OpenSSL "x509 -text" - Print Certificate Info
Q
How to print out text information from a certificate using OpenSSL "x509" command? I want to see the subject and issuer of the certificate.
✍: FYIcenter.com
A
Assuming you have a certificate file located at: C:\Users\fyicenter\twitter.crt,
you can print out certificate information in text format
using the "x509 -text" command as shown below:
C:\Users\fyicenter>\local\openssl\openssl.exe
OpenSSL> x509 -in twitter.crt -text -noout
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
07:76:b5:dd:ca:83:a4:b9:ca:59:8f:5d:77:1f:9e:46
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert SHA2 Exte
nded Validation Server CA
Validity
Not Before: Mar 9 00:00:00 2016 GMT
Not After : Mar 14 12:00:00 2018 GMT
Subject: businessCategory=Private Organization/jurisdictionC=US/jurisdic
tionST=Delaware/serialNumber=4337446/street=Suite 900/street=1355 Market St/post
alCode=94103, C=US, ST=California, L=San Francisco, O=Twitter, Inc., OU=Twitter
Security, CN=twitter.com
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (2048 bit)
Modulus:
00:c2:08:98:fa:67:00:05:55:b6:0b:61:0e:1a:d7:
b5:8a:c1:cc:03:be:3c:17:fb:94:f7:d9:fa:4c:9f:
46:60:9c:6a:ad:7d:3a:e5:34:5a:12:b0:b2:0b:aa:
ec:96:e1:58:81:2f:ad:60:ab:47:93:69:e3:84:75:
53:c1:f9:0f:b9:46:ab:9e:ea:ab:18:98:8c:68:54:
08:51:65:43:1a:61:97:27:5c:5e:0f:15:e9:cd:16:
ab:dd:51:5b:76:2f:fc:d3:11:99:9d:d2:a6:3d:87:
02:75:e6:24:96:e2:04:3e:14:9c:fa:7e:b8:71:42:
37:00:b5:b0:8a:e2:33:95:8b:da:3f:fb:63:4d:37:
62:d5:1c:02:ea:30:7e:dc:0d:53:d5:d4:0b:b8:a3:
10:13:6d:1f:89:94:0b:6a:94:44:67:29:82:ad:e6:
d5:b0:52:fc:95:57:06:d6:d1:22:66:84:d3:92:2a:
02:c7:94:56:df:55:3f:c2:13:f2:7c:16:78:33:a1:
53:f7:77:97:5c:b7:96:05:d5:44:f4:bf:ef:83:22:
5d:7a:e6:8f:e4:ac:df:34:9e:b6:0f:0a:53:f0:1a:
db:71:37:69:92:f6:14:a9:1c:75:65:72:45:24:09:
3b:2c:6a:d7:b9:69:a5:dc:df:6d:9c:6b:fc:c6:a2:
5b:31
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Authority Key Identifier:
keyid:3D:D3:50:A5:D6:A0:AD:EE:F3:4A:60:0A:65:D3:21:D4:F8:F8:D6:0F
X509v3 Subject Key Identifier:
9F:62:7B:B2:88:0E:EE:1B:79:E0:69:24:E5:BA:3F:47:A6:0B:02:F0
X509v3 Subject Alternative Name:
DNS:twitter.com, DNS:www.twitter.com
X509v3 Key Usage: critical
Digital Signature, Key Encipherment
X509v3 Extended Key Usage:
TLS Web Server Authentication, TLS Web Client Authentication
X509v3 CRL Distribution Points:
Full Name:
URI:http://crl3.digicert.com/sha2-ev-server-g1.crl
Full Name:
URI:http://crl4.digicert.com/sha2-ev-server-g1.crl
X509v3 Certificate Policies:
Policy: 2.16.840.1.114412.2.1
CPS: https://www.digicert.com/CPS
Policy: 2.23.140.1.1
Authority Information Access:
OCSP - URI:http://ocsp.digicert.com
