Categories:
Android (13)
Apple Mac (27)
DH Keys (39)
DSA Keys (71)
EC Keys (1855)
Firefox (30)
General (10)
Google Chrome (25)
Intermediate CA (152)
Java VM (29)
JDK Keytool (28)
Microsoft CertUtil (29)
Microsoft Edge (9)
Mozilla CertUtil (21)
OpenSSL (236)
Other (7)
Portecle (38)
Publishers (5385)
Revoked Certificates (16)
Root CA (85)
RSA Keys (4397)
Tools (46)
Tutorial (1)
What Is (22)
Windows (127)
Collections:
Other Resources:
OpenSSL Self-Signed Certificate Components
How to identify and read each component of a self-signed certificate in OpenSSL "x509 -text" command output?
✍: FYIcenter.com
OpenSSL "x509 -text" command output displays all components in a self-signed certificate
with proper labels to help you identify each component.
Below is a good example of the "x509 -text" command output:
C:\Users\fyicenter>\local\openssl\openssl.exe OpenSSL> x509 -in rsa_test.crt -text -noout Certificate: Data: Version: 3 (0x2) Serial Number: ef:25:6c:16:2f:ec:30:b6 Signature Algorithm: sha256WithRSAEncryption Issuer: C=us, ST=NY, L=New York, O=Donald Inc., OU=IT, CN=www.donald.inc/emailAddress=john@donald.inc Validity Not Before: Aug 21 11:46:53 2016 GMT Not After : Sep 20 11:46:53 2016 GMT Subject: C=us, ST=NY, L=New York, O=Donald Inc., OU=IT, CN=www.donald.inc/emailAddress=john@donald.inc Subject Public Key Info: Public Key Algorithm: rsaEncryption Public-Key: (512 bit) Modulus: 00:a5:71:05:d4:1f:88:8c:e5:5f:0c:6f:83:7f:8a: 68:3a:99:a5:a9:18:af:bd:47:73:c7:ab:b7:f4:09: b6:a0:64:9e:e7:4c:92:7f:5e:1d:7a:f0:7e:6e:61: 2e:ed:e1:aa:c5:2b:ee:96:7d:e4:14:44:2b:fa:af: 7f:47:da:9c:ef Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Subject Key Identifier: 09:E5:65:C1:3D:0A:13:23:FE:20:73:8F:2D:98:C1:E9:F2:ED:D4:71 X509v3 Authority Key Identifier: keyid:09:E5:65:C1:3D:0A:13:23:FE:20:73:8F:2D:98:C1:E9:F2:ED:D4:71 X509v3 Basic Constraints: CA:TRUE Signature Algorithm: sha256WithRSAEncryption 40:1d:b5:7e:eb:a9:89:a1:e3:18:d3:ca:9e:51:03:2e:ee:9a: 16:52:6e:87:d6:a8:cc:a2:47:29:18:11:f6:cb:5a:99:fb:15: 63:0d:f7:7b:33:4c:0a:78:4d:5d:87:48:19:f9:74:26:da:1a: f2:8f:77:d4:07:e7:7d:a9:99:64
You can read the above output as the following:
The version number of X509 standard used in this certificate is 3 (binary value is 2, but it represents version 3):
Version: 3 (0x2)
The serial number of this certificate is ef:25:6c:16:2f:ec:30:b6, which uniquely identifies this certificate among all certificates signed by issuer:
Serial Number: ef:25:6c:16:2f:ec:30:b6
The digital signature algorithm used to sign this certificate is SHA256 with an RSA private key:
Signature Algorithm: sha256WithRSAEncryption
The entity name of the issuer who signed this certificate:
Issuer: C=us, ST=NY, L=New York, O=Donald Inc., OU=IT, CN=www.donald.inc/emailAddress=john@donald.inc
The validity date range of this certificate:
Validity Not Before: Aug 21 11:46:53 2016 GMT Not After : Sep 20 11:46:53 2016 GMT
The entity name of the subject whose public key is being certified (the subject is the same as the issuer in the case of a self-signed certificate):
Subject: C=us, ST=NY, L=New York, O=Donald Inc., OU=IT, CN=www.donald.inc/emailAddress=john@donald.inc
The public key algorithm and public key itself being certified:
Subject Public Key Info: Public Key Algorithm: rsaEncryption Public-Key: (512 bit) Modulus: 00:a5:71:05:d4:1f:88:8c:e5:5f:0c:6f:83:7f:8a: 68:3a:99:a5:a9:18:af:bd:47:73:c7:ab:b7:f4:09: b6:a0:64:9e:e7:4c:92:7f:5e:1d:7a:f0:7e:6e:61: 2e:ed:e1:aa:c5:2b:ee:96:7d:e4:14:44:2b:fa:af: 7f:47:da:9c:ef Exponent: 65537 (0x10001)
The additional information included in the certification:
X509v3 extensions: X509v3 Subject Key Identifier: 09:E5:65:C1:3D:0A:13:23:FE:20:73:8F:2D:98:C1:E9:F2:ED:D4:71 X509v3 Authority Key Identifier: keyid:09:E5:65:C1:3D:0A:13:23:FE:20:73:8F:2D:98:C1:E9:F2:ED:D4:71 X509v3 Basic Constraints: CA:TRUE
The digital signature algorithm and digital signature itself:
Signature Algorithm: sha256WithRSAEncryption 40:1d:b5:7e:eb:a9:89:a1:e3:18:d3:ca:9e:51:03:2e:ee:9a: 16:52:6e:87:d6:a8:cc:a2:47:29:18:11:f6:cb:5a:99:fb:15: 63:0d:f7:7b:33:4c:0a:78:4d:5d:87:48:19:f9:74:26:da:1a: f2:8f:77:d4:07:e7:7d:a9:99:64
⇒ OpenSSL "req -x509" - Sign My Own CSR
⇐ OpenSSL "req -x509 -newkey" - Generate Private Key and Certificate
2016-11-08, 1471👍, 0💬
Popular Posts:
Certificate Summary: Subject: T-TeleSec GlobalRoot Class 2 Issuer: T-TeleSec GlobalRoot Class 2 Expi...
How to view the ASN.1 structure of an DSA private key using the OpenSSL "asn1parse" command? You can...
What certificates are included in the Java 7 default trusted certificate keystore file: "cacerts"? F...
Where to find tutorials on using OpenSSL "genpkey" and "pkey" commands for EC private keys? Here is ...
What is "makecert.exe" on Windows? What can I use it for? "makecert.exe" is a Certificate Creation t...