How do I display the contents of a SSL certificate?
You can display the contents of a PEM formatted certificate under Linux, using openssl:
$ openssl x509 -in acs.cdroutertest.com.pem -noout -text
The output of the above command should look something like this:
openssl x509 -in acs_cdroutertest_com.crt -text -noout
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
dc:b3:9d:96:8a:ac:9a:97:10:c3:a5:dc:08:99:8e:81
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=GB, ST=Greater Manchester, L=Salford, O=Sectigo Limited, CN=Sectigo RSA Domain Validation Secure Server CA
Validity
Not Before: Dec 12 00:00:00 2024 GMT
Not After : Jan 12 23:59:59 2026 GMT
Subject: CN=acs.cdroutertest.com
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:af:2f:73:5f:43:22:97:f2:e0:0b:0f:a2:68:2c:
a1:0a:73:5d:04:d9:6b:40:6e:cb:6c:14:53:ca:69:
1e:01:8b:e1:55:60:e8:de:9a:b0:ca:e0:41:cf:60:
41:1b:a1:50:e8:8a:5a:e6:f8:c3:7c:76:52:3b:b4:
3e:16:ea:0b:7b:cc:20:f5:c5:29:fb:ac:c1:a3:b7:
c9:d0:3c:39:bb:c8:03:6f:da:25:e8:3d:19:9f:6e:
c0:30:6a:0f:57:41:c8:05:cd:c2:ca:8e:43:d5:36:
6c:8f:d7:c0:f1:55:90:4f:73:2d:59:6e:93:52:f3:
02:7b:53:00:c1:b0:11:31:b0:8f:bc:d5:70:46:d1:
ea:20:f8:52:bc:c6:92:bb:cd:3c:d0:87:af:b5:e0:
37:26:34:f7:5b:05:7a:f4:d5:91:fb:fa:f8:cc:37:
05:6b:cb:ee:89:fb:94:c4:52:2d:b9:3d:a9:51:de:
1c:97:98:60:60:c9:b4:00:05:cb:18:50:1b:43:ac:
24:ab:84:a6:c9:3d:02:da:f7:fb:e4:f5:ec:93:b3:
56:2c:6a:3b:3a:c6:59:3b:47:4c:75:b2:ed:95:a3:
66:bb:50:cb:f9:0f:90:94:25:c8:8c:ef:93:0f:65:
75:2a:7b:75:24:27:cd:d5:98:91:44:32:a9:1e:6e:
52:f9
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Authority Key Identifier:
keyid:8D:8C:5E:C4:54:AD:8A:E1:77:E9:9B:F9:9B:05:E1:B8:01:8D:61:E1
X509v3 Subject Key Identifier:
2C:E8:63:18:C9:48:C2:77:57:DE:47:62:3D:18:8C:B2:CC:37:09:89
X509v3 Key Usage: critical
Digital Signature, Key Encipherment
X509v3 Basic Constraints: critical
CA:FALSE
X509v3 Extended Key Usage:
TLS Web Server Authentication, TLS Web Client Authentication
X509v3 Certificate Policies:
Policy: 1.3.6.1.4.1.6449.1.2.2.7
CPS: https://sectigo.com/CPS
Policy: 2.23.140.1.2.1
Authority Information Access:
CA Issuers - URI:http://crt.sectigo.com/SectigoRSADomainValidationSecureServerCA.crt
OCSP - URI:http://ocsp.sectigo.com
X509v3 Subject Alternative Name:
DNS:acs.cdroutertest.com, DNS:www.acs.cdroutertest.com
1.3.6.1.4.1.11129.2.4.2:
...j.h.v...d.UX...C.h7.Bw..:....6nF.?.................G0E. )..,h..M.<.T...\........j........!....2H,.....pSd..-.8A.u.6.n...v..8...|..D_[....n..Y.G.-r1...]pA-%L...............G0E.!...8e.$.#..........V...w..gqA.0%.. S .D.3..r.....9.+....
i.......X........G.....G0E.!....mp.y.....R=._&B...W..<...
.1.. ].r.$w.?... ...4.C.H....mB...5..
Signature Algorithm: sha256WithRSAEncryption
10:eb:38:05:23:3f:69:cc:7c:b3:d5:d9:e4:6f:57:cb:5e:c7:
d9:ea:ba:81:8c:63:6b:66:f1:2a:ac:bd:a3:e8:e9:a2:0c:96:
67:49:e5:9e:ff:3b:c6:5f:9b:6d:01:f8:a0:f7:60:f5:68:cf:
e7:e5:1c:23:29:54:a2:7a:72:fa:63:e8:73:38:c1:ff:f9:62:
75:73:25:41:cb:dc:de:b4:b9:88:ec:ba:89:77:25:23:03:87:
98:9a:2c:84:21:c3:4b:ee:de:a8:0a:39:f0:d1:a3:fd:cb:71:
e2:8b:90:24:08:c1:c9:92:59:c7:5e:c3:b5:15:b5:73:46:94:
60:f7:5e:f6:c6:fc:4c:79:cf:43:b9:59:0a:64:bf:21:55:49:
4d:b6:75:aa:97:66:4f:fe:fa:e6:d0:e6:41:c7:5d:21:64:50:
90:57:82:d3:2a:25:15:95:15:46:95:f1:b8:6f:86:9c:8e:3a:
3b:e4:3c:96:66:68:81:5e:1f:8e:1a:57:4c:4c:d0:71:06:62:
22:84:fa:ad:3b:4b:bd:74:93:41:d4:7f:8b:56:a8:6d:03:c3:
40:84:44:fb:9b:dd:c9:97:ab:59:ed:57:a0:86:c0:86:6d:1a:
69:e7:15:67:2a:5f:44:c4:30:6d:85:b5:eb:a1:e3:37:85:1c:
c4:3c:d6:f4
Likewise, you can display the contents of a DER formatted certificate using this command:
$ openssl x509 -in MYCERT.der -inform der -text
