Internet Draft Signatures
OpenSSL can be used to validate the digital signatures on signed Internet-Drafts. Once you have installed OpenSSL, the Comodo root certificate is needed. It can be downloaded from this page, or you can extract it from your own trusted root store and convert it to the needed PEM format using the following command:
openssl x509 -in comodo.cer -inform DER -out comodo.pem
The digital signature is stored in a file with the same name as the Internet-Draft followed by a .p7s file extension. For example:
Once you have the comodo.pem file, the Internet-Draft, and the companion signature file, the following OpenSSL command can be used to validate the digital signature:
openssl cms -verify -CAfile comodo.pem -content <id-file-name> -inform DER \
-in <sig-file-name> -out /dev/null
You can download a copy of the Comodo root certificate from here.
You can download a copy of the Comodo root certificate in PEM format from here.