Determining the root CA cert from an SSL cert

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|

Determining the root CA cert from an SSL cert

Davy Durham
Ok, so deriving/extracting the root CA's certificate from an SSL
certificate is not possible.

So, another question:

Can openssl be given an SSL cert and a list of trusted root CAs' certs
and it just output the root CA's cert that goes with (signed) that SSL
cert?  Or is it a matter of doing an openssl command that would tell you
a fingerprint of the issuer's key/cert from the SSL cert, then another
command to find that fingerprint in a list of other certs?


Thanks,
  Davy

______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]
Reply | Threaded
Open this post in threaded view
|

Re: Determining the root CA cert from an SSL cert

Goetz Babin-Ebell
Davy Durham wrote:
Hello Davy,

> Can openssl be given an SSL cert and a list of trusted root CAs' certs
> and it just output the root CA's cert that goes with (signed) that SSL
> cert?

This is not implemented in the openssl command.
With some own programming it would be possible.

>  Or is it a matter of doing an openssl command that would tell you
> a fingerprint of the issuer's key/cert from the SSL cert, then another
> command to find that fingerprint in a list of other certs?

If the certificate has the appropriate extension
it would be able the get the issuer key fingerprint from it.
But primary certificates (and with that issuer certificates)
are identified by the DN.
Fetching a certificate with its fingerprint is something
you would have to do in an own program.

Bye

Goetz

--
DMCA: The greed of the few outweighs the freedom of the many

smime.p7s (4K) Download Attachment