Friday, June 20, 2008

Openssl check if certificate chain is available from web server

Sometime you SSL provider maybe change the certificate chain for certificates you get from them. GoDaddy has changed in the last year, and a few years ago Network Solutions had changed because of a renewal date. When you get a SSL certificate from a provider you are often given the option to get the certificate chain. This is so that your web servers can make available to visiting clients the root and intermediate certificates so that the visiting client can confirm if the certificates are trusted.

using the following openssl command line will display the certificate depth, you want greater then 0, as well as the certificates.
openssl s_client -connect server:port -showcerts

Hope this help someone.

2 comments:

me said...

do you have instructions on how to install the intermediate ssl certificate on big-ip? i'm using version 9.1.1.

me said...

do you have instructions on how to install the intermediate ssl certificate on big-ip? i'm using version 9.1.1.