To verify an SSL certificate under OpenSSL, you can use the openssl verify command. This command checks the certificate against a trusted certificate authority (CA) and verifies that it is valid.
Here is the basic syntax of the openssl verify command:
openssl verify -CApath <path to CA certificates> <certificate file>
For example, to verify an SSL certificate stored in the file cert.pem, you can use the following command:
openssl verify -CApath /etc/ssl/certs cert.pem
This command will check the certificate against the trusted CA certificates stored in the /etc/ssl/certs directory.
If the certificate is valid, the command will return cert.pem: OK. If there is a problem with the certificate, such as it has expired or the CA is not trusted, the command will return an error message.
You can also specify a specific CA certificate to use for verification using the -CAfile option instead of -CApath.