OpenSSL "x509 -text" - Print Certificate Info

Q

How to print out text information from a certificate using OpenSSL "x509" command? I want to see the subject and issuer of the certificate.

✍: FYIcenter.com

A

Assuming you have a certificate file located at: C:\Users\fyicenter\twitter.crt, you can print out certificate information in text format using the "x509 -text" command as shown below:

C:\Users\fyicenter>\local\openssl\openssl.exe

OpenSSL> x509 -in twitter.crt -text -noout

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            07:76:b5:dd:ca:83:a4:b9:ca:59:8f:5d:77:1f:9e:46
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert SHA2 Exte
nded Validation Server CA
        Validity
            Not Before: Mar  9 00:00:00 2016 GMT
            Not After : Mar 14 12:00:00 2018 GMT
        Subject: businessCategory=Private Organization/jurisdictionC=US/jurisdic
tionST=Delaware/serialNumber=4337446/street=Suite 900/street=1355 Market St/post
alCode=94103, C=US, ST=California, L=San Francisco, O=Twitter, Inc., OU=Twitter
Security, CN=twitter.com
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                Public-Key: (2048 bit)
                Modulus:
                    00:c2:08:98:fa:67:00:05:55:b6:0b:61:0e:1a:d7:
                    b5:8a:c1:cc:03:be:3c:17:fb:94:f7:d9:fa:4c:9f:
                    46:60:9c:6a:ad:7d:3a:e5:34:5a:12:b0:b2:0b:aa:
                    ec:96:e1:58:81:2f:ad:60:ab:47:93:69:e3:84:75:
                    53:c1:f9:0f:b9:46:ab:9e:ea:ab:18:98:8c:68:54:
                    08:51:65:43:1a:61:97:27:5c:5e:0f:15:e9:cd:16:
                    ab:dd:51:5b:76:2f:fc:d3:11:99:9d:d2:a6:3d:87:
                    02:75:e6:24:96:e2:04:3e:14:9c:fa:7e:b8:71:42:
                    37:00:b5:b0:8a:e2:33:95:8b:da:3f:fb:63:4d:37:
                    62:d5:1c:02:ea:30:7e:dc:0d:53:d5:d4:0b:b8:a3:
                    10:13:6d:1f:89:94:0b:6a:94:44:67:29:82:ad:e6:
                    d5:b0:52:fc:95:57:06:d6:d1:22:66:84:d3:92:2a:
                    02:c7:94:56:df:55:3f:c2:13:f2:7c:16:78:33:a1:
                    53:f7:77:97:5c:b7:96:05:d5:44:f4:bf:ef:83:22:
                    5d:7a:e6:8f:e4:ac:df:34:9e:b6:0f:0a:53:f0:1a:
                    db:71:37:69:92:f6:14:a9:1c:75:65:72:45:24:09:
                    3b:2c:6a:d7:b9:69:a5:dc:df:6d:9c:6b:fc:c6:a2:
                    5b:31
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Authority Key Identifier:
                keyid:3D:D3:50:A5:D6:A0:AD:EE:F3:4A:60:0A:65:D3:21:D4:F8:F8:D6:0F

            X509v3 Subject Key Identifier:
                9F:62:7B:B2:88:0E:EE:1B:79:E0:69:24:E5:BA:3F:47:A6:0B:02:F0
            X509v3 Subject Alternative Name:
                DNS:twitter.com, DNS:www.twitter.com
            X509v3 Key Usage: critical
                Digital Signature, Key Encipherment
            X509v3 Extended Key Usage:
                TLS Web Server Authentication, TLS Web Client Authentication
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:http://crl3.digicert.com/sha2-ev-server-g1.crl

                Full Name:
                  URI:http://crl4.digicert.com/sha2-ev-server-g1.crl

            X509v3 Certificate Policies:
                Policy: 2.16.840.1.114412.2.1
                  CPS: https://www.digicert.com/CPS
                Policy: 2.23.140.1.1

            Authority Information Access:
                OCSP - URI:http://ocsp.digicert.com
                CA Issuers - URI:http://cacerts.digicert.com
                /DigiCertSHA2ExtendedValidationServerCA.crt

            X509v3 Basic Constraints: critical
                CA:FALSE
            CT Precertificate SCTs:
                Signed Certificate Timestamp:
                    Version   : v1(0)
                    Log ID    : A4:B9:09:90:B4:18:58:14:87:BB:13:A2:CC:67:70:0A:

                                3C:35:98:04:F9:1B:DF:B8:E3:77:CD:0E:C8:0D:DC:10
                    Timestamp : Mar  9 22:30:04.249 2016 GMT
                    Extensions: none
                    Signature : ecdsa-with-SHA256
                                30:45:02:20:26:42:03:DC:19:8E:4C:87:25:1C:B7:51:

