Checking an Certificate Chain

Use the following one liner to check the a certificate chain in detail:

openssl crl2pkcs7 -nocrl -certfile chained.crt | openssl pkcs7 -print_certs -text -noout | less

Use this command to produce a simple list of the chain in order:

echo "" | openssl s_client -connect www.google.com:443 2>&1 | grep -A 6 "Certificate chain"

#If your testing a local server which is listening on the same port for different headers use this:
echo "" | openssl s_client -connect 172.217.169.4:443 -servername www.google.com 2>&1 | grep -A 6 "Certificate chain"

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.