5 verify - Utility to verify certificates.
10 [B<-CApath directory>]
35 The B<verify> command verifies certificate chains.
37 =head1 COMMAND OPTIONS
41 =item B<-CApath directory>
43 A directory of trusted certificates. The certificates should have names
44 of the form: hash.0 or have symbolic links to them of this
45 form ("hash" is the hashed certificate subject name: see the B<-hash> option
46 of the B<x509> utility). Under Unix the B<c_rehash> script will automatically
47 create symbolic links to a directory of certificates.
51 A file of trusted certificates. The file should contain multiple certificates
52 in PEM format concatenated together.
54 =item B<-untrusted file>
56 A file of untrusted certificates. The file should contain multiple certificates
58 =item B<-purpose purpose>
60 the intended use for the certificate. Without this option no chain verification
61 will be done. Currently accepted uses are B<sslclient>, B<sslserver>,
62 B<nssslserver>, B<smimesign>, B<smimeencrypt>. See the B<VERIFY OPERATION>
63 section for more information.
67 prints out a usage message.
71 print extra information about the operations being performed.
73 =item B<-issuer_checks>
75 print out diagnostics relating to searches for the issuer certificate
76 of the current certificate. This shows why each candidate issuer
77 certificate was rejected. However the presence of rejection messages
78 does not itself imply that anything is wrong: during the normal
79 verify process several rejections may take place.
83 Enable policy processing and add B<arg> to the user-initial-policy-set
84 (see RFC3280 et al). The policy B<arg> can be an object name an OID in numeric
85 form. This argument can appear more than once.
87 =item B<-policy_check>
89 Enables certificate policy processing.
91 =item B<-explicit_policy>
93 Set policy variable require-explicit-policy (see RFC3280 et al).
97 Set policy variable inhibit-any-policy (see RFC3280 et al).
101 Set policy variable inhibit-policy-mapping (see RFC3280 et al).
103 =item B<-policy_print>
105 Print out diagnostics, related to policy checking
109 Checks end entity certificate validity by attempting to lookup a valid CRL.
110 If a valid CRL cannot be found an error occurs.
112 =item B<-crl_check_all>
114 Checks the validity of B<all> certificates in the chain by attempting
115 to lookup valid CRLs.
117 =item B<-ignore_critical>
119 Normally if an unhandled critical extension is present which is not
120 supported by OpenSSL the certificate is rejected (as required by
121 RFC3280 et al). If this option is set critical extensions are
124 =item B<-x509_strict>
126 Disable workarounds for broken certificates which have to be disabled
127 for strict X.509 compliance.
129 =item B<-extended_crl>
131 Enable extended CRL features such as indirect CRLs and alternate CRL
136 Enable support for delta CRLs.
140 marks the last option. All arguments following this are assumed to be
141 certificate files. This is useful if the first certificate filename begins
144 =item B<certificates>
146 one or more certificates to verify. If no certificate filenames are included
147 then an attempt is made to read a certificate from standard input. They should
148 all be in PEM format.
153 =head1 VERIFY OPERATION
155 The B<verify> program uses the same functions as the internal SSL and S/MIME
156 verification, therefore this description applies to these verify operations
159 There is one crucial difference between the verify operations performed
160 by the B<verify> program: wherever possible an attempt is made to continue
161 after an error whereas normally the verify operation would halt on the
162 first error. This allows all the problems with a certificate chain to be
165 The verify operation consists of a number of separate steps.
167 Firstly a certificate chain is built up starting from the supplied certificate
168 and ending in the root CA. It is an error if the whole chain cannot be built
169 up. The chain is built up by looking up the issuers certificate of the current
170 certificate. If a certificate is found which is its own issuer it is assumed
173 The process of 'looking up the issuers certificate' itself involves a number
174 of steps. In versions of OpenSSL before 0.9.5a the first certificate whose
175 subject name matched the issuer of the current certificate was assumed to be
176 the issuers certificate. In OpenSSL 0.9.6 and later all certificates
177 whose subject name matches the issuer name of the current certificate are
178 subject to further tests. The relevant authority key identifier components
179 of the current certificate (if present) must match the subject key identifier
180 (if present) and issuer and serial number of the candidate issuer, in addition
181 the keyUsage extension of the candidate issuer (if present) must permit
184 The lookup first looks in the list of untrusted certificates and if no match
185 is found the remaining lookups are from the trusted certificates. The root CA
186 is always looked up in the trusted certificate list: if the certificate to
187 verify is a root certificate then an exact match must be found in the trusted
190 The second operation is to check every untrusted certificate's extensions for
191 consistency with the supplied purpose. If the B<-purpose> option is not included
192 then no checks are done. The supplied or "leaf" certificate must have extensions
193 compatible with the supplied purpose and all other certificates must also be valid
194 CA certificates. The precise extensions required are described in more detail in
195 the B<CERTIFICATE EXTENSIONS> section of the B<x509> utility.
