next up previous contents
Next: Requesting Server Certificates Up: Certificate Verification Previous: Certificate Verification   Contents

X509 Certificates

To verify your X509 certificates, you may use ssl-vfy-cert.sh, a simple certificate verification tool. The tool is a menu driven procedure that shows relevant information about your certificate and operates as follows:

Users should always check the certificate validity period with the date option.
To check whether the certificate is a personal one or a server one, use the subject option and verify the subject parameters OU and CN. For personal certificates the parameters are:
OU=Personal Certificate
CN=Mary Jones, i.e. the certificate owner name.
For Server certificates the parameters are:
OU=Host
CN=mynode.bo.infn.it, i.e. the fully qualified IP name of the node.


The tool may print error messages as follows:


CERTIFICATE VERIFICATION TOOL ssl-vfy-cert.sh
#!/bin/bash
#
CERT=$1
if [ -z $1 ]
then
echo "cert.pem file name needed - abort"
exit
fi
#
while echo -n 'Command: '
read cmd
do
case $cmd in
end|quit ) break
;;
help )
echo " "
echo " The supported commands are:"
echo " "
echo " help type procedure menu"
echo " date type Certificate Validity Dates"
echo " subj type Certificate Subjext"
echo " file set new Certificate file name"
echo " purpose type Certificate Purpose"
echo " text type Certificate full Text"
echo " sh enter bash shell - type exit to reenetr procedure"
echo " "
;;
date )
openssl x509 -in $CERT -noout -dates
;;
subj )
openssl x509 -in $CERT -noout -subject
;;
text )
openssl x509 -in $CERT -noout -text
;;
purpose )
openssl x509 -in $CERT -noout -purpose
;;
file )
echo -n "New Cert File Name: "
read CERT
echo verify CERT file: $CERT
;;
sh )
bash
;;
* )
echo "Invalid Command"
;;
esac
done
exit


next up previous contents
Next: Requesting Server Certificates Up: Certificate Verification Previous: Certificate Verification   Contents
luvisetto 2008-11-18