How to verify SSL certificates on the command line?

Better Stack Team
Updated on May 4, 2022

To validate an SSL certificate you can use one of the following approaches, depending on the type of the certificate.

PEM format certificate

If you want to validate the PEM format certificate, run the following command:

openssl verify cert.pem

CA bundle

If your CA bundle is a file containing additional intermediate certificates in the PEM format, you can use the following command:

openssl verify -untrusted ca-bundle cert.pem

If your openssl isn't set up to automatically use an installed set of root certificates (e.g. in /etc/ssl/certs), you can use CApath or CAfile to specify the CA.

Got an article suggestion? Let us know
Explore more
Licensed under CC-BY-NC-SA

This work is licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License.

We are hiring.

Software is our way of making the world a tiny bit better. We build tools for the makers of tomorrow.

Explore all positions →

Reliability is the
ultimate feature

Delightful observability tools that turn your logs & monitoring into a secret weapon for shipping better software faster.

Explore Better Stack