indexes:view_the_contents_of_a_certificate
Once you have a certificate, either a self-signed one or one signed by a third-party Certificate Authority (CA), you may want to view the contents of the certificate. If you simply look at the file with a text editor, you will only see a block of PEM-encoded text such as this:
-----BEGIN CERTIFICATE-----
MIID1zCCA0CgAwIBAgIJAPznkOa+zeeLMA0GCSqGSIb3DQEBBQUAMIGkMQswCQYD
VQQGEwJVUzERMA8GA1UECBMISWxsaW5vaXMxDzANBgNVBAcTBlVyYmFuYTENMAsG
A1UEChMETkNTQTEjMCEGA1UECxMaU2VjdXJpdHkgUmVzZWFyY2ggRGl2aXNpb24x
GjAYBgNVBAMTEXd3dy5uY3NhLnVpdWMuZWR1MSEwHwYJKoZIhvcNAQkBFhJyb290
QG5jYXMudWl1Yy5lZHUwHhcNMDYwMzAxMTkzMDMxWhcNMDcwMzAxMTkzMDMxWjCB
pDELMAkGA1UEBhMCVVMxETAPBgNVBAgTCElsbGlub2lzMQ8wDQYDVQQHEwZVcmJh
bmExDTALBgNVBAoTBE5DU0ExIzAhBgNVBAsTGlNlY3VyaXR5IFJlc2VhcmNoIERp
dmlzaW9uMRowGAYDVQQDExF3d3cubmNzYS51aXVjLmVkdTEhMB8GCSqGSIb3DQEJ
ARYScm9vdEBuY2FzLnVpdWMuZWR1MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKB
gQCy8/9Afil4C+wvFdm2p7w6sQsZolXJQ1J07VDySCoguXCi6sCR/AyJEr9E6jP3
50FsgFoMn4d0qhkBb6JwczJtJRPphZIvXTi0rrOzZpe0yTF17NWcc5XXn9M8MbR2
jS97pjJ2AyclvOgGN/nYIdEpBfGKJ0cLQr50rBEAu+GScQIDAQABo4IBDTCCAQkw
HQYDVR0OBBYEFA9U2p42HR64xIK3uK9TqsuBYkorMIHZBgNVHSMEgdEwgc6AFA9U
2p42HR64xIK3uK9TqsuBYkoroYGqpIGnMIGkMQswCQYDVQQGEwJVUzERMA8GA1UE
CBMISWxsaW5vaXMxDzANBgNVBAcTBlVyYmFuYTENMAsGA1UEChMETkNTQTEjMCEG
A1UECxMaU2VjdXJpdHkgUmVzZWFyY2ggRGl2aXNpb24xGjAYBgNVBAMTEXd3dy5u
Y3NhLnVpdWMuZWR1MSEwHwYJKoZIhvcNAQkBFhJyb290QG5jYXMudWl1Yy5lZHWC
CQD855Dmvs3nizAMBgNVHRMEBTADAQH/MA0GCSqGSIb3DQEBBQUAA4GBAAfq52g4
oMVFtzp52pMZevxov9HyJNpuWHOP7y7WHmuYzigDy5vOqJgPki3w3hkdprIKKIb5
7UPwfEZxrW4WwklWllcYV2/00ytZ9tf5GreGhM+AGKOZzv+fDQBtzLr4T4TOjpQO
HtceiR1JeNNVHL+Y53cXbP6qKh0TYn8xVQH3
-----END CERTIFICATE-----
If you want to see the actual entries for this file, you can view the contents as text. Here's is a typical openssl command and the resulting output:
> openssl x509 -text -noout -in hostcert.pem
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
fc:e7:90:e6:be:cd:e7:8b
Signature Algorithm: sha1WithRSAEncryption
Issuer: C=US, ST=Illinois, L=Urbana, O=NCSA, OU=Security Research Division,
CN=www.ncsa.uiuc.edu/emailAddress=webmaster@ncsa.uiuc.edu
Validity
Not Before: Mar 1 19:30:31 2006 GMT
Not After : Mar 1 19:30:31 2007 GMT
Subject: C=US, ST=Illinois, L=Urbana, O=NCSA, OU=Security Research Division,
CN=www.ncsa.uiuc.edu/emailAddress=webmaster@ncsa.uiuc.edu
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public Key: (1024 bit)
Modulus (1024 bit):
00:b2:f3:ff:40:7e:29:78:0b:ec:2f:15:d9:b6:a7:
bc:3a:b1:0b:19:a2:55:c9:43:52:74:ed:50:f2:48:
2a:20:b9:70:a2:ea:c0:91:fc:0c:89:12:bf:44:ea:
33:f7:e7:41:6c:80:5a:0c:9f:87:74:aa:19:01:6f:
a2:70:73:32:6d:25:13:e9:85:92:2f:5d:38:b4:ae:
b3:b3:66:97:b4:c9:31:75:ec:d5:9c:73:95:d7:9f:
d3:3c:31:b4:76:8d:2f:7b:a6:32:76:03:27:25:bc:
e8:06:37:f9:d8:21:d1:29:05:f1:8a:27:47:0b:42:
be:74:ac:11:00:bb:e1:92:71
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
0F:54:DA:9E:36:1D:1E:B8:C4:82:B7:B8:AF:53:AA:CB:81:62:4A:2B
X509v3 Authority Key Identifier:
keyid:0F:54:DA:9E:36:1D:1E:B8:C4:82:B7:B8:AF:53:AA:CB:81:62:4A:2B
DirName:/C=US/ST=Illinois/L=Urbana/O=NCSA/OU=Security Research Division/
CN=www.ncsa.uiuc.edu/emailAddress=webmaster@ncsa.uiuc.edu
serial:FC:E7:90:E6:BE:CD:E7:8B
X509v3 Basic Constraints:
CA:TRUE
Signature Algorithm: sha1WithRSAEncryption
07:ea:e7:68:38:a0:c5:45:b7:3a:79:da:93:19:7a:fc:68:bf:
d1:f2:24:da:6e:58:73:8f:ef:2e:d6:1e:6b:98:ce:28:03:cb:
9b:ce:a8:98:0f:92:2d:f0:de:19:1d:a6:b2:0a:28:86:f9:ed:
43:f0:7c:46:71:ad:6e:16:c2:49:56:96:57:18:57:6f:f4:d3:
2b:59:f6:d7:f9:1a:b7:86:84:cf:80:18:a3:99:ce:ff:9f:0d:
00:6d:cc:ba:f8:4f:84:ce:8e:94:0e:1e:d7:1e:89:1d:49:78:
d3:55:1c:bf:98:e7:77:17:6c:fe:aa:2a:1d:13:62:7f:31:55:
01:f7
>
Here's an explanation of the command line options:
- -text - view the contents of the certificate as plain text.
- -noout - do not output the PEM-encoded version of the certificate.
- -in hostcert.pem - read in the certificate from the file hostcert.pem.
indexes/view_the_contents_of_a_certificate.txt · Last modified: 02/12/2018 21:34 by 127.0.0.1