[WLUG] Which CA does my ssl certificate belong to on the file system

Robert Steckroth robertsteckroth at gmail.com
Sat Jun 11 18:12:48 EDT 2016 

Yes, thank you for the response Carl. I need to know what certificate
corresponds with the installed CA certificates. It is not just the browsers
which verify certificates with a CA-certificate, it is every platform that
uses https. Therefore, in order to manually verify a remotely served
certificate is trusted, I need to know which CA-certificate it was created
from on the local file system. It just seems like a simple terminal command
would locate the CA-certificate for any given certificate, but research has
proved time consuming.

On Sat, Jun 11, 2016 at 4:58 PM, Carl T. Miller <carl at carltm.com> wrote:

> When you connect to a website with a browser (or the
> openssl client) you get a copy of the certificate
> directly from the webserver.  If you want to know where
> the certificate is stored locally, you'd have to look
> at the configuration of the webserver.
>
> You also mentioned a CA hosted through namecheap.  That
> would give you the ability to create certificates.
> You should be able to access the secret key file and
> the certificate file for any certificate you have created.
>
> In addition to this, it is common for your browser to
> use certificates to verify well-known CAs.  Look in your
> browser's configuration to manage to view and, perhaps,
> delete these certificates.
>
> So...the first paragraph describes a certificate in use.
> The second describes a certificate which may or may not
> be in use.  The third describes certificates which have
> been installed, and can verify a certificate in use.
>
> My question to you...what certificate is it that you
> want to find?  One you use currently, one that you
> created, or one that has been installed?
>
> c
>
>
> Robert Steckroth wrote:
> > Well, I don't know then.. I am under the impression that when a remote
> > server sends a certificate, it needs to be verified against the
> > certificates in the local file system to ensure that there is no
> > middleman.
> > So, shouldn't openssl be able to return the local path the any certs
> which
> > correspond to the one sent by the remote?
> >
> > On Sat, Jun 11, 2016 at 10:18 AM, Carl T. Miller <carl at carltm.com>
> wrote:
> >
> >> Hi Robert,
> >>
> >> You can use openssl to retrieve and view the certificates on a
> >> webserver.
> >>
> >> To retrieve all certs on a server:
> >> openssl s_client -connect www.carltm.com:443 -showcerts | tee allcerts
> >>
> >> To view each cert:
> >> (create a file for each cert including the "BEGIN CERTIFICATE" and
> >> "END CERTIFICATE" lines)
> >> openssl x509 -noout -text -purpose -in onecert
> >>
> >> I hope this helps with your investigation.
> >>
> >> c
> >>
> >>
> >> Robert Steckroth wrote:
> >> > Hello everyone, I have a interesting question for those of you with
> >> https
> >> > experience.
> >> > I have a certificate authority (through namecheap), chained to my ssl
> >> > key/certificate which is distributed by a Ubuntu server. The https
> >> content
> >> > server is nodejs and serves the ssl cert to three types of platforms:
> >> web
> >> > browsers, git repositories, and a qt desktop application. The https
> >> server
> >> > works find on browsers (with the green https uri text). The problem
> >> is, I
> >> > need to know where the CA certificate is kept on my local ubuntu file
> >> > system in order to add it to the qt application and to the git config.
> >> I
> >> > think maybe it is a cheap CA sense git does not already know about the
> >> CA
> >> > on the file system (it works if I add it manually via git config
> >> > http.sslCAInfo). Anyways, I still would like to know if there is a
> >> > terminal
> >> > command to find which CA my cert belongs to on the file system. It
> >> seems
> >> > that they are everywhere on it, jeesh.
> >> > ______________________________________________________
> >> > washlug mailing list    washlug web site
> >> > washlug at washlug.org     www.washlug.org
> >> > http://linux.marcdatabase.com/mailman/listinfo/washlug
> >> >
> >>
> >>
> >> ______________________________________________________
> >> washlug mailing list    washlug web site
> >> washlug at washlug.org     www.washlug.org
> >> http://linux.marcdatabase.com/mailman/listinfo/washlug
> >>
> >
> >
> >
> > --
> > <surgemcgee>
> > ______________________________________________________
> > washlug mailing list    washlug web site
> > washlug at washlug.org     www.washlug.org
> > http://linux.marcdatabase.com/mailman/listinfo/washlug
> >
>
>
> ______________________________________________________
> washlug mailing list    washlug web site
> washlug at washlug.org     www.washlug.org
> http://linux.marcdatabase.com/mailman/listinfo/washlug
>



-- 
<surgemcgee>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://linux.marcdatabase.com/pipermail/washlug/attachments/20160611/02f43c7d/attachment.html

More information about the washlug mailing list