openssl-verify 命令

常用示例

说明

openssl verify verifies certificate chains against trusted CAs. It checks signatures, validity periods, and trust chains. Returns exit status 0 on successful verification.

参数

-CAfile _file_

CA certificate file for trusted root certificates.

-CApath _dir_

Directory of CA certificates (hashed filenames).

-CAstore _uri_

URI for trusted CA certificate store.

-untrusted _file_

File containing untrusted intermediate certificates.

-partial_chain

Allow verification to succeed with incomplete chain if any certificate in the chain is trusted.

-verbose

Print extra information about verification operations.

-show_chain

Display information about the certificate chain built during verification.

-x509_strict

Strict X.509 compliance checking (disables non-compliant workarounds).

-attime _timestamp_

Verify at specified time (seconds since epoch) instead of current time.

-no_check_time

Suppress checking validity period of certificates and CRLs.

-purpose _purpose_

Certificate purpose (sslclient, sslserver, smimesign, smimeencrypt, etc.).

-CRLfile _file_

File containing CRLs in PEM format for revocation checking.

-crl_download

Attempt to download CRL information for certificates.

-crl_check

Check end entity certificate against CRL.

-crl_check_all

Check all certificates in chain against CRL.

-check_ss_sig

Verify the signature on the self-signed root CA (disabled by default).