Where is my OpenSSL certificate?

Hi, I need help!

I'm using the latest version of Ubuntu (14.04). I have just installed the OpenSSL 1.1f-1ubuntu3.6 package. I can see the cert.pem file in /etc/ssl/certs/ca-certificates.crt, but where is my actual certificate? It's not in the ca-certificates.crt or the certificate files.

I am trying to send a message over HTTPS using Python 3.4, and the following error message is returned: SSL: CERTIFICATEVERIFYFAILED. This is my first time working with Python 3.4 and OpenSSL. My research has led me to believe that my certificates are not being recognized by Python. Am I doing something wrong, or is there a different way to verify my SSL certificate?

The output from the python interpreter gives a more detailed description of the problem. I've used openssl for years on Ubuntu, and on several other distros. I was surprised that this problem was fixed in Ubuntu 14.04) I did a 'apt-cache search' for ca-certificates, and found that 'ca-certificates-java' had been added to my package list. I then ran 'apt-get install ca-certificates-java' and it seemed to work ok. I don't think I installed 'ca-certificates' before.

This may be of interest to others that are having problems with the Python SSL module: thanks for the tip, I've followed your instructions and it worked! Now, how to install the cert on my server, ie the host that I am connecting to? I can't find a way to add it to the Apache server, or to add it to the Python's default cert store. Thanks! Ok, I found the problem. I had an old ssl.cfg file from the days when I installed python with the command "python -m easyinstall ssl" and that had some settings in it that were messing things up. When I copied that old file to the new install, I was back to square one.

How do I check certificates?

for malware or any other thing?

How do I find out the domain owner and if it is legit? There are two ways you can look into it: Search on Google: Try to search for them with a simple search engine such as google.com, if it is legitimate they are bound to appear in the SERP (Search Engine Results Page).

If not, then they don't really care about ranking high enough. So it is more advisable to check them in trusted sources such as the official site of the cert, where it tells who is the domain owner and what are the contact info of the owner.

When using SSL, the domain owner should have both the name and phone number of the Certificate Authority which issued the certificate. Also, the website and contact info (phone, fax, email address) of the CA must also be published and made available by the website.

Look inside the certificate itself: The first and easiest way to check for suspicious certificates is to manually decode it and review it: Decode the certificate in your browsers like Internet Explorer or. Chromium. In Chrome, from the address bar type chrome:// and hit enter Once opened, drag the certificate from the certificate viewer to a. Text editor and paste to get the details. This will not allow you to see the certificate signature. Check the details of the domain name at ICANN.org The WHOIS web-based lookup for verifying ownership of a domain, but. It cannot be considered a foolproof method. If you need to view the full certificate chain, use this tool - it is not a browser plug-in but it can help you look up a certificate in details. However, due to a change in how Firefox handles self-signed certificates; see Mozilla's description of this change. To avoid potential surprises, it is recommended to use a more comprehensive tool such as WPSec or OpenSSL (which also has an extension for FireFox), rather than relying solely on the browser GUI for decryption.