1VERIFY(1) OpenSSL VERIFY(1)
2
6 verify - Utility to verify certificates.
7
9 openssl verify [-CApath directory] [-CAfile file] [-trusted_first]
10 [-purpose purpose] [-policy arg] [-ignore_critical] [-crl_check]
11 [-crl_check_all] [-policy_check] [-explicit_policy] [-inhibit_any]
12 [-inhibit_map] [-x509_strict] [-extended_crl] [-use_deltas]
13 [-policy_print] [-untrusted file] [-help] [-issuer_checks] [-attime
14 timestamp] [-verbose] [-] [certificates]
15
17 The verify command verifies certificate chains.
18
20 -CApath directory
21 A directory of trusted certificates. The certificates should have
22 names of the form: hash.0 or have symbolic links to them of this
23 form ("hash" is the hashed certificate subject name: see the -hash
24 option of the x509 utility). Under Unix the c_rehash script will
25 automatically create symbolic links to a directory of certificates.
26 -CAfile file
28 A file of trusted certificates. The file should contain multiple
29 certificates in PEM format concatenated together.
30 -untrusted file
32 A file of untrusted certificates. The file should contain multiple
33 certificates in PEM format concatenated together.
34 -trusted_first
36 Use certificates in CA file or CA directory before the certificates
37 in the untrusted file when building the trust chain to verify
38 certificates. This is mainly useful in environments with Bridge CA
39 or Cross-Certified CAs.
40 -purpose purpose
42 The intended use for the certificate. If this option is not
43 specified, verify will not consider certificate purpose during
44 chain verification. Currently accepted uses are sslclient,
45 sslserver, nssslserver, smimesign, smimeencrypt. See the VERIFY
46 OPERATION section for more information.
47 -help
49 Print out a usage message.
50 -verbose
52 Print extra information about the operations being performed.
53 -issuer_checks
55 Print out diagnostics relating to searches for the issuer
56 certificate of the current certificate. This shows why each
57 candidate issuer certificate was rejected. The presence of
58 rejection messages does not itself imply that anything is wrong;
59 during the normal verification process, several rejections may take
60 place.
61 -attime timestamp
63 Perform validation checks using the time specified by timestamp and
64 not the current system time. timestamp is the number of seconds
65 since 01.01.1970 (UNIX time).
66 -policy arg
68 Enable policy processing and add arg to the user-initial-policy-set
69 (see RFC5280). The policy arg can be an object name an OID in
70 numeric form. This argument can appear more than once.
71 -policy_check
73 Enables certificate policy processing.
74 -explicit_policy
76 Set policy variable require-explicit-policy (see RFC5280).
77 -inhibit_any
79 Set policy variable inhibit-any-policy (see RFC5280).
80 -inhibit_map
82 Set policy variable inhibit-policy-mapping (see RFC5280).
83 -policy_print
85 Print out diagnostics related to policy processing.
86 -crl_check
88 Checks end entity certificate validity by attempting to look up a
89 valid CRL. If a valid CRL cannot be found an error occurs.
90 -crl_check_all
92 Checks the validity of all certificates in the chain by attempting
93 to look up valid CRLs.
94 -ignore_critical
96 Normally if an unhandled critical extension is present which is not
97 supported by OpenSSL the certificate is rejected (as required by
98 RFC5280). If this option is set critical extensions are ignored.
99 -x509_strict
101 For strict X.509 compliance, disable non-compliant workarounds for
102 broken certificates.
103 -extended_crl
105 Enable extended CRL features such as indirect CRLs and alternate
106 CRL signing keys.
107 -use_deltas
109 Enable support for delta CRLs.
110 -check_ss_sig
112 Verify the signature on the self-signed root CA. This is disabled
113 by default because it doesn't add any security.
114 - Indicates the last option. All arguments following this are assumed
116 to be certificate files. This is useful if the first certificate
117 filename begins with a -.
118 certificates
120 One or more certificates to verify. If no certificates are given,
121 verify will attempt to read a certificate from standard input.
122 Certificates must be in PEM format.
123
125 The verify program uses the same functions as the internal SSL and
126 S/MIME verification, therefore this description applies to these verify
127 operations too.
128 There is one crucial difference between the verify operations performed
130 by the verify program: wherever possible an attempt is made to continue
131 after an error whereas normally the verify operation would halt on the
132 first error. This allows all the problems with a certificate chain to
133 be determined.
134 The verify operation consists of a number of separate steps.
136 Firstly a certificate chain is built up starting from the supplied
138 certificate and ending in the root CA. It is an error if the whole
139 chain cannot be built up. The chain is built up by looking up the
140 issuers certificate of the current certificate. If a certificate is
141 found which is its own issuer it is assumed to be the root CA.
