Checking SSL Certificates

An SSL certificate is a small data file that is used to encrypt communication between a web server and a browser. This ensures that the information sent between the server and browser is secure and cannot be viewed by third parties. It’s important to have an SSL certificate on any website that handles personal or financial information.

In this article, we’ll show you how to check if a website has a valid SSL certificate using the OpenSSL command line tool on Linux.

What is OpenSSL?

OpenSSL is an open-source software library used to implement online security protocols like HTTPS, SSL, and TLS. In addition to libraries, OpenSSL also includes a set of command-line tools that can be used to perform various security tasks.

Checking SSL certificates with OpenSSL

To check if a website has a valid SSL certificate, you first need to open a terminal and enter the following command:

openssl s_client -connect <website>:443

In this command, you need to replace <website> with the domain name of the website you want to check.

Once you enter the command, OpenSSL will establish a connection with the web server and return information about the SSL certificate. If the website has a valid SSL certificate, you’ll see a message similar to this:

Certificate chain
0 s: /C=US/ST=California/L=Los Angeles/O=Example Company/CN=www.example.com
i: /C=US/O=Let's Encrypt/CN=Let's Encrypt Authority X3

This means that the website has a valid SSL certificate issued by Let’s Encrypt.

However, if the website doesn’t have a valid SSL certificate, you’ll see an error message like this:

CONNECTED(00000003)
depth=0 CN = localhost.localdomain
verify error:num=18:self signed certificate
verify return:1
depth=0 CN = localhost.localdomain
verify error:num=10:certificate has expired
verify return:1
depth=0 CN = localhost.localdomain
verify error:num=24:invalid CA certificate
verify return:1
depth=0 CN = localhost.localdomain
verify error:num=25:hostname mismatch
verify return:1

This indicates that the SSL certificate for the website is either invalid or untrusted.

Generating and verifying SSL certificates with OpenSSL

OpenSSL can also be used to generate and verify SSL certificates. If you want to generate an SSL certificate for your own website, you can use the following command:

openssl req -x509 -newkey rsa:4096 -nodes -keyout key.pem -out cert.pem -days 365

This command will generate a self-signed SSL certificate that is valid for one year. However, if you want an SSL certificate issued by a trusted certification authority, you’ll need to acquire one.

If you want to verify if an SSL certificate is valid, you can use the following command:

openssl x509 -in cert.pem -text -noout
Security, Systems

Leave a Reply