Certificate Verification

classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|

Certificate Verification

Tim Corio
I'm working on an application that recieves an x509 certificate along
with a request.  I want to confirm that the certificate has not been
altered (perhaps to change the "not_after" time).

Does the following command give this confirmation:

$ openssl verify -CAfile trusted.cert test.cert

My application is written in Perl and I'm using open2(...) to execute
the "openssl verify ..." command.  Is there a CPAN module that will give
more direct access to the openssl libraries for this task?

Thanks,
Tim

______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]
Reply | Threaded
Open this post in threaded view
|

Re: Certificate Verification

Marek.Marcola
Hello,
> I'm working on an application that recieves an x509 certificate along
> with a request.  I want to confirm that the certificate has not been
> altered (perhaps to change the "not_after" time).
>
> Does the following command give this confirmation:
>
> $ openssl verify -CAfile trusted.cert test.cert
Yes, this command performs default certificate verification
based on CA certificate. This means that digital signature
is checked (which proofs that certificate is not altered)
and next some certificate fields are verified (like certificate
valid time range).

Best regards,
--
Marek Marcola <[hidden email]>

______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]