(Note: This requires OpenSSL version 0.9.8a or higher.) You may want to find out what Certificate Authority (CA) signed a particular certificate. OpenSSL terms this CA as the “issuer”. You can view the issuer of a certificate, and you can also view the hash of the issuer. The hash is useful if you have named your certificates with their hash value. You could then quickly match the issuer hash with the certificate hash file name. Here's an openssl command to output this information:
> openssl x509 -in cert.pem -noout -issuer -issuer_hash issuer= /C=US/ST=Illinois/L=Urbana/O=NCSA/CN=www.ncsa.uiuc.edu/emailAddressfirstname.lastname@example.org be7cee67 >
Here's an explanation of the command line options:
Note that this command only gives you the entity that signed this certificate. It does NOT give you the root CA, since a certificate chain can contain many entities. To get to the root CA, you have to keep running this command on the “issuer” until you find a self-signed certificate (i.e. the “issuer” equals the “subject”).