[WLUG] Which CA does my ssl certificate belong to on the file system
Carl T. Miller
carl at carltm.com
Sat Jun 11 16:58:20 EDT 2016
When you connect to a website with a browser (or the
openssl client) you get a copy of the certificate
directly from the webserver. If you want to know where
the certificate is stored locally, you'd have to look
at the configuration of the webserver.
You also mentioned a CA hosted through namecheap. That
would give you the ability to create certificates.
You should be able to access the secret key file and
the certificate file for any certificate you have created.
In addition to this, it is common for your browser to
use certificates to verify well-known CAs. Look in your
browser's configuration to manage to view and, perhaps,
delete these certificates.
So...the first paragraph describes a certificate in use.
The second describes a certificate which may or may not
be in use. The third describes certificates which have
been installed, and can verify a certificate in use.
My question to you...what certificate is it that you
want to find? One you use currently, one that you
created, or one that has been installed?
c
Robert Steckroth wrote:
> Well, I don't know then.. I am under the impression that when a remote
> server sends a certificate, it needs to be verified against the
> certificates in the local file system to ensure that there is no
> middleman.
> So, shouldn't openssl be able to return the local path the any certs which
> correspond to the one sent by the remote?
>
> On Sat, Jun 11, 2016 at 10:18 AM, Carl T. Miller <carl at carltm.com> wrote:
>
>> Hi Robert,
>>
>> You can use openssl to retrieve and view the certificates on a
>> webserver.
>>
>> To retrieve all certs on a server:
>> openssl s_client -connect www.carltm.com:443 -showcerts | tee allcerts
>>
>> To view each cert:
>> (create a file for each cert including the "BEGIN CERTIFICATE" and
>> "END CERTIFICATE" lines)
>> openssl x509 -noout -text -purpose -in onecert
>>
>> I hope this helps with your investigation.
>>
>> c
>>
>>
>> Robert Steckroth wrote:
>> > Hello everyone, I have a interesting question for those of you with
>> https
>> > experience.
>> > I have a certificate authority (through namecheap), chained to my ssl
>> > key/certificate which is distributed by a Ubuntu server. The https
>> content
>> > server is nodejs and serves the ssl cert to three types of platforms:
>> web
>> > browsers, git repositories, and a qt desktop application. The https
>> server
>> > works find on browsers (with the green https uri text). The problem
>> is, I
>> > need to know where the CA certificate is kept on my local ubuntu file
>> > system in order to add it to the qt application and to the git config.
>> I
>> > think maybe it is a cheap CA sense git does not already know about the
>> CA
>> > on the file system (it works if I add it manually via git config
>> > http.sslCAInfo). Anyways, I still would like to know if there is a
>> > terminal
>> > command to find which CA my cert belongs to on the file system. It
>> seems
>> > that they are everywhere on it, jeesh.
>> > ______________________________________________________
>> > washlug mailing list washlug web site
>> > washlug at washlug.org www.washlug.org
>> > http://linux.marcdatabase.com/mailman/listinfo/washlug
>> >
>>
>>
>> ______________________________________________________
>> washlug mailing list washlug web site
>> washlug at washlug.org www.washlug.org
>> http://linux.marcdatabase.com/mailman/listinfo/washlug
>>
>
>
>
> --
> <surgemcgee>
> ______________________________________________________
> washlug mailing list washlug web site
> washlug at washlug.org www.washlug.org
> http://linux.marcdatabase.com/mailman/listinfo/washlug
>
More information about the washlug
mailing list