Find if a certificate is self signed or CA signed

Nishan picture Nishan · Apr 25, 2012 · Viewed 40.5k times · Source

I have a web app, which allows user to upload pkcs12. I store the pkcs12 as binary in database. Is there any way for me to know if the certificate in the pkcs12 is self signed or CA signed?

I am running a Java web app on tomcat and have openssl at my disposal.

Answer

NitinB picture NitinB · Jan 25, 2013

Following email thread precisely tells the right way to verify if the base64 encoded certificate (i.e. PEM) is self signed or not: http://marc.info/?l=openssl-users&m=116177485311662&w=4

Following is the code snippet:

openssl verify -CAfile self_signed_cert.pem self_signed_cert.pem

should return:

self_signed_cert.pem: OK

OR compare the issuer and subject. If they are same, it is self signed

openssl x509 -in cert.pem -inform PEM -noout -subject -issuer