How do I display the contents of a SSL certificate?
You can display the contents of a PEM formatted certificate under Linux, using openssl:
$ openssl x509 -in acs.cdroutertest.com.pem -text
The output of the above command should look something like this:
cdrouter@linux:/usr/cdrouter/tests> openssl x509 -in acs.cdroutertest.com.pem -text
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
04:7a:f7:95:47:c0:7d:0f:ef:80:a5:b2:1f:51:e3:63
Signature Algorithm: sha256WithRSAEncryption
Issuer: C = GB, ST = Greater Manchester, L = Salford, O = COMODO CA Limited, CN = COMODO RSA Domain Validation Secure Server CA
Validity
Not Before: Mar 12 00:00:00 2018 GMT
Not After : Mar 11 23:59:59 2020 GMT
Subject: OU = Domain Control Validated, OU = PositiveSSL, CN = acs.cdroutertest.com
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (2048 bit)
Modulus:
00:eb:fe:b5:1a:16:0d:49:3f:15:18:99:44:eb:63:
ef:e4:7e:de:f7:91:2a:2f:3c:9d:43:57:62:52:92:
17:a6:48:0b:de:86:43:6b:77:5c:77:9d:05:6c:64:
eb:96:fa:97:c8:f9:93:3e:72:3c:c4:84:f3:e2:98:
60:9c:17:92:bf:01:12:a3:20:69:19:16:39:1c:48:
0b:e0:db:e2:bc:d0:48:57:4d:a6:0d:1a:a1:3a:51:
25:b5:d9:1c:61:ba:34:b7:76:56:15:72:7e:69:eb:
07:0f:20:3e:f9:41:56:8b:1b:51:eb:55:cd:9c:61:
a1:c8:a1:42:1f:6e:87:5e:a1:1b:68:11:e5:4e:66:
36:7c:4a:2c:23:e4:98:71:31:f7:0c:28:ee:1d:65:
99:1d:1f:40:1e:da:b5:a4:de:5b:6d:8d:c3:35:3b:
06:b4:5d:82:a6:61:27:29:25:ab:71:12:71:9c:0c:
f6:68:c1:54:58:3a:1d:a1:ce:ea:10:a6:2d:e0:4a:
f5:f4:45:b4:2d:25:37:f5:0e:b2:c3:03:1f:35:73:
59:46:36:6a:73:a2:2c:3f:70:c8:e4:26:49:a3:20:
8f:38:7c:55:d0:2e:f5:8a:24:00:7b:ce:36:8d:60:
5a:7b:c5:4b:66:cd:49:d0:e6:51:6d:b5:9e:a8:68:
06:79
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Authority Key Identifier:
keyid:90:AF:6A:3A:94:5A:0B:D8:90:EA:12:56:73:DF:43:B4:3A:28:DA:E7
X509v3 Subject Key Identifier:
CC:31:0F:36:85:92:91:A8:0D:61:46:9E:9C:FE:9E:23:42:B9:D6:92
X509v3 Key Usage: critical
Digital Signature, Key Encipherment
X509v3 Basic Constraints: critical
CA:FALSE
X509v3 Extended Key Usage:
TLS Web Server Authentication, TLS Web Client Authentication
X509v3 Certificate Policies:
Policy: 1.3.6.1.4.1.6449.1.2.2.7
CPS: https://secure.comodo.com/CPS
Policy: 2.23.140.1.2.1
X509v3 CRL Distribution Points:
Full Name:
URI:http://crl.comodoca.com/COMODORSADomainValidationSecureServerCA.crl
Authority Information Access:
CA Issuers - URI:http://crt.comodoca.com/COMODORSADomainValidationSecureServerCA.crt
OCSP - URI:http://ocsp.comodoca.com
X509v3 Subject Alternative Name:
DNS:acs.cdroutertest.com, DNS:www.acs.cdroutertest.com
Signature Algorithm: sha256WithRSAEncryption
44:fd:29:96:b3:ca:c9:b6:10:5e:74:40:14:6a:a0:c4:41:21:
5b:16:0b:e2:13:eb:8a:25:19:5f:30:73:0f:2b:9e:68:7b:67:
3b:71:db:a3:72:91:52:db:02:8c:13:b3:fd:71:2e:4a:4c:d1:
02:6e:7e:1f:0e:0a:cf:bb:29:71:91:42:8a:e8:68:8f:a2:b4:
d6:52:e4:f4:93:df:13:98:a4:58:e6:77:e4:78:86:ae:ad:73:
b7:6d:43:25:dd:1f:92:c0:36:97:04:2a:87:40:87:16:16:c3:
79:13:10:a2:2e:a0:cb:27:0f:ee:c6:5a:1a:5b:55:5b:b7:9d:
20:12:7c:8b:0d:20:32:3e:8c:c1:5a:56:31:27:0e:fb:4c:d7:
7a:ad:c5:22:58:ad:97:c7:bd:75:14:bb:e7:58:f5:c8:f6:49:
f8:43:68:13:2e:d4:3a:67:02:13:e8:35:50:05:df:d9:32:90:
e1:c6:bb:b0:aa:52:fb:4f:1f:92:dd:d3:55:7a:28:67:91:be:
c0:5c:b7:7b:74:37:0e:d8:69:36:f5:74:b9:a3:61:7c:29:31:
3e:8b:51:a2:df:fc:f4:dc:48:93:46:c9:b2:35:30:6c:48:66:
2a:6e:f5:6f:17:d7:2b:07:b4:c4:b9:67:65:67:1a:d8:76:80:
8f:ff:fd:ef
-----BEGIN CERTIFICATE-----
MIIFTjCCBDagAwIBAgIQBHr3lUfAfQ/vgKWyH1HjYzANBgkqhkiG9w0BAQsFADCB
kDELMAkGA1UEBhMCR0IxGzAZBgNVBAgTEkdyZWF0ZXIgTWFuY2hlc3RlcjEQMA4G
A1UEBxMHU2FsZm9yZDEaMBgGA1UEChMRQ09NT0RPIENBIExpbWl0ZWQxNjA0BgNV
BAMTLUNPTU9ETyBSU0EgRG9tYWluIFZhbGlkYXRpb24gU2VjdXJlIFNlcnZlciBD
QTAeFw0xODAzMTIwMDAwMDBaFw0yMDAzMTEyMzU5NTlaMFIxITAfBgNVBAsTGERv
bWFpbiBDb250cm9sIFZhbGlkYXRlZDEUMBIGA1UECxMLUG9zaXRpdmVTU0wxFzAV
BgNVBAMTDmFjcy5xYWNhZmUuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB
CgKCAQEA6/61GhYNST8VGJlE62Pv5H7e95EqLzydQ1diUpIXpkgL3oZDa3dcd50F
bGTrlvqXyPmTPnI8xITz4phgnBeSvwESoyBpGRY5HEgL4NvivNBIV02mDRqhOlEl
tdkcYbo0t3ZWFXJ+aesHDyA++UFWixtR61XNnGGhyKFCH26HXqEbaBHlTmY2fEos
I+SYcTH3DCjuHWWZHR9AHtq1pN5bbY3DNTsGtF2CpmEnKSWrcRJxnAz2aMFUWDod
oc7qEKYt4Er19EW0LSU39Q6ywwMfNXNZRjZqc6IsP3DI5CZJoyCPOHxV0C71iiQA
e842jWBae8VLZs1J0OZRbbWeqGgGeQIDAQABo4IB3zCCAdswHwYDVR0jBBgwFoAU
kK9qOpRaC9iQ6hJWc99DtDoo2ucwHQYDVR0OBBYEFMwxDzaFkpGoDWFGnpz+niNC
udaSMA4GA1UdDwEB/wQEAwIFoDAMBgNVHRMBAf8EAjAAMB0GA1UdJQQWMBQGCCsG
AQUFBwMBBggrBgEFBQcDAjBPBgNVHSAESDBGMDoGCysGAQQBsjEBAgIHMCswKQYI
KwYBBQUHAgEWHWh0dHBzOi8vc2VjdXJlLmNvbW9kby5jb20vQ1BTMAgGBmeBDAEC
ATBUBgNVHR8ETTBLMEmgR6BFhkNodHRwOi8vY3JsLmNvbW9kb2NhLmNvbS9DT01P
RE9SU0FEb21haW5WYWxpZGF0aW9uU2VjdXJlU2VydmVyQ0EuY3JsMIGFBggrBgEF
BQcBAQR5MHcwTwYIKwYBBQUHMAKGQ2h0dHA6Ly9jcnQuY29tb2RvY2EuY29tL0NP
TU9ET1JTQURvbWFpblZhbGlkYXRpb25TZWN1cmVTZXJ2ZXJDQS5jcnQwJAYIKwYB
BQUHMAGGGGh0dHA6Ly9vY3NwLmNvbW9kb2NhLmNvbTAtBgNVHREEJjAkgg5hY3Mu
cWFjYWZlLmNvbYISd3d3LmFjcy5xYWNhZmUuY29tMA0GCSqGSIb3DQEBCwUAA4IB
AQBE/SmWs8rJthBedEAUaqDEQSFbFgviE+uKJRlfMHMPK55oe2c7cdujcpFS2wKM
E7P9cS5KTNECbn4fDgrPuylxkUKK6GiPorTWUuT0k98TmKRY5nfkeIaurXO3bUMl
3R+SwDaXBCqHQIcWFsN5ExCiLqDLJw/uxloaW1Vbt50gEnyLDSAyPozBWlYxJw77
TNd6rcUiWK2Xx711FLvnWPXI9kn4Q2gTLtQ6ZwIT6DVQBd/ZMpDhxruwqlL7Tx+S
3dNVeihnkb7AXLd7dDcO2Gk29XS5o2F8KTE+i1Gi3/z03EiTRsmyNTBsSGYqbvVv
F9crB7TEuWdlZxrYdoCP//3v
-----END CERTIFICATE-----
Likewise, you can display the contents of a DER formatted certificate using this command:
$ openssl x509 -in MYCERT.der -inform der -text
