Find if a certificate is self signed or CA signed

java openssl ssl-certificate pki
Nishan picture Nishan · Apr 25, 2012 · Viewed 40.5k times · Source

I have a web app, which allows user to upload pkcs12. I store the pkcs12 as binary in database. Is there any way for me to know if the certificate in the pkcs12 is self signed or CA signed?

I am running a Java web app on tomcat and have openssl at my disposal.

Answer

NitinB picture NitinB · Jan 25, 2013

Following email thread precisely tells the right way to verify if the base64 encoded certificate (i.e. PEM) is self signed or not: http://marc.info/?l=openssl-users&m=116177485311662&w=4

Following is the code snippet:

openssl verify -CAfile self_signed_cert.pem self_signed_cert.pem

should return:

self_signed_cert.pem: OK

OR compare the issuer and subject. If they are same, it is self signed

openssl x509 -in cert.pem -inform PEM -noout -subject -issuer

Related questions

Converting a Java Keystore into PEM Format

I am trying to convert from a Java keystore file into a PEM file using keytool and openssl applicactions. But I could not find a good way to do the conversion. Any ideas? Instead of converting the keystore directly into …

Read More
How to read .pem file to get private and public key

I am writing a small piece of code which reads public and private key stored in .pem file. I am using the following commands to generate the keys. Below command to generate pair of key. $openssl genrsa -out mykey.pem 2048 …

Read More
Load RSA public key from file

I've generated a private key with: openssl genrsa [-out file] –des3 After this I've generated a public key with: openssl rsa –pubout -in private.key [-out file] I want to sign some messages with my private key, and verify some …

Read More