Lnxgeek.org Wiki - Freedom of choice, I choose Freedom

User Tools

Site Tools

You are here: start » howtos » view_the_contents_of_a_certificate
howtos:view_the_contents_of_a_certificate
no way to compare when less than two revisions

Differences

This shows you the differences between two versions of the page.


howtos:view_the_contents_of_a_certificate [02/12/2018 21:34] (current) – created - external edit 127.0.0.1
Line 1: Line 1:
 +Once you have a certificate, either a self-signed one or one signed by a third-party Certificate Authority (CA), you may want to view the contents of the certificate. If you simply look at the file with a text editor, you will only see a block of PEM-encoded text such as this:
 +<file>
 +    -----BEGIN CERTIFICATE-----
 +    MIID1zCCA0CgAwIBAgIJAPznkOa+zeeLMA0GCSqGSIb3DQEBBQUAMIGkMQswCQYD
 +    VQQGEwJVUzERMA8GA1UECBMISWxsaW5vaXMxDzANBgNVBAcTBlVyYmFuYTENMAsG
 +    A1UEChMETkNTQTEjMCEGA1UECxMaU2VjdXJpdHkgUmVzZWFyY2ggRGl2aXNpb24x
 +    GjAYBgNVBAMTEXd3dy5uY3NhLnVpdWMuZWR1MSEwHwYJKoZIhvcNAQkBFhJyb290
 +    QG5jYXMudWl1Yy5lZHUwHhcNMDYwMzAxMTkzMDMxWhcNMDcwMzAxMTkzMDMxWjCB
 +    pDELMAkGA1UEBhMCVVMxETAPBgNVBAgTCElsbGlub2lzMQ8wDQYDVQQHEwZVcmJh
 +    bmExDTALBgNVBAoTBE5DU0ExIzAhBgNVBAsTGlNlY3VyaXR5IFJlc2VhcmNoIERp
 +    dmlzaW9uMRowGAYDVQQDExF3d3cubmNzYS51aXVjLmVkdTEhMB8GCSqGSIb3DQEJ
 +    ARYScm9vdEBuY2FzLnVpdWMuZWR1MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKB
 +    gQCy8/9Afil4C+wvFdm2p7w6sQsZolXJQ1J07VDySCoguXCi6sCR/AyJEr9E6jP3
 +    50FsgFoMn4d0qhkBb6JwczJtJRPphZIvXTi0rrOzZpe0yTF17NWcc5XXn9M8MbR2
 +    jS97pjJ2AyclvOgGN/nYIdEpBfGKJ0cLQr50rBEAu+GScQIDAQABo4IBDTCCAQkw
 +    HQYDVR0OBBYEFA9U2p42HR64xIK3uK9TqsuBYkorMIHZBgNVHSMEgdEwgc6AFA9U
 +    2p42HR64xIK3uK9TqsuBYkoroYGqpIGnMIGkMQswCQYDVQQGEwJVUzERMA8GA1UE
 +    CBMISWxsaW5vaXMxDzANBgNVBAcTBlVyYmFuYTENMAsGA1UEChMETkNTQTEjMCEG
 +    A1UECxMaU2VjdXJpdHkgUmVzZWFyY2ggRGl2aXNpb24xGjAYBgNVBAMTEXd3dy5u
 +    Y3NhLnVpdWMuZWR1MSEwHwYJKoZIhvcNAQkBFhJyb290QG5jYXMudWl1Yy5lZHWC
 +    CQD855Dmvs3nizAMBgNVHRMEBTADAQH/MA0GCSqGSIb3DQEBBQUAA4GBAAfq52g4
 +    oMVFtzp52pMZevxov9HyJNpuWHOP7y7WHmuYzigDy5vOqJgPki3w3hkdprIKKIb5
 +    7UPwfEZxrW4WwklWllcYV2/00ytZ9tf5GreGhM+AGKOZzv+fDQBtzLr4T4TOjpQO
 +    HtceiR1JeNNVHL+Y53cXbP6qKh0TYn8xVQH3
 +    -----END CERTIFICATE-----
 +</file>
 +
 +If you want to see the actual entries for this file, you can view the contents as text. Here's is a typical openssl command and the resulting output:
 +
 +    > openssl x509 -text -noout -in hostcert.pem
 +    Certificate:
 +        Data:
 +            Version: 3 (0x2)
 +            Serial Number:
 +                fc:e7:90:e6:be:cd:e7:8b
 +            Signature Algorithm: sha1WithRSAEncryption
 +            Issuer: C=US, ST=Illinois, L=Urbana, O=NCSA, OU=Security Research Division, 
 +                    CN=www.ncsa.uiuc.edu/emailAddress=webmaster@ncsa.uiuc.edu
 +            Validity
 +                Not Before: Mar  1 19:30:31 2006 GMT
 +                Not After : Mar  1 19:30:31 2007 GMT
 +            Subject: C=US, ST=Illinois, L=Urbana, O=NCSA, OU=Security Research Division,
 +                     CN=www.ncsa.uiuc.edu/emailAddress=webmaster@ncsa.uiuc.edu
 +            Subject Public Key Info:
 +                Public Key Algorithm: rsaEncryption
 +                RSA Public Key: (1024 bit)
 +                    Modulus (1024 bit):
 +                        00:b2:f3:ff:40:7e:29:78:0b:ec:2f:15:d9:b6:a7:
 +                        bc:3a:b1:0b:19:a2:55:c9:43:52:74:ed:50:f2:48:
 +                        2a:20:b9:70:a2:ea:c0:91:fc:0c:89:12:bf:44:ea:
 +                        33:f7:e7:41:6c:80:5a:0c:9f:87:74:aa:19:01:6f:
 +                        a2:70:73:32:6d:25:13:e9:85:92:2f:5d:38:b4:ae:
 +                        b3:b3:66:97:b4:c9:31:75:ec:d5:9c:73:95:d7:9f:
 +                        d3:3c:31:b4:76:8d:2f:7b:a6:32:76:03:27:25:bc:
 +                        e8:06:37:f9:d8:21:d1:29:05:f1:8a:27:47:0b:42:
 +                        be:74:ac:11:00:bb:e1:92:71
 +                    Exponent: 65537 (0x10001)
 +            X509v3 extensions:
 +                X509v3 Subject Key Identifier: 
 +                    0F:54:DA:9E:36:1D:1E:B8:C4:82:B7:B8:AF:53:AA:CB:81:62:4A:2B
 +                X509v3 Authority Key Identifier: 
 +                    keyid:0F:54:DA:9E:36:1D:1E:B8:C4:82:B7:B8:AF:53:AA:CB:81:62:4A:2B
 +                    DirName:/C=US/ST=Illinois/L=Urbana/O=NCSA/OU=Security Research Division/
 +                            CN=www.ncsa.uiuc.edu/emailAddress=webmaster@ncsa.uiuc.edu
 +                    serial:FC:E7:90:E6:BE:CD:E7:8B
 +                X509v3 Basic Constraints: 
 +                    CA:TRUE
 +        Signature Algorithm: sha1WithRSAEncryption
 +            07:ea:e7:68:38:a0:c5:45:b7:3a:79:da:93:19:7a:fc:68:bf:
 +            d1:f2:24:da:6e:58:73:8f:ef:2e:d6:1e:6b:98:ce:28:03:cb:
 +            9b:ce:a8:98:0f:92:2d:f0:de:19:1d:a6:b2:0a:28:86:f9:ed:
 +            43:f0:7c:46:71:ad:6e:16:c2:49:56:96:57:18:57:6f:f4:d3:
 +            2b:59:f6:d7:f9:1a:b7:86:84:cf:80:18:a3:99:ce:ff:9f:0d:
 +            00:6d:cc:ba:f8:4f:84:ce:8e:94:0e:1e:d7:1e:89:1d:49:78:
 +            d3:55:1c:bf:98:e7:77:17:6c:fe:aa:2a:1d:13:62:7f:31:55:
 +            01:f7
 +    >
 +
 +Here's an explanation of the command line options:
 +
 +    * -text - view the contents of the certificate as plain text.
 +    * -noout - do not output the PEM-encoded version of the certificate.
 +    * -in hostcert.pem - read in the certificate from the file hostcert.pem.
 +
 +
  
howtos/view_the_contents_of_a_certificate.txt · Last modified: 02/12/2018 21:34 by 127.0.0.1