142 The process of 'looking up the issuers certificate' itself involves a
144 number of steps. In versions of OpenSSL before 0.9.5a the first
145 certificate whose subject name matched the issuer of the current
146 certificate was assumed to be the issuers certificate. In OpenSSL 0.9.6
147 and later all certificates whose subject name matches the issuer name
148 of the current certificate are subject to further tests. The relevant
149 authority key identifier components of the current certificate (if
150 present) must match the subject key identifier (if present) and issuer
151 and serial number of the candidate issuer, in addition the keyUsage
152 extension of the candidate issuer (if present) must permit certificate
153 signing.
154 The lookup first looks in the list of untrusted certificates and if no
156 match is found the remaining lookups are from the trusted certificates.
157 The root CA is always looked up in the trusted certificate list: if the
158 certificate to verify is a root certificate then an exact match must be
159 found in the trusted list.
160 The second operation is to check every untrusted certificate's
162 extensions for consistency with the supplied purpose. If the -purpose
163 option is not included then no checks are done. The supplied or "leaf"
164 certificate must have extensions compatible with the supplied purpose
165 and all other certificates must also be valid CA certificates. The
166 precise extensions required are described in more detail in the
167 CERTIFICATE EXTENSIONS section of the x509 utility.
168 The third operation is to check the trust settings on the root CA. The
170 root CA should be trusted for the supplied purpose. For compatibility
171 with previous versions of SSLeay and OpenSSL a certificate with no
172 trust settings is considered to be valid for all purposes.
173 The final operation is to check the validity of the certificate chain.
175 The validity period is checked against the current system time and the
176 notBefore and notAfter dates in the certificate. The certificate
177 signatures are also checked at this point.
178 If all operations complete successfully then certificate is considered
180 valid. If any operation fails then the certificate is not valid.
181
183 When a verify operation fails the output messages can be somewhat
184 cryptic. The general form of the error message is:
185 server.pem: /C=AU/ST=Queensland/O=CryptSoft Pty Ltd/CN=Test CA (1024 bit)
187 error 24 at 1 depth lookup:invalid CA certificate
188 The first line contains the name of the certificate being verified
190 followed by the subject name of the certificate. The second line
191 contains the error number and the depth. The depth is number of the
192 certificate being verified when a problem was detected starting with
193 zero for the certificate being verified itself then 1 for the CA that
194 signed the certificate and so on. Finally a text version of the error
195 number is presented.
196 An exhaustive list of the error codes and messages is shown below, this
198 also includes the name of the error code as defined in the header file
199 x509_vfy.h Some of the error codes are defined but never returned:
200 these are described as "unused".
201 0 X509_V_OK: ok
203 the operation was successful.
204 2 X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT: unable to get issuer
206 certificate
207 the issuer certificate of a looked up certificate could not be
208 found. This normally means the list of trusted certificates is not
209 complete.
210 3 X509_V_ERR_UNABLE_TO_GET_CRL: unable to get certificate CRL
212 the CRL of a certificate could not be found.
213 4 X509_V_ERR_UNABLE_TO_DECRYPT_CERT_SIGNATURE: unable to decrypt
215 certificate's signature
216 the certificate signature could not be decrypted. This means that
217 the actual signature value could not be determined rather than it
218 not matching the expected value, this is only meaningful for RSA
219 keys.
220 5 X509_V_ERR_UNABLE_TO_DECRYPT_CRL_SIGNATURE: unable to decrypt CRL's
222 signature
223 the CRL signature could not be decrypted: this means that the
224 actual signature value could not be determined rather than it not
225 matching the expected value. Unused.
226 6 X509_V_ERR_UNABLE_TO_DECODE_ISSUER_PUBLIC_KEY: unable to decode
228 issuer public key
229 the public key in the certificate SubjectPublicKeyInfo could not be
230 read.
231 7 X509_V_ERR_CERT_SIGNATURE_FAILURE: certificate signature failure
233 the signature of the certificate is invalid.
234 8 X509_V_ERR_CRL_SIGNATURE_FAILURE: CRL signature failure
236 the signature of the certificate is invalid.
237 9 X509_V_ERR_CERT_NOT_YET_VALID: certificate is not yet valid
239 the certificate is not yet valid: the notBefore date is after the
240 current time.
241 10 X509_V_ERR_CERT_HAS_EXPIRED: certificate has expired
243 the certificate has expired: that is the notAfter date is before
244 the current time.
