<div dir="ltr">Well, I don't know then.. I am under the impression that when a remote server sends a certificate, it needs to be verified against the certificates in the local file system to ensure that there is no middleman. So, shouldn't openssl be able to return the local path the any certs which correspond to the one sent by the remote?</div><div class="gmail_extra"><br><div class="gmail_quote">On Sat, Jun 11, 2016 at 10:18 AM, Carl T. Miller <span dir="ltr"><<a href="mailto:carl@carltm.com" target="_blank">carl@carltm.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">Hi Robert,<br>
<br>
You can use openssl to retrieve and view the certificates on a webserver.<br>
<br>
To retrieve all certs on a server:<br>
openssl s_client -connect <a href="http://www.carltm.com:443" rel="noreferrer" target="_blank">www.carltm.com:443</a> -showcerts | tee allcerts<br>
<br>
To view each cert:<br>
(create a file for each cert including the "BEGIN CERTIFICATE" and<br>
"END CERTIFICATE" lines)<br>
openssl x509 -noout -text -purpose -in onecert<br>
<br>
I hope this helps with your investigation.<br>
<br>
c<br>
<span class=""><br>
<br>
Robert Steckroth wrote:<br>
> Hello everyone, I have a interesting question for those of you with https<br>
> experience.<br>
> I have a certificate authority (through namecheap), chained to my ssl<br>
> key/certificate which is distributed by a Ubuntu server. The https content<br>
> server is nodejs and serves the ssl cert to three types of platforms: web<br>
> browsers, git repositories, and a qt desktop application. The https server<br>
> works find on browsers (with the green https uri text). The problem is, I<br>
> need to know where the CA certificate is kept on my local ubuntu file<br>
> system in order to add it to the qt application and to the git config. I<br>
> think maybe it is a cheap CA sense git does not already know about the CA<br>
> on the file system (it works if I add it manually via git config<br>
> http.sslCAInfo). Anyways, I still would like to know if there is a<br>
> terminal<br>
> command to find which CA my cert belongs to on the file system. It seems<br>
> that they are everywhere on it, jeesh.<br>
</span>> ______________________________________________________<br>
> washlug mailing list washlug web site<br>
> <a href="mailto:washlug@washlug.org">washlug@washlug.org</a> <a href="http://www.washlug.org" rel="noreferrer" target="_blank">www.washlug.org</a><br>
> <a href="http://linux.marcdatabase.com/mailman/listinfo/washlug" rel="noreferrer" target="_blank">http://linux.marcdatabase.com/mailman/listinfo/washlug</a><br>
><br>
<br>
<br>
______________________________________________________<br>
washlug mailing list washlug web site<br>
<a href="mailto:washlug@washlug.org">washlug@washlug.org</a> <a href="http://www.washlug.org" rel="noreferrer" target="_blank">www.washlug.org</a><br>
<a href="http://linux.marcdatabase.com/mailman/listinfo/washlug" rel="noreferrer" target="_blank">http://linux.marcdatabase.com/mailman/listinfo/washlug</a><br>
</blockquote></div><br><br clear="all"><div><br></div>-- <br><div class="gmail_signature" data-smartmail="gmail_signature"><div dir="ltr"><surgemcgee><br><br><div><br></div><div><br></div></div></div>
</div>