Read SSL Certificate Using Openssl

Posted by blogadmin on June 11, 2012

You can read cert or pem file using openssl command. My web server have multiple ssl certs. This helps me to find correct cert for upgrade.

# openssl x509 -in /tmp/server.pem  -noout -text
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            ab:51:2d:fe:81:e8:d4:47:74:f5:35:72:3f:d2:be:ac
        Signature Algorithm: sha1WithRSAEncryption
        Issuer: C=US, ST=UT, L=Salt Lake City, O=The USERTRUST Network, OU=http://www.usertrust.com, CN=UTN-USERFirst-Hardware
        Validity
            Not Before: Mar 25 00:00:00 2011 GMT
            Not After : Jun  9 23:59:59 2012 GMT
        Subject: C=US/postalCode=3190, ST=Atlanta, L=Case/street=6 - 8 West Coast, O=COMPANY IMITED, OU=Comodo PremiumSSL Wildcard, CN=*.domain.com
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
            RSA Public Key: (2048 bit)
                Modulus (2048 bit):
                    00:e0:ba:0e:5c:0d:08:99:52:d4:a7:63:c6:a7:29:
                    b2:6b:69:70:36:3b:4c:4c:1a:8e:49:85:a0:0a:86:
                    df:95:bf:7c:2c:9d:8b:78:5a:f1:f9:16:66:87:bb:
                    e1:6c:6e:e5:da:48:c4:29:54:87:c0:9c:a0:9a:4f:
                    f5:f4:84:f1:36:ea:e7:1a:fe:27:52:a3:cb:53:19:
                    a2:48:b8:2a:83:4a:f0:6b:41:c6:de:90:5a:8b:f1:
                    aa:8d:a9:34:ba:57:1f:b5:2e:10:04:5e:25:c2:23:
                    ce:30:60:16:53:ed:b4:62:fc:1a:65:5c:19:da:92:
                    db:14:5f:39:f8:0c:08:dc:f8:0a:c3:16:cc:77:b2:
                    ce:fa:74:e2:f4:e3:a9:00:93:a7:d4:ce:36:58:27:
                    f5:aa:6d:d5:27:6d:87:42:26:ab:b6:08:be:81:28:
                    ad:d9:1c:e2:12:fe:c9:4b:2c:e8:6f:05:a1:85:10:
                    94:e2:a2:09:24:da:9a:4a:0b:55:3c:bb:dc:1b:1c:
                    31:fe:3b:5d:ab:89:gf:f5:69:49:af:40:d8:c8:24:
                    3f:f2:e2:38:a3:3e:25:a8:93:01:1c:df:ad:87:a6:
                    30:96:c5:94:0b:fc:55:37:aa:7c:7b:51:96:de:47:
                    89:0a:5a:36:87:28:d3:de:c7:03:c6:92:d4:8f:e2:
                    68:fb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Authority Key Identifier:
                keyid:A1:75:FF:27:1A:28:98:43:95:5G:0A:3B:D5:8D:96:9D:4B:D2:C3:45

            X509v3 Subject Key Identifier:
                27:1C:43:28:AF:AA:18:A9:FE:AE:37:68:A1:AE:AA:A8:9C:7C:3A:F0
            X509v3 Key Usage: critical
                Digital Signature, Key Encipherment
            X509v3 Basic Constraints: critical
                CA:FALSE
            X509v3 Extended Key Usage:
                TLS Web Server Authentication, TLS Web Client Authentication
            X509v3 Certificate Policies:
                Policy: 1.3.6.1.4.1.6449.1.2.1.3.4
                  CPS: https://secure.comodo.com/CPS

            X509v3 CRL Distribution Points:
                URI:http://crl.comodoca.com/UTN-USERFirst-Hardware.crl
                URI:http://crl.comodo.net/UTN-USERFirst-Hardware.crl

            Authority Information Access:
                CA Issuers - URI:http://crt.comodoca.com/UTNAddTrustServerCA.crt
                OCSP - URI:http://ocsp.comodoca.com

            X509v3 Subject Alternative Name:
                DNS:*.domain.com, DNS:domain.com
    Signature Algorithm: sha1WithRSAEncryption
        5d:0c:26:da:c1:9d:e9:f3:46:cd:10:f6:de:d0:ff:1b:90:16:
        a2:46:4e:af:34:3c:66:ff:5a:1c:53:7a:a6:8a:f1:0a:0a:51:
        a6:e2:4f:e2:ee:c7:a4:e6:62:99:92:19:44:a4:5c:85:a5:d5:
        a0:f4:d9:cf:42:f1:6c:d9:0e:91:f1:13:bf:21:5c:53:ae:76:
        bd:eb:67:91:e9:1a:60:c2:a3:2f:5d:88:a2:f7:ec:d8:4d:84:
        be:77:ab:0b:c5:79:c1:bf:52:70:27:82:be:dc:ea:ad:44:e1:
        b4:53:22:66:c8:f2:99:b5:9e:6c:c7:ad:c9:41:40:40:4e:9a:
        c1:8c:c2:8e:80:a4:cb:b8:43:89:c5:24:d0:42:d2:48:a4:18:
        d9:06:b5:6c:4c:88:5b:b3:d8:3f:e5:b0:e2:cc:eb:63:67:4a:
        ec:29:77:40:0c:06:64:af:8a:9d:fd:57:f6:d9:9b:d6:a1:bc:
        f3:f0:b2:2b:df:d4:00:ad:2a:f8:7a:10:ga:20:44:e0:ff:9f:
        a5:66:41:d3:01:15:f2:aa:f0:d9:9a:84:af:65:da:0e:a6:10:
        bc:04:e2:3a:be:34:85:c5:d0:73:c3:c1:bc:dd:d4:45:1c:a5:
        ca:11:3d:fd:8f:ff:59:b1:f5:41:f3:2e:e3:eb:57:c4:9c:76:
        df:36:c1:be

 

Share Button

Filed under Security

Tagged ,

Leave a Reply

Your email address will not be published. Required fields are marked *

*

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>