Once you have a certificate, either a self-signed one or one signed by a third-party Certificate Authority (CA), you may want to view the contents of the certificate. If you simply look at the file with a text editor, you will only see a block of PEM-encoded text such as this: -----BEGIN CERTIFICATE----- MIID1zCCA0CgAwIBAgIJAPznkOa+zeeLMA0GCSqGSIb3DQEBBQUAMIGkMQswCQYD VQQGEwJVUzERMA8GA1UECBMISWxsaW5vaXMxDzANBgNVBAcTBlVyYmFuYTENMAsG A1UEChMETkNTQTEjMCEGA1UECxMaU2VjdXJpdHkgUmVzZWFyY2ggRGl2aXNpb24x GjAYBgNVBAMTEXd3dy5uY3NhLnVpdWMuZWR1MSEwHwYJKoZIhvcNAQkBFhJyb290 QG5jYXMudWl1Yy5lZHUwHhcNMDYwMzAxMTkzMDMxWhcNMDcwMzAxMTkzMDMxWjCB pDELMAkGA1UEBhMCVVMxETAPBgNVBAgTCElsbGlub2lzMQ8wDQYDVQQHEwZVcmJh bmExDTALBgNVBAoTBE5DU0ExIzAhBgNVBAsTGlNlY3VyaXR5IFJlc2VhcmNoIERp dmlzaW9uMRowGAYDVQQDExF3d3cubmNzYS51aXVjLmVkdTEhMB8GCSqGSIb3DQEJ ARYScm9vdEBuY2FzLnVpdWMuZWR1MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKB gQCy8/9Afil4C+wvFdm2p7w6sQsZolXJQ1J07VDySCoguXCi6sCR/AyJEr9E6jP3 50FsgFoMn4d0qhkBb6JwczJtJRPphZIvXTi0rrOzZpe0yTF17NWcc5XXn9M8MbR2 jS97pjJ2AyclvOgGN/nYIdEpBfGKJ0cLQr50rBEAu+GScQIDAQABo4IBDTCCAQkw HQYDVR0OBBYEFA9U2p42HR64xIK3uK9TqsuBYkorMIHZBgNVHSMEgdEwgc6AFA9U 2p42HR64xIK3uK9TqsuBYkoroYGqpIGnMIGkMQswCQYDVQQGEwJVUzERMA8GA1UE CBMISWxsaW5vaXMxDzANBgNVBAcTBlVyYmFuYTENMAsGA1UEChMETkNTQTEjMCEG A1UECxMaU2VjdXJpdHkgUmVzZWFyY2ggRGl2aXNpb24xGjAYBgNVBAMTEXd3dy5u Y3NhLnVpdWMuZWR1MSEwHwYJKoZIhvcNAQkBFhJyb290QG5jYXMudWl1Yy5lZHWC CQD855Dmvs3nizAMBgNVHRMEBTADAQH/MA0GCSqGSIb3DQEBBQUAA4GBAAfq52g4 oMVFtzp52pMZevxov9HyJNpuWHOP7y7WHmuYzigDy5vOqJgPki3w3hkdprIKKIb5 7UPwfEZxrW4WwklWllcYV2/00ytZ9tf5GreGhM+AGKOZzv+fDQBtzLr4T4TOjpQO HtceiR1JeNNVHL+Y53cXbP6qKh0TYn8xVQH3 -----END CERTIFICATE----- If you want to see the actual entries for this file, you can view the contents as text. Here's is a typical openssl command and the resulting output: > openssl x509 -text -noout -in hostcert.pem Certificate: Data: Version: 3 (0x2) Serial Number: fc:e7:90:e6:be:cd:e7:8b Signature Algorithm: sha1WithRSAEncryption Issuer: C=US, ST=Illinois, L=Urbana, O=NCSA, OU=Security Research Division, CN=www.ncsa.uiuc.edu/emailAddress=webmaster@ncsa.uiuc.edu Validity Not Before: Mar 1 19:30:31 2006 GMT Not After : Mar 1 19:30:31 2007 GMT Subject: C=US, ST=Illinois, L=Urbana, O=NCSA, OU=Security Research Division, CN=www.ncsa.uiuc.edu/emailAddress=webmaster@ncsa.uiuc.edu Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public Key: (1024 bit) Modulus (1024 bit): 00:b2:f3:ff:40:7e:29:78:0b:ec:2f:15:d9:b6:a7: bc:3a:b1:0b:19:a2:55:c9:43:52:74:ed:50:f2:48: 2a:20:b9:70:a2:ea:c0:91:fc:0c:89:12:bf:44:ea: 33:f7:e7:41:6c:80:5a:0c:9f:87:74:aa:19:01:6f: a2:70:73:32:6d:25:13:e9:85:92:2f:5d:38:b4:ae: b3:b3:66:97:b4:c9:31:75:ec:d5:9c:73:95:d7:9f: d3:3c:31:b4:76:8d:2f:7b:a6:32:76:03:27:25:bc: e8:06:37:f9:d8:21:d1:29:05:f1:8a:27:47:0b:42: be:74:ac:11:00:bb:e1:92:71 Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Subject Key Identifier: 0F:54:DA:9E:36:1D:1E:B8:C4:82:B7:B8:AF:53:AA:CB:81:62:4A:2B X509v3 Authority Key Identifier: keyid:0F:54:DA:9E:36:1D:1E:B8:C4:82:B7:B8:AF:53:AA:CB:81:62:4A:2B DirName:/C=US/ST=Illinois/L=Urbana/O=NCSA/OU=Security Research Division/ CN=www.ncsa.uiuc.edu/emailAddress=webmaster@ncsa.uiuc.edu serial:FC:E7:90:E6:BE:CD:E7:8B X509v3 Basic Constraints: CA:TRUE Signature Algorithm: sha1WithRSAEncryption 07:ea:e7:68:38:a0:c5:45:b7:3a:79:da:93:19:7a:fc:68:bf: d1:f2:24:da:6e:58:73:8f:ef:2e:d6:1e:6b:98:ce:28:03:cb: 9b:ce:a8:98:0f:92:2d:f0:de:19:1d:a6:b2:0a:28:86:f9:ed: 43:f0:7c:46:71:ad:6e:16:c2:49:56:96:57:18:57:6f:f4:d3: 2b:59:f6:d7:f9:1a:b7:86:84:cf:80:18:a3:99:ce:ff:9f:0d: 00:6d:cc:ba:f8:4f:84:ce:8e:94:0e:1e:d7:1e:89:1d:49:78: d3:55:1c:bf:98:e7:77:17:6c:fe:aa:2a:1d:13:62:7f:31:55: 01:f7 > Here's an explanation of the command line options: * -text - view the contents of the certificate as plain text. * -noout - do not output the PEM-encoded version of the certificate. * -in hostcert.pem - read in the certificate from the file hostcert.pem.