How to Check the Certificate Type?


Check if a certificate is self-signed

openssl x509 -in cert.pem -text -noout

Look for: If the Issuer and Subject fields are the same, the certificate is self-signed.

Check if it’s CA-signed

openssl x509 -in cert.pem -text -noout | grep Issuer

Look for: If the Issuer field contains a well-known CA (e.g., DigiCert, Let's Encrypt), it's CA-signed.

Check Certificate Chain (Intermediate CA)

openssl s_client -connect server:port -showcerts

Look for: Multiple certificates being displayed. The Intermediate certificates appear before the root CA in the chain.

  Last updated