Categories:
Android (13)
Apple Mac (27)
DH Keys (39)
DSA Keys (70)
EC Keys (918)
Firefox (30)
General (10)
Google Chrome (25)
Intermediate CA (152)
Java VM (29)
JDK Keytool (28)
Microsoft CertUtil (29)
Microsoft Edge (9)
Mozilla CertUtil (21)
OpenSSL (236)
Other (7)
Portecle (38)
Publishers (3185)
Revoked Certificates (16)
Root CA (85)
RSA Keys (2559)
Tools (46)
Tutorial (1)
What Is (22)
Windows (127)
Collections:
Other Resources:
OpenSSL Self-Signed Certificate Components
How to identify and read each component of a self-signed certificate in OpenSSL "x509 -text" command output?
✍: FYIcenter.com
OpenSSL "x509 -text" command output displays all components in a self-signed certificate
with proper labels to help you identify each component.
Below is a good example of the "x509 -text" command output:
C:\Users\fyicenter>\local\openssl\openssl.exe OpenSSL> x509 -in rsa_test.crt -text -noout Certificate: Data: Version: 3 (0x2) Serial Number: ef:25:6c:16:2f:ec:30:b6 Signature Algorithm: sha256WithRSAEncryption Issuer: C=us, ST=NY, L=New York, O=Donald Inc., OU=IT, CN=www.donald.inc/emailAddress=john@donald.inc Validity Not Before: Aug 21 11:46:53 2016 GMT Not After : Sep 20 11:46:53 2016 GMT Subject: C=us, ST=NY, L=New York, O=Donald Inc., OU=IT, CN=www.donald.inc/emailAddress=john@donald.inc Subject Public Key Info: Public Key Algorithm: rsaEncryption Public-Key: (512 bit) Modulus: 00:a5:71:05:d4:1f:88:8c:e5:5f:0c:6f:83:7f:8a: 68:3a:99:a5:a9:18:af:bd:47:73:c7:ab:b7:f4:09: b6:a0:64:9e:e7:4c:92:7f:5e:1d:7a:f0:7e:6e:61: 2e:ed:e1:aa:c5:2b:ee:96:7d:e4:14:44:2b:fa:af: 7f:47:da:9c:ef Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Subject Key Identifier: 09:E5:65:C1:3D:0A:13:23:FE:20:73:8F:2D:98:C1:E9:F2:ED:D4:71 X509v3 Authority Key Identifier: keyid:09:E5:65:C1:3D:0A:13:23:FE:20:73:8F:2D:98:C1:E9:F2:ED:D4:71 X509v3 Basic Constraints: CA:TRUE Signature Algorithm: sha256WithRSAEncryption 40:1d:b5:7e:eb:a9:89:a1:e3:18:d3:ca:9e:51:03:2e:ee:9a: 16:52:6e:87:d6:a8:cc:a2:47:29:18:11:f6:cb:5a:99:fb:15: 63:0d:f7:7b:33:4c:0a:78:4d:5d:87:48:19:f9:74:26:da:1a: f2:8f:77:d4:07:e7:7d:a9:99:64
You can read the above output as the following:
The version number of X509 standard used in this certificate is 3 (binary value is 2, but it represents version 3):
Version: 3 (0x2)
The serial number of this certificate is ef:25:6c:16:2f:ec:30:b6, which uniquely identifies this certificate among all certificates signed by issuer:
Serial Number: ef:25:6c:16:2f:ec:30:b6
The digital signature algorithm used to sign this certificate is SHA256 with an RSA private key:
Signature Algorithm: sha256WithRSAEncryption
The entity name of the issuer who signed this certificate:
Issuer: C=us, ST=NY, L=New York, O=Donald Inc., OU=IT, CN=www.donald.inc/emailAddress=john@donald.inc
The validity date range of this certificate:
Validity Not Before: Aug 21 11:46:53 2016 GMT Not After : Sep 20 11:46:53 2016 GMT
The entity name of the subject whose public key is being certified (the subject is the same as the issuer in the case of a self-signed certificate):
Subject: C=us, ST=NY, L=New York, O=Donald Inc., OU=IT, CN=www.donald.inc/emailAddress=john@donald.inc
The public key algorithm and public key itself being certified:
Subject Public Key Info: Public Key Algorithm: rsaEncryption Public-Key: (512 bit) Modulus: 00:a5:71:05:d4:1f:88:8c:e5:5f:0c:6f:83:7f:8a: 68:3a:99:a5:a9:18:af:bd:47:73:c7:ab:b7:f4:09: b6:a0:64:9e:e7:4c:92:7f:5e:1d:7a:f0:7e:6e:61: 2e:ed:e1:aa:c5:2b:ee:96:7d:e4:14:44:2b:fa:af: 7f:47:da:9c:ef Exponent: 65537 (0x10001)
The additional information included in the certification:
X509v3 extensions: X509v3 Subject Key Identifier: 09:E5:65:C1:3D:0A:13:23:FE:20:73:8F:2D:98:C1:E9:F2:ED:D4:71 X509v3 Authority Key Identifier: keyid:09:E5:65:C1:3D:0A:13:23:FE:20:73:8F:2D:98:C1:E9:F2:ED:D4:71 X509v3 Basic Constraints: CA:TRUE
The digital signature algorithm and digital signature itself:
Signature Algorithm: sha256WithRSAEncryption 40:1d:b5:7e:eb:a9:89:a1:e3:18:d3:ca:9e:51:03:2e:ee:9a: 16:52:6e:87:d6:a8:cc:a2:47:29:18:11:f6:cb:5a:99:fb:15: 63:0d:f7:7b:33:4c:0a:78:4d:5d:87:48:19:f9:74:26:da:1a: f2:8f:77:d4:07:e7:7d:a9:99:64
⇒ OpenSSL "req -x509" - Sign My Own CSR
⇐ OpenSSL "req -x509 -newkey" - Generate Private Key and Certificate
2016-11-08, 1330👍, 0💬
Popular Posts:
What is a JKS (Java KeyStore) file? I heard that it used to provide CA certificates to Java applicat...
Certificate Summary: Subject: www.alipay.com Issuer: VeriSign Class 3 International Server CA - G3 E...
Why I am getting the "cannot lookup how many days to certify for" error when running OpenSSL "ca" co...
Certificate Summary: Subject: Go Daddy Secure Certification Authority Issuer: Go Daddy Class 2 Certi...
What is OCSP (Online Certificate Status Protocol)? OCSP (Online Certificate Status Protocol) is an I...