12.2 Verifying the Certificates with SHA-2 Signature

  • On the OES server, run the following command against the LDAP server to verify that the certificate is using the SHA-2 signature.

    openssl s_client -connect 192.168.211.21:636 < /dev/null 2>/dev/null | openssl x509 -text -in /dev/stdin | grep "Signature Algorithm"

    If the return value is: Signature Algorithm: sha256WithRSAEncryption, then it is a RSA signature being protected by a SHA256 (SHA-2) accompanying hash function.

  • Run the following command to verify the certificate file on the file system.

    openssl x509 -in /etc/opt/novell/certs/SSCert.der -inform der -text -noout