245 11 X509_V_ERR_CRL_NOT_YET_VALID: CRL is not yet valid
247 the CRL is not yet valid.
248 12 X509_V_ERR_CRL_HAS_EXPIRED: CRL has expired
250 the CRL has expired.
251 13 X509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD: format error in
253 certificate's notBefore field
254 the certificate notBefore field contains an invalid time.
255 14 X509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD: format error in
257 certificate's notAfter field
258 the certificate notAfter field contains an invalid time.
259 15 X509_V_ERR_ERROR_IN_CRL_LAST_UPDATE_FIELD: format error in CRL's
261 lastUpdate field
262 the CRL lastUpdate field contains an invalid time.
263 16 X509_V_ERR_ERROR_IN_CRL_NEXT_UPDATE_FIELD: format error in CRL's
265 nextUpdate field
266 the CRL nextUpdate field contains an invalid time.
267 17 X509_V_ERR_OUT_OF_MEM: out of memory
269 an error occurred trying to allocate memory. This should never
270 happen.
271 18 X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT: self signed certificate
273 the passed certificate is self signed and the same certificate
274 cannot be found in the list of trusted certificates.
275 19 X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN: self signed certificate in
277 certificate chain
278 the certificate chain could be built up using the untrusted
279 certificates but the root could not be found locally.
280 20 X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY: unable to get local
282 issuer certificate
283 the issuer certificate could not be found: this occurs if the
284 issuer certificate of an untrusted certificate cannot be found.
285 21 X509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE: unable to verify the
287 first certificate
288 no signatures could be verified because the chain contains only one
289 certificate and it is not self signed.
290 22 X509_V_ERR_CERT_CHAIN_TOO_LONG: certificate chain too long
292 the certificate chain length is greater than the supplied maximum
293 depth. Unused.
294 23 X509_V_ERR_CERT_REVOKED: certificate revoked
296 the certificate has been revoked.
297 24 X509_V_ERR_INVALID_CA: invalid CA certificate
299 a CA certificate is invalid. Either it is not a CA or its
300 extensions are not consistent with the supplied purpose.
301 25 X509_V_ERR_PATH_LENGTH_EXCEEDED: path length constraint exceeded
303 the basicConstraints pathlength parameter has been exceeded.
304 26 X509_V_ERR_INVALID_PURPOSE: unsupported certificate purpose
306 the supplied certificate cannot be used for the specified purpose.
307 27 X509_V_ERR_CERT_UNTRUSTED: certificate not trusted
309 the root CA is not marked as trusted for the specified purpose.
310 28 X509_V_ERR_CERT_REJECTED: certificate rejected
312 the root CA is marked to reject the specified purpose.
313 29 X509_V_ERR_SUBJECT_ISSUER_MISMATCH: subject issuer mismatch
315 the current candidate issuer certificate was rejected because its
316 subject name did not match the issuer name of the current
317 certificate. Only displayed when the -issuer_checks option is set.
318 30 X509_V_ERR_AKID_SKID_MISMATCH: authority and subject key identifier
320 mismatch
321 the current candidate issuer certificate was rejected because its
322 subject key identifier was present and did not match the authority
323 key identifier current certificate. Only displayed when the
324 -issuer_checks option is set.
325 31 X509_V_ERR_AKID_ISSUER_SERIAL_MISMATCH: authority and issuer serial
327 number mismatch
328 the current candidate issuer certificate was rejected because its
329 issuer name and serial number was present and did not match the
330 authority key identifier of the current certificate. Only displayed
331 when the -issuer_checks option is set.
332 32 X509_V_ERR_KEYUSAGE_NO_CERTSIGN:key usage does not include
334 certificate signing
335 the current candidate issuer certificate was rejected because its
336 keyUsage extension does not permit certificate signing.
337 50 X509_V_ERR_APPLICATION_VERIFICATION: application verification
339 failure
340 an application specific error. Unused.
341
343 Although the issuer checks are a considerably improvement over the old
344 technique they still suffer from limitations in the underlying
345 X509_LOOKUP API. One consequence of this is that trusted certificates
346 with matching subject name must either appear in a file (as specified
347 by the -CAfile option) or a directory (as specified by -CApath. If they
348 occur in both then only the certificates in the file will be
349 recognised.
350 Previous versions of OpenSSL assume certificates with matching subject
352 name are identical and mishandled them.
353 Previous versions of this documentation swapped the meaning of the
355 X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT and 20
356 X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY error codes.
357
359 x509(1)
3601.0.1e 2017-03-22 VERIFY(1)