Name
verify
Synopsis
The verify
command is used to verify the validity
of X.509 certificates. It performs an exhaustive check on a
certificate, including validation of each certificate in a chain of
certificates.
Options
- -CAfile filename
Specify the name of a file containing one or more trusted certificates.
- -CApath directory
Specify the name of a directory containing trusted certificates. There should be one certificate per file in the directory, and each file should be named by the certificate issuer name’s hash and an extension of “.0”.
- -untrusted filename
Specify the name of a file containing one or more untrusted certificates.
- -purpose purpose
Specify the purpose for the certificate being verified. If this option is omitted, no chain verification of certificates is performed. Valid purposes are
sslclient,sslserver,nssslserver,smimesign, andsmimeencrypt.- -issuer_checks
Cause diagnostic messages relating to searches for issuer certificates to be printed.
- -verbose
Cause extra information about the operations that are being performed to be printed.
Notes
An argument consisting only of a dash (-) is considered a marker that means each argument that follows is the name of a file containing a certificate to be verified. It may be omitted, but is useful when a filename begins with a dash. Each argument that is not an option or parameter to an option is interpreted as the name of a file containing a certificate to be verified.
Get Network Security with OpenSSL now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
