You want to check that an SSL certificate is valid.

If your system’s certificates are kept in a file (as in Red Hat):

$ openssl ... -CAfile file_of_CA_certificates ...

If they are kept in a directory (as in SuSE):

$ openssl ... -CAdir directory_of_CA_certificates ...

For example, to check the certificate for the secure IMAP server on mail.server.net against the system trusted certificate list on a Red Hat host:

$ openssl s_client -quiet -CAfile /usr/share/ssl/cert.pem \
                          -connect mail.server.net:993

To check the certificate of a secure web site https://www.yoyodyne.com/ from a SuSE host (recall HTTPS runs on port 443):

$ openssl s_client -quiet -CAdir /usr/share/ssl/certs -connect www.yoyodyne.com:443

If you happen to have a certificate in a file cert.pem , and you want to validate it, there is a separate validate command:

$ openssl validate -CA... -in cert.pem

Add -inform der if the certificate is in the binary DER format rather than PEM.

Red Hat 8.0 comes with a set of certificates for some well-known Internet Certifying Authorities in the file /usr/share/ssl/cert.pem. SuSE 8.0 has a similar collection, but it is instead stored in a directory with a particular structure, a sort of hash table implemented using symbolic links. Under SuSE, the directory /usr/share/ssl/certs contains each certificate in a separate file, together with the links.

If the necessary root certificate is present in the given file, along with any necessary ...