Verify ssl certificate chain using openssl

Verify ssl certificate chain using openssl

SSL Certificates ‘usually’ work and show ‘green’ in  browsers,    even if the full certificate chain is not correctly configured in apache.

You can use tools such as SSL Labs (link) or run a PCI ASV check on your site to find out if you are compliant,  but a quicker way to do it is using openssl from the command link.

Using this command you can quickly verify your SSL Certificate and Certificate chain from you linux command line using openssl

openssl s_client -showcerts -connect mydomain.com:443

If you receive a line,  ‘Verify return code: 0 ‘ at the end of the long out put,  your chain is working,  however you might receive an error 27 if it is not configured correctly.

In order to configure it correctly you will like need an line in your apache conf file

 SSLCACertificateFile <yourCAfilename>

In addition to the files which list your Key and Cert file

SSLCertificateFile <yourcertfilename>
SSLCertificateKeyFile <yourkeyfilename>