How to verify certificate using OpenSSL commands in Linux?

messi62

If you manage a website or server, making sure your SSL certificate is valid and configured correctly is a top priority. One way to do this is with OpenSSL, a popular open-source cryptographic utility.

You can use OpenSSL to check the expiration date, issuer, and subject of a certificate. In this article, we will show you how to verify a certificate using OpenSSL commands in Linux. If you are a web developer, system administrator, or just interested in SSL, this tutorial will give you the exact steps and command lines to verify certificates using OpenSSL.

Table of contents

How to check OpenSSL version?
How to view full certificate information
Viewing the SSL certificate itself (encoded)
Check if the key matches the certificate
Check who issued the SSL certificate
Check who the SSL certificate was issued to
Checking the validity of an SSL certificate in Linux
Display all the above information about the SSL certificate
How to check OpenSSL version?
Most Linux systems come with OpenSSL mobile app development service pre-installed, but it's best to make sure you have the latest version that works. You can check your OpenSSL version by running the following command:

Версия openssl -a

Check your OpenSSL version


If you have applied for an SSL certificate and installed it on your server , you should already know its location and file names.

How to view full certificate information
You can use OpenSSL to check the validity of a certificate, its issuer, and its subject individually or in one go. Make sure you have access to the server and an SSH terminal.



OpenSSL provides a rich set of commands for creating, installing, and managing certificates. To check the details of a specific certificate, run the following command:

openssl x509 -in /root/mycertificate.crt -text -noout

Use this OpenSSL command to check the certificate's expiration date, subject, issuer, key data, and signature algorithm. Here's what you should see:

View full certificate information
Viewing the SSL certificate itself (encoded)
OpenSSL allows you to view the SSL certificate in its original encoded format. Run the following command to display it:



View SSL Certificate
Check if the key matches the certificate
To check if the public and private keys match , you need to extract the public key from each file and generate a hash output for it. All three files should have the same public key and the same hash value. Here's how to use OpenSSL to verify certificates and keys.