> I'm working on an application that recieves an x509 certificate along
> with a request. I want to confirm that the certificate has not been
> altered (perhaps to change the "not_after" time).
> Does the following command give this confirmation:
> $ openssl verify -CAfile trusted.cert test.cert
Yes, this command performs default certificate verification
based on CA certificate. This means that digital signature
is checked (which proofs that certificate is not altered)
and next some certificate fields are verified (like certificate
valid time range).