With the increased demand for it-security, ssl-certificates as part of secure communication between a server and your private pc becomes a very important topic. SSL-certificates are used to validate the server which you are communicating with.

But what if you are not sure, if the other server sends you a valid ssl-certificate?

To solve this problem, openssl is a useful tool to validate this certificates. In this post we shortly discuss a few functions to check if a server ssl-certificate is valid and singed by a trusted provider for ssl-certificates.

The first step is to get the ssl-certificate of the server. Therefore you need the command,
openssl s_client -showcerts -connect some_server:server_port

for example:

openssl s_client -showcerts -connect nimbusec.com:443.

Now you have to copy the part between the

—–BEGIN CERTIFICATE—-

and

—–END CERTIFICATE—–

lines.

Save this part as a some_server.pem file for example nimbusec.pem. Now that you got the file you have to validate it with the certificate of the issuing provider. Normally the certificates of the issuing providers are stored in the openssl programm path. If the provider is not listed you can download the certificate from there website. After that you can validate the certificate.
To do this you have to enter the command,
openssl verify nimbusec.pem

The output of this command should have a line like
nimbusec.pem: OK

If the output doesn’t look like that or you get an error then there is something wrong with the certificate or you don’t have the right ssl-provider certificate. Otherwise if the output is like the provided line above you can be sure that the server you are communicating with has a trusted ssl-certificate.

For further information on ssl-certificate checks, I will show you in the next knowledge base blog post, how to check if the certificate is still valid.