Check if SSL Certificate is Self-Signed using OpenSSL

Check if SSL Certificate is Self-Signed using OpenSSL

A self-signed SSL certificates are often used for testing purposes. It is a certificate that is not signed by a trusted certificate authority (CA). This tutorial shows how to check if SSL certificate is self-signed using OpenSSL.

Let's say we have the following certificate:

-----BEGIN CERTIFICATE-----
MIICBzCCAbGgAwIBAgIUblsRRtsMLsqKSXHL3OeHVDTAaAkwDQYJKoZIhvcNAQEL
BQAwWDELMAkGA1UEBhMCVVMxFTATBgNVBAoMDFRlc3QgQ29tcGFueTEfMB0GA1UE
CwwWVGVzdCBPcmdhbml6YXRpb24gVW5pdDERMA8GA1UEAwwIdGVzdC5jb20wHhcN
MjIwNzE4MDEzMDMwWhcNMjMwNzE4MDEzMDMwWjBYMQswCQYDVQQGEwJVUzEVMBMG
A1UECgwMVGVzdCBDb21wYW55MR8wHQYDVQQLDBZUZXN0IE9yZ2FuaXphdGlvbiBV
bml0MREwDwYDVQQDDAh0ZXN0LmNvbTBcMA0GCSqGSIb3DQEBAQUAA0sAMEgCQQDf
6LwJoaDTpxNlaCXlLp6RAfgsE8j2yiPFZ0Pqy2u+a4gbZn2KxnVA/Ar/6foqC/Os
cEr1/h2F55D33xF3OyJVAgMBAAGjUzBRMB0GA1UdDgQWBBR01dWXvKnNVQl97YZP
vnpvtsFb7jAfBgNVHSMEGDAWgBR01dWXvKnNVQl97YZPvnpvtsFb7jAPBgNVHRMB
Af8EBTADAQH/MA0GCSqGSIb3DQEBCwUAA0EAOeLvRxxC+WnhnBaURnyhWM1aHP6j
WYXSGiQh6VA6vxoShAUFd56anAT7LfX6wJdnDJrtHkaK2zK6JM7mxqF79w==
-----END CERTIFICATE-----

The openssl verify command can be used for verifying certificate chains.

openssl verify -CAfile test.crt test.crt

In our case, the command prints test.crt: OK because the SSL certificate is self-signed.

If the certificate is signed by a CA, the command prints the following output:

error 20 at 0 depth lookup: unable to get local issuer certificate
error certificate_file.crt: verification failed

The meaning of options and arguments:

  • -CAfile test.crt - specifies the filename to read CA certificate.
  • test.crt - certificate filename which should be verified.

Related

Leave a Comment

Cancel reply

Your email address will not be published.