CA Issuers - URI:http://cacerts.digicert.com
/DigiCertSHA2ExtendedValidationServerCA.crt
X509v3 Basic Constraints: critical
CA:FALSE
CT Precertificate SCTs:
Signed Certificate Timestamp:
Version : v1(0)
Log ID : A4:B9:09:90:B4:18:58:14:87:BB:13:A2:CC:67:70:0A:
3C:35:98:04:F9:1B:DF:B8:E3:77:CD:0E:C8:0D:DC:10
Timestamp : Mar 9 22:30:04.249 2016 GMT
Extensions: none
Signature : ecdsa-with-SHA256
30:45:02:20:26:42:03:DC:19:8E:4C:87:25:1C:B7:51:
30:98:9F:02:36:D6:6F:D4:5C:A4:57:59:CE:D4:4B:D6:
AB:C7:AF:2A:02:21:00:B4:AD:54:64:C0:E5:DB:04:6D:
FE:8D:4E:C4:89:F3:15:D4:02:43:ED:90:4C:8B:CB:6C:
77:B9:B2:55:EE:E9:BA
Signed Certificate Timestamp:
Version : v1(0)
Log ID : 68:F6:98:F8:1F:64:82:BE:3A:8C:EE:B9:28:1D:4C:FC:
71:51:5D:67:93:D4:44:D1:0A:67:AC:BB:4F:4F:FB:C4
Timestamp : Mar 9 22:30:04.188 2016 GMT
Extensions: none
Signature : ecdsa-with-SHA256
30:44:02:20:61:7A:00:54:3C:4C:A0:3C:02:A9:2D:51:
9F:F8:E4:92:6E:29:81:C2:20:52:24:A9:C3:D6:20:80:
CB:58:86:66:02:20:39:3D:55:15:E4:10:42:33:60:0A:
71:EF:C2:79:70:B2:8A:6D:72:D7:8D:20:FF:84:71:82:
16:16:EA:C3:42:37
Signed Certificate Timestamp:
Version : v1(0)
Log ID : 56:14:06:9A:2F:D7:C2:EC:D3:F5:E1:BD:44:B2:3E:C7:
46:76:B9:BC:99:11:5C:C0:EF:94:98:55:D6:89:D0:DD
Timestamp : Mar 9 22:30:04.454 2016 GMT
Extensions: none
Signature : ecdsa-with-SHA256
30:44:02:20:5D:43:35:90:14:56:D9:B4:C6:02:A5:6F:
CB:F6:83:A1:84:EB:74:AB:CC:23:AC:79:A7:41:45:D9:
2F:A3:1A:69:02:20:59:80:58:35:C7:57:F6:01:8B:8B:
61:4B:C1:C6:65:CD:E2:54:28:79:C3:06:82:18:CD:E4:
CE:D1:1A:51:89:90
Signature Algorithm: sha256WithRSAEncryption
bb:f8:f5:1b:65:a3:50:03:1f:18:10:c8:35:53:2f:9c:8a:1e:
48:6a:bd:e5:e6:58:c9:d1:e8:a1:fc:ab:03:42:8f:58:f3:0a:
18:a6:91:2e:c1:50:b7:70:dd:15:da:ad:08:f1:15:d2:44:4d:
74:e4:18:2b:65:b6:05:d9:f9:f7:d8:24:6c:db:5f:ec:6c:7d:
3f:bf:a5:4c:a2:73:68:38:42:41:cd:e2:f6:d1:f8:d8:89:d3:
75:4a:bd:fd:ab:4d:9e:ee:48:c9:34:23:d5:83:cc:93:95:14:
44:a5:25:e5:b1:fc:17:58:53:a7:00:24:81:c2:94:73:98:3e:
37:6d:12:95:1f:ac:e3:20:f8:b2:db:09:b1:5c:fe:a2:6d:bd:
e9:d0:84:c7:9e:8b:31:2e:c7:f7:a5:65:e3:2f:f6:1e:5a:a4:
2a:ea:65:03:31:12:a6:78:24:51:de:4d:44:d3:79:17:43:2c:
55:e0:00:f8:85:c7:0b:a8:fe:0a:ea:6d:7b:74:e9:29:59:b2:
96:34:df:bf:c3:15:b2:fc:0a:4c:b8:fd:21:34:f8:28:65:22:
d0:05:a3:22:74:dc:e1:63:ad:e2:cc:78:f5:29:c3:9d:2c:d8:
3c:55:50:82:10:fa:04:5f:c2:25:6c:b3:08:63:f6:13:7c:de:
57:00:58:ec
Options used in this command are:
- "-in test.crt" - Read the certificate file from: C:\Users\fyicenter\twitter.crt.
- "-text" - Print out certificate information in text format.
- "-noout" - Do not include the certificate itself in the output.
⇒ OpenSSL "x509 -fingerprint" - Print Certificate Fingerprint
2012-07-23, 23335👍, 0💬
Related Topics:
