[SOLVED] pki

lelunicu · 01-17-2020, 03:40 AM

hi,
is the command to verify that a certificate or private key is corrupted?

berndbausch · 01-17-2020, 05:44 AM

If the certificate is signed by a real CA, you can verify its signature chain. E.g. https://www.linuxquestions.org/quest...-chain-929960/.

A few suggestions of checking a private/public keypair (which is not the same as just the private key): https://stackoverflow.com/questions/...te-dsa-keypair

lelunicu · 01-17-2020, 07:30 AM

if my certificate is signed by an intermediate certificate and this by an CA then when my certificate is verified then is verified in chain the intermediate certificate and CA certificate?

berndbausch · 01-17-2020, 07:45 AM

You can check your CA's certificate against the next higher certificate, and so on.

Perhaps it's also possible to copy the entire CA trust chain into one file and check that. Try it

lelunicu · 01-17-2020, 08:36 AM

when is using an certificate then all the upper certificates until CA root certificate are checked authomatically by the application?

sevendogsbsd · 01-17-2020, 08:45 AM

Depends on the application. For a browser, yes, normally. I don't understand your original question OP - are you worried about file corruption or what?

lelunicu · 01-17-2020, 09:19 AM

just asked because if a certificate is corrupted maybe the tls channel will not be setup thus no data will travel encrypted over this channelright?

sevendogsbsd · 01-17-2020, 09:53 AM

If a certificate is corrupted, you would probably either not be able to install it or the web server would not start, if it is a web server certificate.

lelunicu · 01-20-2020, 03:17 AM

the web server before starting verify the certificates?
CA signature is inside the intermediate certificate.right?