LCG Production Services - LCG Grid Deployment

How to request a new host certificate

See the following wiki page.

How to check the certificate in "clear" text

    openssl x509 -text -in hostcert.pem

How to know the get subject and end of validity of a certificate

    openssl x509 -subject -in hostcert.pem
    openssl x509 -enddate -in hostcert.pem

Other fields value are also available (check it with openssl x509 -help).

How to check that the a certificate matchs with his associated private key

    openssl pkcs12 -export -in hostcert.pem -inkey hostkey.pem -out /dev/null

It it does not match, the error message "No certificate matches private key" is displayed.

How to check if the host certificate is valid for use as SSL server

    openssl verify -CApath /etc/grid-security/certificates/ -purpose sslserver hostcert.pem 

Check the man page: openssl verify -help

-- YvanCalas - 23 Feb 2007

This topic: LCG > WebHome > LCGGridDeployment > LCGProductionServices > HostAndUserCert
Topic revision: r1 - 2007-02-23 - YvanCalas
This site is powered by the TWiki collaboration platform Powered by PerlCopyright & 2008-2021 by the contributing authors. All material on this collaboration platform is the property of the contributing authors.
or Ideas, requests, problems regarding TWiki? use Discourse or Send feedback