OpenSSL and certs

I was battling with SSL certificates recently and have two useful command I would like to store in my extended memory (this blog).


a) To ensure that all certificates in a bundle are OK. There should be a clear 'line of trust' in output.

FILENAME=your.domain.crt
openssl crl2pkcs7 -nocrl -certfile $FILENAME | openssl pkcs7 -print_certs -noout

b) To ensure that the EC (Eliptic Curve) key in the csr and the certifciate is equal to the actual signing key run these 3 commands. The public key for each command should be the same.

NAME=your.domain

openssl ec -pubout -in $NAME.key

openssl req -noout -pubkey -in $NAME.csr

openssl x509 -noout -pubkey -in $NAME.crt