HostAndUserCert < LCG < TWiki

LCG Web>LCGGridDeployment>LCGProductionServices>HostAndUserCert (2007-02-23, YvanCalas)

LCG Production Services - LCG Grid Deployment

How to request a new host certificate
How to check the certificate in "clear" text
How to know the get subject and end of validity of a certificate
How to check that the a certificate matchs with his associated private key
How to check if the host certificate is valid for use as SSL server

How to request a new host certificate

See the following wiki page.

How to check the certificate in "clear" text

    openssl x509 -text -in hostcert.pem

How to know the get subject and end of validity of a certificate

    openssl x509 -subject -in hostcert.pem
    openssl x509 -enddate -in hostcert.pem

Other fields value are also available (check it with openssl x509 -help).

How to check that the a certificate matchs with his associated private key

    openssl pkcs12 -export -in hostcert.pem -inkey hostkey.pem -out /dev/null

It it does not match, the error message "No certificate matches private key" is displayed.

How to check if the host certificate is valid for use as SSL server

    openssl verify -CApath /etc/grid-security/certificates/ -purpose sslserver hostcert.pem

Check the man page: openssl verify -help

-- YvanCalas - 23 Feb 2007

Edit | Attach | ~~Watch~~ | Print version | History: r1 | Backlinks | Raw View | WYSIWYG | More topic actions

Topic revision: r1 - 2007-02-23 - YvanCalas

LCG

LCG Wikis

LCG Service Coordination

LCG Grid Deployment

LCG Applications Area

Welcome Guest

Login or Register

CERN

- Cern Search
- TWiki Search
- Google Search
LCG All webs

Copyright &© 2008-2020 by the contributing authors. All material on this collaboration platform is the property of the contributing authors.
Ideas, requests, problems regarding TWiki? Send feedback