validating X.509 certificate on linux

Question

I have just started working with X.509 certificates. Can any one tell me how to go about validating a certificate on linux? The use case is that my app had downloaded a cert

Answer 1

OCSP is a protocol to check revocation of certificates. Openssl provides certificate chain validation and signature verification APIs. It requires some amount of coding. So i would suggest you to look into Openssl Documentation.

You have to pass the certificate chain and validate it until you reach a root certificate which should be already saved on your machine. This is self signed certificate issued by entities called Root CAs(Certificate authority)

Apart from OCSP there is a outdated method where you have to fetch revocation list namely CRLs and parse that list for the certificate id.

EDIT: I forgot to mention the openssl command line utility which does the same functionality.