OpenSSL – verify OpenSSL certificate using your own CA

For more details see man x509

Print issuer hash of your OpenSSL certificate

echo '' | \
    openssl s_client  -connect ldap.hostname.sk:ldaps -status 2>/dev/null | \
    openssl x509 -noout -issuer_hash

Print all parameters of installed certificate

echo '' |  openssl s_client  -connect ldap.hostname.sk:ldaps -status 2>/dev/null \
    |openssl x509 -text \
    | less

Create symlinks to your certificates

Upload you CA certificates into ssl/ directory and then create symbolic links $issuer_hash.0 –> ca-root.crt:

cd ssl
for i in *.crt; do \
    echo ln -s $i `openssl x509 -noout -issuer_hash -in $i`.0; \
done
c_rehash . # standard OpenSSL command, see https://www.openssl.org/docs/apps/c_rehash.html