User Tools

Site Tools


howtos:view_the_contents_of_a_certificate

Once you have a certificate, either a self-signed one or one signed by a third-party Certificate Authority (CA), you may want to view the contents of the certificate. If you simply look at the file with a text editor, you will only see a block of PEM-encoded text such as this:

    -----BEGIN CERTIFICATE-----
    MIID1zCCA0CgAwIBAgIJAPznkOa+zeeLMA0GCSqGSIb3DQEBBQUAMIGkMQswCQYD
    VQQGEwJVUzERMA8GA1UECBMISWxsaW5vaXMxDzANBgNVBAcTBlVyYmFuYTENMAsG
    A1UEChMETkNTQTEjMCEGA1UECxMaU2VjdXJpdHkgUmVzZWFyY2ggRGl2aXNpb24x
    GjAYBgNVBAMTEXd3dy5uY3NhLnVpdWMuZWR1MSEwHwYJKoZIhvcNAQkBFhJyb290
    QG5jYXMudWl1Yy5lZHUwHhcNMDYwMzAxMTkzMDMxWhcNMDcwMzAxMTkzMDMxWjCB
    pDELMAkGA1UEBhMCVVMxETAPBgNVBAgTCElsbGlub2lzMQ8wDQYDVQQHEwZVcmJh
    bmExDTALBgNVBAoTBE5DU0ExIzAhBgNVBAsTGlNlY3VyaXR5IFJlc2VhcmNoIERp
    dmlzaW9uMRowGAYDVQQDExF3d3cubmNzYS51aXVjLmVkdTEhMB8GCSqGSIb3DQEJ
    ARYScm9vdEBuY2FzLnVpdWMuZWR1MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKB
    gQCy8/9Afil4C+wvFdm2p7w6sQsZolXJQ1J07VDySCoguXCi6sCR/AyJEr9E6jP3
    50FsgFoMn4d0qhkBb6JwczJtJRPphZIvXTi0rrOzZpe0yTF17NWcc5XXn9M8MbR2
    jS97pjJ2AyclvOgGN/nYIdEpBfGKJ0cLQr50rBEAu+GScQIDAQABo4IBDTCCAQkw
    HQYDVR0OBBYEFA9U2p42HR64xIK3uK9TqsuBYkorMIHZBgNVHSMEgdEwgc6AFA9U
    2p42HR64xIK3uK9TqsuBYkoroYGqpIGnMIGkMQswCQYDVQQGEwJVUzERMA8GA1UE
    CBMISWxsaW5vaXMxDzANBgNVBAcTBlVyYmFuYTENMAsGA1UEChMETkNTQTEjMCEG
    A1UECxMaU2VjdXJpdHkgUmVzZWFyY2ggRGl2aXNpb24xGjAYBgNVBAMTEXd3dy5u
    Y3NhLnVpdWMuZWR1MSEwHwYJKoZIhvcNAQkBFhJyb290QG5jYXMudWl1Yy5lZHWC
    CQD855Dmvs3nizAMBgNVHRMEBTADAQH/MA0GCSqGSIb3DQEBBQUAA4GBAAfq52g4
    oMVFtzp52pMZevxov9HyJNpuWHOP7y7WHmuYzigDy5vOqJgPki3w3hkdprIKKIb5
    7UPwfEZxrW4WwklWllcYV2/00ytZ9tf5GreGhM+AGKOZzv+fDQBtzLr4T4TOjpQO
    HtceiR1JeNNVHL+Y53cXbP6qKh0TYn8xVQH3
    -----END CERTIFICATE-----

If you want to see the actual entries for this file, you can view the contents as text. Here's is a typical openssl command and the resulting output:

  > openssl x509 -text -noout -in hostcert.pem
  Certificate:
      Data:
          Version: 3 (0x2)
          Serial Number:
              fc:e7:90:e6:be:cd:e7:8b
          Signature Algorithm: sha1WithRSAEncryption
          Issuer: C=US, ST=Illinois, L=Urbana, O=NCSA, OU=Security Research Division, 
                  CN=www.ncsa.uiuc.edu/emailAddress=webmaster@ncsa.uiuc.edu
          Validity
              Not Before: Mar  1 19:30:31 2006 GMT
              Not After : Mar  1 19:30:31 2007 GMT
          Subject: C=US, ST=Illinois, L=Urbana, O=NCSA, OU=Security Research Division,
                   CN=www.ncsa.uiuc.edu/emailAddress=webmaster@ncsa.uiuc.edu
          Subject Public Key Info:
              Public Key Algorithm: rsaEncryption
              RSA Public Key: (1024 bit)
                  Modulus (1024 bit):
                      00:b2:f3:ff:40:7e:29:78:0b:ec:2f:15:d9:b6:a7:
                      bc:3a:b1:0b:19:a2:55:c9:43:52:74:ed:50:f2:48:
                      2a:20:b9:70:a2:ea:c0:91:fc:0c:89:12:bf:44:ea:
                      33:f7:e7:41:6c:80:5a:0c:9f:87:74:aa:19:01:6f:
                      a2:70:73:32:6d:25:13:e9:85:92:2f:5d:38:b4:ae:
                      b3:b3:66:97:b4:c9:31:75:ec:d5:9c:73:95:d7:9f:
                      d3:3c:31:b4:76:8d:2f:7b:a6:32:76:03:27:25:bc:
                      e8:06:37:f9:d8:21:d1:29:05:f1:8a:27:47:0b:42:
                      be:74:ac:11:00:bb:e1:92:71
                  Exponent: 65537 (0x10001)
          X509v3 extensions:
              X509v3 Subject Key Identifier: 
                  0F:54:DA:9E:36:1D:1E:B8:C4:82:B7:B8:AF:53:AA:CB:81:62:4A:2B
              X509v3 Authority Key Identifier: 
                  keyid:0F:54:DA:9E:36:1D:1E:B8:C4:82:B7:B8:AF:53:AA:CB:81:62:4A:2B
                  DirName:/C=US/ST=Illinois/L=Urbana/O=NCSA/OU=Security Research Division/
                          CN=www.ncsa.uiuc.edu/emailAddress=webmaster@ncsa.uiuc.edu
                  serial:FC:E7:90:E6:BE:CD:E7:8B
              X509v3 Basic Constraints: 
                  CA:TRUE
      Signature Algorithm: sha1WithRSAEncryption
          07:ea:e7:68:38:a0:c5:45:b7:3a:79:da:93:19:7a:fc:68:bf:
          d1:f2:24:da:6e:58:73:8f:ef:2e:d6:1e:6b:98:ce:28:03:cb:
          9b:ce:a8:98:0f:92:2d:f0:de:19:1d:a6:b2:0a:28:86:f9:ed:
          43:f0:7c:46:71:ad:6e:16:c2:49:56:96:57:18:57:6f:f4:d3:
          2b:59:f6:d7:f9:1a:b7:86:84:cf:80:18:a3:99:ce:ff:9f:0d:
          00:6d:cc:ba:f8:4f:84:ce:8e:94:0e:1e:d7:1e:89:1d:49:78:
          d3:55:1c:bf:98:e7:77:17:6c:fe:aa:2a:1d:13:62:7f:31:55:
          01:f7
  >

Here's an explanation of the command line options:

  • -text - view the contents of the certificate as plain text.
  • -noout - do not output the PEM-encoded version of the certificate.
  • -in hostcert.pem - read in the certificate from the file hostcert.pem.
howtos/view_the_contents_of_a_certificate.txt · Last modified: d/m/Y H:i (external edit)