197 The third operation is to check the trust settings on the root CA. The root
198 CA should be trusted for the supplied purpose. For compatibility with previous
199 versions of SSLeay and OpenSSL a certificate with no trust settings is considered
200 to be valid for all purposes.
202 The final operation is to check the validity of the certificate chain. The validity
203 period is checked against the current system time and the notBefore and notAfter
204 dates in the certificate. The certificate signatures are also checked at this
207 If all operations complete successfully then certificate is considered valid. If
208 any operation fails then the certificate is not valid.
212 When a verify operation fails the output messages can be somewhat cryptic. The
213 general form of the error message is:
215 server.pem: /C=AU/ST=Queensland/O=CryptSoft Pty Ltd/CN=Test CA (1024 bit)
216 error 24 at 1 depth lookup:invalid CA certificate
218 The first line contains the name of the certificate being verified followed by
219 the subject name of the certificate. The second line contains the error number
220 and the depth. The depth is number of the certificate being verified when a
221 problem was detected starting with zero for the certificate being verified itself
222 then 1 for the CA that signed the certificate and so on. Finally a text version
223 of the error number is presented.
225 An exhaustive list of the error codes and messages is shown below, this also
226 includes the name of the error code as defined in the header file x509_vfy.h
227 Some of the error codes are defined but never returned: these are described
232 =item B<0 X509_V_OK: ok>
234 the operation was successful.
236 =item B<2 X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT: unable to get issuer certificate>
238 the issuer certificate could not be found: this occurs if the issuer certificate
239 of an untrusted certificate cannot be found.
241 =item B<3 X509_V_ERR_UNABLE_TO_GET_CRL: unable to get certificate CRL>
243 the CRL of a certificate could not be found.
245 =item B<4 X509_V_ERR_UNABLE_TO_DECRYPT_CERT_SIGNATURE: unable to decrypt certificate's signature>
247 the certificate signature could not be decrypted. This means that the actual signature value
248 could not be determined rather than it not matching the expected value, this is only
249 meaningful for RSA keys.
251 =item B<5 X509_V_ERR_UNABLE_TO_DECRYPT_CRL_SIGNATURE: unable to decrypt CRL's signature>
253 the CRL signature could not be decrypted: this means that the actual signature value
254 could not be determined rather than it not matching the expected value. Unused.
256 =item B<6 X509_V_ERR_UNABLE_TO_DECODE_ISSUER_PUBLIC_KEY: unable to decode issuer public key>
258 the public key in the certificate SubjectPublicKeyInfo could not be read.
260 =item B<7 X509_V_ERR_CERT_SIGNATURE_FAILURE: certificate signature failure>
262 the signature of the certificate is invalid.
264 =item B<8 X509_V_ERR_CRL_SIGNATURE_FAILURE: CRL signature failure>
266 the signature of the certificate is invalid.
268 =item B<9 X509_V_ERR_CERT_NOT_YET_VALID: certificate is not yet valid>
270 the certificate is not yet valid: the notBefore date is after the current time.
272 =item B<10 X509_V_ERR_CERT_HAS_EXPIRED: certificate has expired>
274 the certificate has expired: that is the notAfter date is before the current time.
276 =item B<11 X509_V_ERR_CRL_NOT_YET_VALID: CRL is not yet valid>
278 the CRL is not yet valid.
280 =item B<12 X509_V_ERR_CRL_HAS_EXPIRED: CRL has expired>
284 =item B<13 X509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD: format error in certificate's notBefore field>
286 the certificate notBefore field contains an invalid time.
