# How to verify SSL certificates on the command line?

To validate an SSL certificate you can use one of the following approaches,
depending on the type of the certificate.

## PEM format certificate

If you want to validate the PEM format certificate, run the following command:

```bash
openssl verify cert.pem
```

## CA bundle

If your CA bundle is a file containing additional intermediate certificates in
the PEM format, you can use the following command:

```bash
openssl verify -untrusted ca-bundle cert.pem
```

If your `openssl` isn't set up to automatically use an installed set of root
certificates (e.g. in `/etc/ssl/certs`), you can use `CApath` or `CAfile` to
specify the CA.

[ad-uptime]