Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss
[openssl-users] How to display root certificate in command line
5 views
Skip to first unread message
Jerry OELoo
Dec 22, 2014, 5:58:52 AM12/22/14
to
Hi All:
I have used openssl command line to get some website's certificate
chain. Now, I want to show root certificate information. but I do not
find any command argument to do it.
openssl s_client -showcerts -CApath /etc/ssl/certs -connect
studentexclusives.hsbc.co.uk:443
I use -CApath to set root certificate path.
From below, I can get full certificate path. 3 certificates
CONNECTED(00000003)
depth=2 C = US, O = "VeriSign, Inc.", OU = VeriSign Trust Network, OU
= "(c) 2006 VeriSign, Inc. - For authorized use only", CN = VeriSign
Class 3 Public Primary Certification Authority - G5
verify return:1
depth=1 C = US, O = "VeriSign, Inc.", OU = VeriSign Trust Network, OU
= Terms of use at https://www.verisign.com/rpa (c)10, CN = VeriSign
Class 3 Secure Server CA - G3
verify return:1
depth=0 C = GB, ST = London, L = London, O = HSBC Holdings plc, OU =
HTSE, CN = studentexclusives.hsbc.co.uk
verify return:1
But in certificate chain, I only get 2 certificates information (I
think this two are return by website.)
---
Certificate chain
0 s:/C=GB/ST=London/L=London/O=HSBC Holdings
plc/OU=HTSE/CN=studentexclusives.hsbc.co.uk
i:/C=US/O=VeriSign, Inc./OU=VeriSign Trust Network/OU=Terms of use
at https://www.verisign.com/rpa (c)10/CN=VeriSign Class 3 Secure
Server CA - G3
-----BEGIN CERTIFICATE-----
MIIFUDCCBDigAwIBAgIQTw4Fx5Xv3tBjt8gNVOKAjjANBgkqhkiG9w0BAQUFADCB
tTELMAkGA1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMR8wHQYDVQQL
ExZWZXJpU2lnbiBUcnVzdCBOZXR3b3JrMTswOQYDVQQLEzJUZXJtcyBvZiB1c2Ug
YXQgaHR0cHM6Ly93d3cudmVyaXNpZ24uY29tL3JwYSAoYykxMDEvMC0GA1UEAxMm
VmVyaVNpZ24gQ2xhc3MgMyBTZWN1cmUgU2VydmVyIENBIC0gRzMwHhcNMTMwODA2
MDAwMDAwWhcNMTUwODA3MjM1OTU5WjCBgTELMAkGA1UEBhMCR0IxDzANBgNVBAgT
BkxvbmRvbjEPMA0GA1UEBxQGTG9uZG9uMRowGAYDVQQKFBFIU0JDIEhvbGRpbmdz
IHBsYzENMAsGA1UECxQESFRTRTElMCMGA1UEAxQcc3R1ZGVudGV4Y2x1c2l2ZXMu
aHNiYy5jby51azCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAOpGrR8P
hBbnPeewbha7UitdVHL+Zk7HCQ9Hi67+1GI8HgX+eMRk2w/LHL7gYSNr9ZelIPap
ZfTDwBnHyUUH3SAf5ajg5vVFtROCYr9LLFXEW/97Qy6Anh1efJo15eoBXUYVYhBW
IMjU6sO9T+kRBMgxoqtVM4WVmy4pN3NqHqF/8D4k+Y+fcBt2Nm3D/YwI+4H7Bt+P
ap5oj5uALFdcr+dbO76FomAAJ3vjTw10lBCCdfnKmOjBayAVoz/qz91Fy1BYY9jA
