Similar to the certificate viewer found in web browsers, only more keyboard friendly.
The flags next to each certificate are:
- s: Self-signed certificate.
- t: In the trust store. The trust store can be set with the --capath and --cafile options.
- v: In the validation path formed by OpenSSL.
- c: In the server's certificate chain.
- ncurses, glibc 2.9+, OpenSSL 1.0.0+.
- Works with Ubuntu 12.04, RHEL 6 okay.
For Ubuntu run:
sudo apt-get install cmake make g++ libncurses5-dev libssl-dev
For RHEL/CentOS run:
sudo yum install cmake gcc-c++ ncurses-devel openssl-devel
Build & test run
cmake . make x509ls/x509ls
sudo make install
- The longest server chain I've found contains some 108 certificates(!). 107 of these certificates are not even required, since the end-entity certificate is self-signed anyway.