Categories:
DH Keys (39)
DSA Keys (71)
EC Keys (288)
Firefox (32)
General (13)
Google Chrome (25)
Intermediate CA (152)
Java VM (20)
JDK Keytool (25)
Microsoft CertUtil (26)
Mozilla CertUtil (18)
OpenSSL (237)
Other (17)
Portecle (38)
Publishers (1799)
Revoked Certificates (30)
Root CA (87)
RSA Keys (2058)
Tools (47)
Tutorial (7)
What Is (21)
Windows (129)
Collections:
Other Resources:
OpenSSL Self-Signed Certificate Components
How to identify and read each component of a self-signed certificate in OpenSSL "x509 -text" command output?
✍: FYIcenter.com
OpenSSL "x509 -text" command output displays all components in a self-signed certificate
with proper labels to help you identify each component.
Below is a good example of the "x509 -text" command output:
C:\Users\fyicenter>\local\openssl\openssl.exe OpenSSL> x509 -in rsa_test.crt -text -noout Certificate: Data: Version: 3 (0x2) Serial Number: ef:25:6c:16:2f:ec:30:b6 Signature Algorithm: sha256WithRSAEncryption Issuer: C=us, ST=NY, L=New York, O=Donald Inc., OU=IT, CN=www.donald.inc/emailAddress=john@donald.inc Validity Not Before: Aug 21 11:46:53 2016 GMT Not After : Sep 20 11:46:53 2016 GMT Subject: C=us, ST=NY, L=New York, O=Donald Inc., OU=IT, CN=www.donald.inc/emailAddress=john@donald.inc Subject Public Key Info: Public Key Algorithm: rsaEncryption Public-Key: (512 bit) Modulus: 00:a5:71:05:d4:1f:88:8c:e5:5f:0c:6f:83:7f:8a: 68:3a:99:a5:a9:18:af:bd:47:73:c7:ab:b7:f4:09: b6:a0:64:9e:e7:4c:92:7f:5e:1d:7a:f0:7e:6e:61: 2e:ed:e1:aa:c5:2b:ee:96:7d:e4:14:44:2b:fa:af: 7f:47:da:9c:ef Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Subject Key Identifier: 09:E5:65:C1:3D:0A:13:23:FE:20:73:8F:2D:98:C1:E9:F2:ED:D4:71 X509v3 Authority Key Identifier: keyid:09:E5:65:C1:3D:0A:13:23:FE:20:73:8F:2D:98:C1:E9:F2:ED:D4:71 X509v3 Basic Constraints: CA:TRUE Signature Algorithm: sha256WithRSAEncryption 40:1d:b5:7e:eb:a9:89:a1:e3:18:d3:ca:9e:51:03:2e:ee:9a: 16:52:6e:87:d6:a8:cc:a2:47:29:18:11:f6:cb:5a:99:fb:15: 63:0d:f7:7b:33:4c:0a:78:4d:5d:87:48:19:f9:74:26:da:1a: f2:8f:77:d4:07:e7:7d:a9:99:64
You can read the above output as the following:
The version number of X509 standard used in this certificate is 3 (binary value is 2, but it represents version 3):
Version: 3 (0x2)
The serial number of this certificate is ef:25:6c:16:2f:ec:30:b6, which uniquely identifies this certificate among all certificates signed by issuer:
Serial Number: ef:25:6c:16:2f:ec:30:b6
The digital signature algorithm used to sign this certificate is SHA256 with an RSA private key:
Signature Algorithm: sha256WithRSAEncryption
The entity name of the issuer who signed this certificate:
Issuer: C=us, ST=NY, L=New York, O=Donald Inc., OU=IT, CN=www.donald.inc/emailAddress=john@donald.inc
The validity date range of this certificate:
Validity Not Before: Aug 21 11:46:53 2016 GMT Not After : Sep 20 11:46:53 2016 GMT
The entity name of the subject whose public key is being certified (the subject is the same as the issuer in the case of a self-signed certificate):
Subject: C=us, ST=NY, L=New York, O=Donald Inc., OU=IT, CN=www.donald.inc/emailAddress=john@donald.inc
The public key algorithm and public key itself being certified:
Subject Public Key Info: Public Key Algorithm: rsaEncryption Public-Key: (512 bit) Modulus: 00:a5:71:05:d4:1f:88:8c:e5:5f:0c:6f:83:7f:8a: 68:3a:99:a5:a9:18:af:bd:47:73:c7:ab:b7:f4:09: b6:a0:64:9e:e7:4c:92:7f:5e:1d:7a:f0:7e:6e:61: 2e:ed:e1:aa:c5:2b:ee:96:7d:e4:14:44:2b:fa:af: 7f:47:da:9c:ef Exponent: 65537 (0x10001)
The additional information included in the certification:
X509v3 extensions: X509v3 Subject Key Identifier: 09:E5:65:C1:3D:0A:13:23:FE:20:73:8F:2D:98:C1:E9:F2:ED:D4:71 X509v3 Authority Key Identifier: keyid:09:E5:65:C1:3D:0A:13:23:FE:20:73:8F:2D:98:C1:E9:F2:ED:D4:71 X509v3 Basic Constraints: CA:TRUE
The digital signature algorithm and digital signature itself:
Signature Algorithm: sha256WithRSAEncryption 40:1d:b5:7e:eb:a9:89:a1:e3:18:d3:ca:9e:51:03:2e:ee:9a: 16:52:6e:87:d6:a8:cc:a2:47:29:18:11:f6:cb:5a:99:fb:15: 63:0d:f7:7b:33:4c:0a:78:4d:5d:87:48:19:f9:74:26:da:1a: f2:8f:77:d4:07:e7:7d:a9:99:64
⇒ OpenSSL "req -x509" - Sign My Own CSR
⇐ OpenSSL "req -x509 -newkey" - Generate Private Key and Certificate
2016-11-08, 922👍, 0💬
Popular Posts:
What is "makecert.exe" on Windows 7? What can I use it for? "makecert.exe" is a Certificate Creation...
How to see the signing chain of a server certificate in IE? I want to know the root CA who signs the...
How to export the server certificate to a file in IE? I can view the server certificate used by the ...
Where to click to get more Website information in Google Chrome? I want to know if the page I am int...
What can I use OpenSSL "ans1parse" command for? What are options supported by the "ans1parse" comman...