l9p1EXml1bYSPJaxfejiyKjHni64cBAMtHyhknlJYDs47mnyp5FLpg3nmxtGCNMR
jXPtxRLDrFMAuGsCAwEAAaOCAYwwggGIMCcGA1UdEQQgMB6CHHN0dWRlbnRleGNs
dXNpdmVzLmhzYmMuY28udWswCQYDVR0TBAIwADAOBgNVHQ8BAf8EBAMCBaAwHQYD
VR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMEMGA1UdIAQ8MDowOAYKYIZIAYb4
RQEHNjAqMCgGCCsGAQUFBwIBFhxodHRwczovL3d3dy52ZXJpc2lnbi5jb20vY3Bz
MB8GA1UdIwQYMBaAFA1EXBZTRMGCfh0gqyX0AWPYvnmlMEUGA1UdHwQ+MDwwOqA4
oDaGNGh0dHA6Ly9TVlJTZWN1cmUtRzMtY3JsLnZlcmlzaWduLmNvbS9TVlJTZWN1
cmVHMy5jcmwwdgYIKwYBBQUHAQEEajBoMCQGCCsGAQUFBzABhhhodHRwOi8vb2Nz
cC52ZXJpc2lnbi5jb20wQAYIKwYBBQUHMAKGNGh0dHA6Ly9TVlJTZWN1cmUtRzMt
YWlhLnZlcmlzaWduLmNvbS9TVlJTZWN1cmVHMy5jZXIwDQYJKoZIhvcNAQEFBQAD
ggEBAFVoAhJ7Xv0hcv7fkR/mLE+OVhzgkwhTcANZmAuEQwo3ZwHICXg3p/ZjuRe6
4EV1CqSq1RwswG2GtOHFZ+CaC9Fi3lIDVRzaudLkYCF7mtLZls7DF3/HsoJ6muYX
P0X3IsQ6hnc6a3ChdyN+IJymW/KRRUtHKmA/BQS8hOGpdmxvZIdgIkrHoAO3EXfk
SkESma7BMDeW0DOeGuDhUrvn2N6UdyWSA2cdk6d4fQxWawqOiUtYT+o2oX3imDrg
cDKU9HB3eqd0K5nwDFIFlbsZHs6gIGJVJeGVuk07Px5ucOZBFc/UMBBRI3bm2HW4
sjn3tNB8AITr3v3+Evf4vMnbaIs=
-----END CERTIFICATE-----
1 s:/C=US/O=VeriSign, Inc./OU=VeriSign Trust Network/OU=Terms of use
at https://www.verisign.com/rpa (c)10/CN=VeriSign Class 3 Secure
Server CA - G3
i:/C=US/O=VeriSign, Inc./OU=VeriSign Trust Network/OU=(c) 2006
VeriSign, Inc. - For authorized use only/CN=VeriSign Class 3 Public
Primary Certification Authority - G5
-----BEGIN CERTIFICATE-----
MIIF7DCCBNSgAwIBAgIQbsx6pacDIAm4zrz06VLUkTANBgkqhkiG9w0BAQUFADCB
yjELMAkGA1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMR8wHQYDVQQL
ExZWZXJpU2lnbiBUcnVzdCBOZXR3b3JrMTowOAYDVQQLEzEoYykgMjAwNiBWZXJp
U2lnbiwgSW5jLiAtIEZvciBhdXRob3JpemVkIHVzZSBvbmx5MUUwQwYDVQQDEzxW
ZXJpU2lnbiBDbGFzcyAzIFB1YmxpYyBQcmltYXJ5IENlcnRpZmljYXRpb24gQXV0
aG9yaXR5IC0gRzUwHhcNMTAwMjA4MDAwMDAwWhcNMjAwMjA3MjM1OTU5WjCBtTEL
MAkGA1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMR8wHQYDVQQLExZW
ZXJpU2lnbiBUcnVzdCBOZXR3b3JrMTswOQYDVQQLEzJUZXJtcyBvZiB1c2UgYXQg
aHR0cHM6Ly93d3cudmVyaXNpZ24uY29tL3JwYSAoYykxMDEvMC0GA1UEAxMmVmVy
aVNpZ24gQ2xhc3MgMyBTZWN1cmUgU2VydmVyIENBIC0gRzMwggEiMA0GCSqGSIb3
DQEBAQUAA4IBDwAwggEKAoIBAQCxh4QfwgxF9byrJZenraI+nLr2wTm4i8rCrFbG
5btljkRPTc5v7QlK1K9OEJxoiy6Ve4mbE8riNDTB81vzSXtig0iBdNGIeGwCU/m8
f0MmV1gzgzszChew0E6RJK2GfWQS3HRKNKEdCuqWHQsV/KNLO85jiND4LQyUhhDK
tpo9yus3nABINYYpUHjoRWPNGUFP9ZXse5jUxHGzUL4os4+guVOc9cosI6n9FAbo
GLSa6Dxugf3kzTU2s1HTaewSulZub5tXxYsU5w7HnO1KVGrJTcW/EbGuHGeBy0RV
M5l/JJs/U0V/hhrzPPptf4H1uErT9YU3HLWm0AnkGHs4TvoPAgMBAAGjggHfMIIB
