Hello, > I'm working on an application that recieves an x509 certificate along > with a request. I want to confirm that the certificate has not been > altered (perhaps to change the "not_after" time). > > Does the following command give this confirmation: > > $ openssl verify -CAfile trusted.cert test.cert Yes, this command performs default certificate verification based on CA certificate. This means that digital signature is checked (which proofs that certificate is not altered) and next some certificate fields are verified (like certificate valid time range).
Best regards, -- Marek Marcola <[EMAIL PROTECTED]> ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
