How to verify SSL certificates on the command line?

Better Stack Team
Updated on October 5, 2023

To validate an SSL certificate you can use one of the following approaches, depending on the type of the certificate.

PEM format certificate

If you want to validate the PEM format certificate, run the following command:

openssl verify cert.pem

CA bundle

If your CA bundle is a file containing additional intermediate certificates in the PEM format, you can use the following command:

openssl verify -untrusted ca-bundle cert.pem

If your openssl isn't set up to automatically use an installed set of root certificates (e.g. in /etc/ssl/certs), you can use CApath or CAfile to specify the CA.

Make your mark

Join the writer's program

Are you a developer and love writing and sharing your knowledge with the world? Join our guest writing program and get paid for writing amazing technical guides. We'll get them to the right readers that will appreciate them.

Write for us
Writer of the month
Marin Bezhanov
Marin is a software engineer and architect with a broad range of experience working...
Build on top of Better Stack

Write a script, app or project on top of Better Stack and share it with the world. Make a public repository and share it with us at our email.

or submit a pull request and help us build better products for everyone.

See the full list of amazing projects on github