2zA0BggrBgEFBQcBAQQoMCYwJAYIKwYBBQUHMAGGGGh0dHA6Ly9vY3NwLnZlcmlz
aWduLmNvbTASBgNVHRMBAf8ECDAGAQH/AgEAMHAGA1UdIARpMGcwZQYLYIZIAYb4
RQEHFwMwVjAoBggrBgEFBQcCARYcaHR0cHM6Ly93d3cudmVyaXNpZ24uY29tL2Nw
czAqBggrBgEFBQcCAjAeGhxodHRwczovL3d3dy52ZXJpc2lnbi5jb20vcnBhMDQG
A1UdHwQtMCswKaAnoCWGI2h0dHA6Ly9jcmwudmVyaXNpZ24uY29tL3BjYTMtZzUu
Y3JsMA4GA1UdDwEB/wQEAwIBBjBtBggrBgEFBQcBDARhMF+hXaBbMFkwVzBVFglp
bWFnZS9naWYwITAfMAcGBSsOAwIaBBSP5dMahqyNjmvDz4Bq1EgYLHsZLjAlFiNo
dHRwOi8vbG9nby52ZXJpc2lnbi5jb20vdnNsb2dvLmdpZjAoBgNVHREEITAfpB0w
GzEZMBcGA1UEAxMQVmVyaVNpZ25NUEtJLTItNjAdBgNVHQ4EFgQUDURcFlNEwYJ+
HSCrJfQBY9i+eaUwHwYDVR0jBBgwFoAUf9Nlp8Ld7LvwMAnzQzn6Aq8zMTMwDQYJ
KoZIhvcNAQEFBQADggEBAAyDJO/dwwzZWJz+NrbrioBL0aP3nfPMU++CnqOh5pfB
WJ11bOAdG0z60cEtBcDqbrIicFXZIDNAMwfCZYP6j0M3m+oOmmxw7vacgDvZN/R6
bezQGH1JSsqZxxkoor7YdyT3hSaGbYcFQEFn0Sc67dxIHSLNCwuLvPSxe/20majp
dirhGi2HbnTTiN0eIsbfFrYrghQKlFzyUOyvzv9iNw2tZdMGQVPtAhTItVgooazg
W+yzf5VK+wPIrSbb5mZ4EkrZn0L74ZjmQoObj49nJOhhGbXdzbULJgWOw27EyHW4
Rs/iGAZeqa6ogZpHFt4MKGwlJ7net4RYxh84HqTEy2Y=
-----END CERTIFICATE-----
---
Now I want to also display root certificate "VeriSign Class 3 Public
Primary Certification Authority - G5" information, How can I show it?
Thanks!
--
Rejoice,I Desire!
_______________________________________________
openssl-users mailing list
openss...@openssl.org
https://mta.opensslfoundation.net/mailman/listinfo/openssl-users
I have used openssl command line to get some website's certificate
chain. Now, I want to show root certificate information. but I do not
find any command argument to do it.
openssl s_client -showcerts -CApath /etc/ssl/certs -connect
studentexclusives.hsbc.co.uk:443
I use -CApath to set root certificate path.
From below, I can get full certificate path. 3 certificates
CONNECTED(00000003)
depth=2 C = US, O = "VeriSign, Inc.", OU = VeriSign Trust Network, OU
= "(c) 2006 VeriSign, Inc. - For authorized use only", CN = VeriSign
Class 3 Public Primary Certification Authority - G5
verify return:1
depth=1 C = US, O = "VeriSign, Inc.", OU = VeriSign Trust Network, OU
= Terms of use at https://www.verisign.com/rpa (c)10, CN = VeriSign
Class 3 Secure Server CA - G3
verify return:1
depth=0 C = GB, ST = London, L = London, O = HSBC Holdings plc, OU =
HTSE, CN = studentexclusives.hsbc.co.uk
verify return:1
But in certificate chain, I only get 2 certificates information (I
think this two are return by website.)
