libspdm icon indicating copy to clipboard operation
libspdm copied to clipboard
verified publisher icon DMTF

Is there a script that uses openssl to verify the certificates in the certificate chain or some tool?

Open PrakashK94 opened this issue 1 year ago • 4 comments

PrakashK94 avatar Sep 04 '24 11:09 PrakashK94

openssl verify will verify / validate a certificate chain. I have also thought that https://github.com/DMTF/SPDM-Responder-Validator should have a standalone SPDM certificate chain validation tool, so that folks can validate their certificate chains to the SPDM specification without having to construct a full Responder.

steven-bellock avatar Sep 04 '24 12:09 steven-bellock

Any other tool available? Have you ever verified it using openssl verify tool? Can you share an example?

PrakashK94 avatar Sep 04 '24 17:09 PrakashK94

Any other tool available?

Probably? Most folks use OpenSSL because it's free and comes pre-installed on a lot of Linux distributions.

Can you share an example?

libspdm/unit_test/sample_key/rsa2048>cat ca.cert inter.cert end_responder.cert > chain.cert
libspdm/unit_test/sample_key/rsa2048>openssl verify -CAfile ca.cert chain.cert
chain.cert: OK

steven-bellock avatar Sep 05 '24 22:09 steven-bellock

@PrakashK94 if this answered your question please close the issue.

steven-bellock avatar Sep 09 '24 14:09 steven-bellock