                                30:98:9F:02:36:D6:6F:D4:5C:A4:57:59:CE:D4:4B:D6:

                                AB:C7:AF:2A:02:21:00:B4:AD:54:64:C0:E5:DB:04:6D:

                                FE:8D:4E:C4:89:F3:15:D4:02:43:ED:90:4C:8B:CB:6C:

                                77:B9:B2:55:EE:E9:BA
                Signed Certificate Timestamp:
                    Version   : v1(0)
                    Log ID    : 68:F6:98:F8:1F:64:82:BE:3A:8C:EE:B9:28:1D:4C:FC:

                                71:51:5D:67:93:D4:44:D1:0A:67:AC:BB:4F:4F:FB:C4
                    Timestamp : Mar  9 22:30:04.188 2016 GMT
                    Extensions: none
                    Signature : ecdsa-with-SHA256
                                30:44:02:20:61:7A:00:54:3C:4C:A0:3C:02:A9:2D:51:

                                9F:F8:E4:92:6E:29:81:C2:20:52:24:A9:C3:D6:20:80:

                                CB:58:86:66:02:20:39:3D:55:15:E4:10:42:33:60:0A:

                                71:EF:C2:79:70:B2:8A:6D:72:D7:8D:20:FF:84:71:82:

                                16:16:EA:C3:42:37
                Signed Certificate Timestamp:
                    Version   : v1(0)
                    Log ID    : 56:14:06:9A:2F:D7:C2:EC:D3:F5:E1:BD:44:B2:3E:C7:

                                46:76:B9:BC:99:11:5C:C0:EF:94:98:55:D6:89:D0:DD
                    Timestamp : Mar  9 22:30:04.454 2016 GMT
                    Extensions: none
                    Signature : ecdsa-with-SHA256
                                30:44:02:20:5D:43:35:90:14:56:D9:B4:C6:02:A5:6F:

                                CB:F6:83:A1:84:EB:74:AB:CC:23:AC:79:A7:41:45:D9:

                                2F:A3:1A:69:02:20:59:80:58:35:C7:57:F6:01:8B:8B:

                                61:4B:C1:C6:65:CD:E2:54:28:79:C3:06:82:18:CD:E4:

                                CE:D1:1A:51:89:90
    Signature Algorithm: sha256WithRSAEncryption
         bb:f8:f5:1b:65:a3:50:03:1f:18:10:c8:35:53:2f:9c:8a:1e:
         48:6a:bd:e5:e6:58:c9:d1:e8:a1:fc:ab:03:42:8f:58:f3:0a:
         18:a6:91:2e:c1:50:b7:70:dd:15:da:ad:08:f1:15:d2:44:4d:
         74:e4:18:2b:65:b6:05:d9:f9:f7:d8:24:6c:db:5f:ec:6c:7d:
         3f:bf:a5:4c:a2:73:68:38:42:41:cd:e2:f6:d1:f8:d8:89:d3:
         75:4a:bd:fd:ab:4d:9e:ee:48:c9:34:23:d5:83:cc:93:95:14:
         44:a5:25:e5:b1:fc:17:58:53:a7:00:24:81:c2:94:73:98:3e:
         37:6d:12:95:1f:ac:e3:20:f8:b2:db:09:b1:5c:fe:a2:6d:bd:
         e9:d0:84:c7:9e:8b:31:2e:c7:f7:a5:65:e3:2f:f6:1e:5a:a4:
         2a:ea:65:03:31:12:a6:78:24:51:de:4d:44:d3:79:17:43:2c:
         55:e0:00:f8:85:c7:0b:a8:fe:0a:ea:6d:7b:74:e9:29:59:b2:
         96:34:df:bf:c3:15:b2:fc:0a:4c:b8:fd:21:34:f8:28:65:22:
         d0:05:a3:22:74:dc:e1:63:ad:e2:cc:78:f5:29:c3:9d:2c:d8:
         3c:55:50:82:10:fa:04:5f:c2:25:6c:b3:08:63:f6:13:7c:de:
         57:00:58:ec

Options used in this command are:

  • "-in test.crt" - Read the certificate file from: C:\Users\fyicenter\twitter.crt.
  • "-text" - Print out certificate information in text format.
  • "-noout" - Do not include the certificate itself in the output.

 

OpenSSL "x509 -fingerprint" - Print Certificate Fingerprint

Sample X.509 Certificate File to Test OpenSSL

OpenSSL "x509" Command

⇑⇑ OpenSSL Tutorials

2012-07-23, 27🔥, 0💬