---
Certificate chain
0 s:/C=GB/ST=London/L=London/O=HSBC Holdings
plc/OU=HTSE/CN=studentexclusives.hsbc.co.uk
i:/C=US/O=VeriSign, Inc./OU=VeriSign Trust Network/OU=Terms of use
at https://www.verisign.com/rpa (c)10/CN=VeriSign Class 3 Secure
Server CA - G3
-----BEGIN CERTIFICATE-----
MIIFUDCCBDigAwIBAgIQTw4Fx5Xv3tBjt8gNVOKAjjANBgkqhkiG9w0BAQUFADCB
tTELMAkGA1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMR8wHQYDVQQL
ExZWZXJpU2lnbiBUcnVzdCBOZXR3b3JrMTswOQYDVQQLEzJUZXJtcyBvZiB1c2Ug
YXQgaHR0cHM6Ly93d3cudmVyaXNpZ24uY29tL3JwYSAoYykxMDEvMC0GA1UEAxMm
VmVyaVNpZ24gQ2xhc3MgMyBTZWN1cmUgU2VydmVyIENBIC0gRzMwHhcNMTMwODA2
MDAwMDAwWhcNMTUwODA3MjM1OTU5WjCBgTELMAkGA1UEBhMCR0IxDzANBgNVBAgT
BkxvbmRvbjEPMA0GA1UEBxQGTG9uZG9uMRowGAYDVQQKFBFIU0JDIEhvbGRpbmdz
IHBsYzENMAsGA1UECxQESFRTRTElMCMGA1UEAxQcc3R1ZGVudGV4Y2x1c2l2ZXMu
aHNiYy5jby51azCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAOpGrR8P
hBbnPeewbha7UitdVHL+Zk7HCQ9Hi67+1GI8HgX+eMRk2w/LHL7gYSNr9ZelIPap
ZfTDwBnHyUUH3SAf5ajg5vVFtROCYr9LLFXEW/97Qy6Anh1efJo15eoBXUYVYhBW
IMjU6sO9T+kRBMgxoqtVM4WVmy4pN3NqHqF/8D4k+Y+fcBt2Nm3D/YwI+4H7Bt+P
ap5oj5uALFdcr+dbO76FomAAJ3vjTw10lBCCdfnKmOjBayAVoz/qz91Fy1BYY9jA
l9p1EXml1bYSPJaxfejiyKjHni64cBAMtHyhknlJYDs47mnyp5FLpg3nmxtGCNMR
jXPtxRLDrFMAuGsCAwEAAaOCAYwwggGIMCcGA1UdEQQgMB6CHHN0dWRlbnRleGNs
dXNpdmVzLmhzYmMuY28udWswCQYDVR0TBAIwADAOBgNVHQ8BAf8EBAMCBaAwHQYD
VR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMEMGA1UdIAQ8MDowOAYKYIZIAYb4
RQEHNjAqMCgGCCsGAQUFBwIBFhxodHRwczovL3d3dy52ZXJpc2lnbi5jb20vY3Bz
MB8GA1UdIwQYMBaAFA1EXBZTRMGCfh0gqyX0AWPYvnmlMEUGA1UdHwQ+MDwwOqA4
oDaGNGh0dHA6Ly9TVlJTZWN1cmUtRzMtY3JsLnZlcmlzaWduLmNvbS9TVlJTZWN1
cmVHMy5jcmwwdgYIKwYBBQUHAQEEajBoMCQGCCsGAQUFBzABhhhodHRwOi8vb2Nz
cC52ZXJpc2lnbi5jb20wQAYIKwYBBQUHMAKGNGh0dHA6Ly9TVlJTZWN1cmUtRzMt
YWlhLnZlcmlzaWduLmNvbS9TVlJTZWN1cmVHMy5jZXIwDQYJKoZIhvcNAQEFBQAD
ggEBAFVoAhJ7Xv0hcv7fkR/mLE+OVhzgkwhTcANZmAuEQwo3ZwHICXg3p/ZjuRe6
4EV1CqSq1RwswG2GtOHFZ+CaC9Fi3lIDVRzaudLkYCF7mtLZls7DF3/HsoJ6muYX
P0X3IsQ6hnc6a3ChdyN+IJymW/KRRUtHKmA/BQS8hOGpdmxvZIdgIkrHoAO3EXfk
SkESma7BMDeW0DOeGuDhUrvn2N6UdyWSA2cdk6d4fQxWawqOiUtYT+o2oX3imDrg
cDKU9HB3eqd0K5nwDFIFlbsZHs6gIGJVJeGVuk07Px5ucOZBFc/UMBBRI3bm2HW4
sjn3tNB8AITr3v3+Evf4vMnbaIs=
-----END CERTIFICATE-----
1 s:/C=US/O=VeriSign, Inc./OU=VeriSign Trust Network/OU=Terms of use
at https://www.verisign.com/rpa (c)10/CN=VeriSign Class 3 Secure
Server CA - G3
i:/C=US/O=VeriSign, Inc./OU=VeriSign Trust Network/OU=(c) 2006
VeriSign, Inc. - For authorized use only/CN=VeriSign Class 3 Public
Primary Certification Authority - G5
-----BEGIN CERTIFICATE-----
MIIF7DCCBNSgAwIBAgIQbsx6pacDIAm4zrz06VLUkTANBgkqhkiG9w0BAQUFADCB
yjELMAkGA1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMR8wHQYDVQQL
ExZWZXJpU2lnbiBUcnVzdCBOZXR3b3JrMTowOAYDVQQLEzEoYykgMjAwNiBWZXJp
U2lnbiwgSW5jLiAtIEZvciBhdXRob3JpemVkIHVzZSBvbmx5MUUwQwYDVQQDEzxW
ZXJpU2lnbiBDbGFzcyAzIFB1YmxpYyBQcmltYXJ5IENlcnRpZmljYXRpb24gQXV0
aG9yaXR5IC0gRzUwHhcNMTAwMjA4MDAwMDAwWhcNMjAwMjA3MjM1OTU5WjCBtTEL
MAkGA1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMR8wHQYDVQQLExZW
ZXJpU2lnbiBUcnVzdCBOZXR3b3JrMTswOQYDVQQLEzJUZXJtcyBvZiB1c2UgYXQg
aHR0cHM6Ly93d3cudmVyaXNpZ24uY29tL3JwYSAoYykxMDEvMC0GA1UEAxMmVmVy
aVNpZ24gQ2xhc3MgMyBTZWN1cmUgU2VydmVyIENBIC0gRzMwggEiMA0GCSqGSIb3
DQEBAQUAA4IBDwAwggEKAoIBAQCxh4QfwgxF9byrJZenraI+nLr2wTm4i8rCrFbG
5btljkRPTc5v7QlK1K9OEJxoiy6Ve4mbE8riNDTB81vzSXtig0iBdNGIeGwCU/m8
f0MmV1gzgzszChew0E6RJK2GfWQS3HRKNKEdCuqWHQsV/KNLO85jiND4LQyUhhDK
tpo9yus3nABINYYpUHjoRWPNGUFP9ZXse5jUxHGzUL4os4+guVOc9cosI6n9FAbo
GLSa6Dxugf3kzTU2s1HTaewSulZub5tXxYsU5w7HnO1KVGrJTcW/EbGuHGeBy0RV
M5l/JJs/U0V/hhrzPPptf4H1uErT9YU3HLWm0AnkGHs4TvoPAgMBAAGjggHfMIIB
2zA0BggrBgEFBQcBAQQoMCYwJAYIKwYBBQUHMAGGGGh0dHA6Ly9vY3NwLnZlcmlz
aWduLmNvbTASBgNVHRMBAf8ECDAGAQH/AgEAMHAGA1UdIARpMGcwZQYLYIZIAYb4
RQEHFwMwVjAoBggrBgEFBQcCARYcaHR0cHM6Ly93d3cudmVyaXNpZ24uY29tL2Nw
czAqBggrBgEFBQcCAjAeGhxodHRwczovL3d3dy52ZXJpc2lnbi5jb20vcnBhMDQG
A1UdHwQtMCswKaAnoCWGI2h0dHA6Ly9jcmwudmVyaXNpZ24uY29tL3BjYTMtZzUu
Y3JsMA4GA1UdDwEB/wQEAwIBBjBtBggrBgEFBQcBDARhMF+hXaBbMFkwVzBVFglp
bWFnZS9naWYwITAfMAcGBSsOAwIaBBSP5dMahqyNjmvDz4Bq1EgYLHsZLjAlFiNo
dHRwOi8vbG9nby52ZXJpc2lnbi5jb20vdnNsb2dvLmdpZjAoBgNVHREEITAfpB0w
GzEZMBcGA1UEAxMQVmVyaVNpZ25NUEtJLTItNjAdBgNVHQ4EFgQUDURcFlNEwYJ+
HSCrJfQBY9i+eaUwHwYDVR0jBBgwFoAUf9Nlp8Ld7LvwMAnzQzn6Aq8zMTMwDQYJ
KoZIhvcNAQEFBQADggEBAAyDJO/dwwzZWJz+NrbrioBL0aP3nfPMU++CnqOh5pfB
WJ11bOAdG0z60cEtBcDqbrIicFXZIDNAMwfCZYP6j0M3m+oOmmxw7vacgDvZN/R6
bezQGH1JSsqZxxkoor7YdyT3hSaGbYcFQEFn0Sc67dxIHSLNCwuLvPSxe/20majp
dirhGi2HbnTTiN0eIsbfFrYrghQKlFzyUOyvzv9iNw2tZdMGQVPtAhTItVgooazg
W+yzf5VK+wPIrSbb5mZ4EkrZn0L74ZjmQoObj49nJOhhGbXdzbULJgWOw27EyHW4
Rs/iGAZeqa6ogZpHFt4MKGwlJ7net4RYxh84HqTEy2Y=
-----END CERTIFICATE-----
---
Now I want to also display root certificate "VeriSign Class 3 Public
Primary Certification Authority - G5" information, How can I show it?
Thanks!
--
Rejoice,I Desire!
_______________________________________________
openssl-users mailing list
openss...@openssl.org
https://mta.opensslfoundation.net/mailman/listinfo/openssl-users
Jakob Bohm
Dec 22, 2014, 9:09:10 AM12/22/14
to
> -----END CERTIFICATE-----
> 1 s:/C=US/O=VeriSign, Inc./OU=VeriSign Trust Network/OU=Terms of use
> at https://www.verisign.com/rpa (c)10/CN=VeriSign Class 3 Secure
> Server CA - G3
> i:/C=US/O=VeriSign, Inc./OU=VeriSign Trust Network/OU=(c) 2006
> VeriSign, Inc. - For authorized use only/CN=VeriSign Class 3 Public
> Primary Certification Authority - G5
> -----BEGIN CERTIFICATE-----
> ...
> 1 s:/C=US/O=VeriSign, Inc./OU=VeriSign Trust Network/OU=Terms of use
> at https://www.verisign.com/rpa (c)10/CN=VeriSign Class 3 Secure
> Server CA - G3
> i:/C=US/O=VeriSign, Inc./OU=VeriSign Trust Network/OU=(c) 2006
> VeriSign, Inc. - For authorized use only/CN=VeriSign Class 3 Public
> Primary Certification Authority - G5
> -----BEGIN CERTIFICATE-----
> -----END CERTIFICATE-----
> ---
>
> Now I want to also display root certificate "VeriSign Class 3 Public
> Primary Certification Authority - G5" information, How can I show it?
>
> Thanks!
>
This means the web server did not send it, but expects your
> ---
>
> Now I want to also display root certificate "VeriSign Class 3 Public
> Primary Certification Authority - G5" information, How can I show it?
>
> Thanks!
>
client/browser to find it (by name) in your local root certificates
store, such as /etc/ssl/certs.
Look in that directory for "/C=US/O=VeriSign, Inc./OU=VeriSign Trust
Network/OU=(c) 2006 VeriSign, Inc. - For authorized use
only/CN=VeriSign Class 3 Public Primary Certification Authority - G5"
and dump that filedirectly with
only/CN=VeriSign Class 3 Public Primary Certification Authority - G5"
openssl x509 -text -in /etc/ssl/certs/somefile.pem
Unfortunately no currently released version of s_client knows how to
dump out the constructed verification chain, there is only an option
to dump the server supplied certificates (regardless if those were
used by the client or not). Hopefully some future version will have
options to dump either or both lists.
Enjoy
Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A/S. http://www.wisemo.com
Transformervej 29, 2860 Søborg, Denmark. Direct +45 31 13 16 10
This public discussion message is non-binding and may contain errors.
WiseMo - Remote Service Management for PCs, Phones and Embedded
Salz, Rich
Dec 22, 2014, 10:04:36 AM12/22/14
to
> But in certificate chain, I only get 2 certificates information (I think this two
> are return by website.)
0 new messages