288 =item B<14 X509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD: format error in certificate's notAfter field>
290 the certificate notAfter field contains an invalid time.
292 =item B<15 X509_V_ERR_ERROR_IN_CRL_LAST_UPDATE_FIELD: format error in CRL's lastUpdate field>
294 the CRL lastUpdate field contains an invalid time.
296 =item B<16 X509_V_ERR_ERROR_IN_CRL_NEXT_UPDATE_FIELD: format error in CRL's nextUpdate field>
298 the CRL nextUpdate field contains an invalid time.
300 =item B<17 X509_V_ERR_OUT_OF_MEM: out of memory>
302 an error occurred trying to allocate memory. This should never happen.
304 =item B<18 X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT: self signed certificate>
306 the passed certificate is self signed and the same certificate cannot be found in the list of
307 trusted certificates.
309 =item B<19 X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN: self signed certificate in certificate chain>
311 the certificate chain could be built up using the untrusted certificates but the root could not
314 =item B<20 X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY: unable to get local issuer certificate>
316 the issuer certificate of a locally looked up certificate could not be found. This normally means
317 the list of trusted certificates is not complete.
319 =item B<21 X509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE: unable to verify the first certificate>
321 no signatures could be verified because the chain contains only one certificate and it is not
324 =item B<22 X509_V_ERR_CERT_CHAIN_TOO_LONG: certificate chain too long>
326 the certificate chain length is greater than the supplied maximum depth. Unused.
328 =item B<23 X509_V_ERR_CERT_REVOKED: certificate revoked>
330 the certificate has been revoked.
332 =item B<24 X509_V_ERR_INVALID_CA: invalid CA certificate>
334 a CA certificate is invalid. Either it is not a CA or its extensions are not consistent
335 with the supplied purpose.
337 =item B<25 X509_V_ERR_PATH_LENGTH_EXCEEDED: path length constraint exceeded>
339 the basicConstraints pathlength parameter has been exceeded.
341 =item B<26 X509_V_ERR_INVALID_PURPOSE: unsupported certificate purpose>
343 the supplied certificate cannot be used for the specified purpose.
345 =item B<27 X509_V_ERR_CERT_UNTRUSTED: certificate not trusted>
347 the root CA is not marked as trusted for the specified purpose.
349 =item B<28 X509_V_ERR_CERT_REJECTED: certificate rejected>
351 the root CA is marked to reject the specified purpose.
353 =item B<29 X509_V_ERR_SUBJECT_ISSUER_MISMATCH: subject issuer mismatch>
355 the current candidate issuer certificate was rejected because its subject name
356 did not match the issuer name of the current certificate. Only displayed when
357 the B<-issuer_checks> option is set.
359 =item B<30 X509_V_ERR_AKID_SKID_MISMATCH: authority and subject key identifier mismatch>
361 the current candidate issuer certificate was rejected because its subject key
362 identifier was present and did not match the authority key identifier current
363 certificate. Only displayed when the B<-issuer_checks> option is set.
365 =item B<31 X509_V_ERR_AKID_ISSUER_SERIAL_MISMATCH: authority and issuer serial number mismatch>
367 the current candidate issuer certificate was rejected because its issuer name
368 and serial number was present and did not match the authority key identifier
369 of the current certificate. Only displayed when the B<-issuer_checks> option is set.
371 =item B<32 X509_V_ERR_KEYUSAGE_NO_CERTSIGN:key usage does not include certificate signing>
373 the current candidate issuer certificate was rejected because its keyUsage extension
374 does not permit certificate signing.
376 =item B<50 X509_V_ERR_APPLICATION_VERIFICATION: application verification failure>
378 an application specific error. Unused.
384 Although the issuer checks are a considerably improvement over the old technique they still
385 suffer from limitations in the underlying X509_LOOKUP API. One consequence of this is that
386 trusted certificates with matching subject name must either appear in a file (as specified by the
387 B<-CAfile> option) or a directory (as specified by B<-CApath>. If they occur in both then only
388 the certificates in the file will be recognised.
390 Previous versions of OpenSSL assume certificates with matching subject name are identical and