sslserver hostcert.pem 

Check the man page: openssl verify -help

-- YvanCalas - 23 Feb 2007

Edit | Attach | Watch | Print version | History: r1 | Backlinks | Raw View | WYSIWYG | More topic actions
Topic revision: r1 - 2007-02-23 - YvanCalas
    • Cern Search Icon Cern Search
    • TWiki Search Icon TWiki Search
    • Google Search Icon Google Search

    LCG All webs login

This site is powered by the TWiki collaboration platform Powered by PerlCopyright & 2008-2023 by the contributing authors. All material on this collaboration platform is the property of the contributing authors.
or Ideas, requests, problems regarding TWiki? use Discourse or Send feedback