ar_doc_22 openssl_ECC_enc_dec_signature - JohnHau/mis GitHub Wiki
Useful openssl commands to view certificate content Table of Contents View the content of Private Key View the content of CSR (Certificate Signing Request) View the content of CA certificate View the content of signed Certificate Conclusion In this tutorial I will share openssl commands to view the content of different types of certificates such as
Certificate Signing Request (CSR) Subject Alternative Name (SAN) certificate server or client certificate Certificate Authority (CA)
View the content of Private Key We generate a private key with des3 encryption using following command which will prompt for passphrase:
~]# openssl genrsa -des3 -out ca.key 4096 To view the content of this private key we will use following syntax:
~]# openssl rsa -noout -text -in <PRIVATE_KEY> So in our case the command would be:
~]# openssl rsa -noout -text -in ca.key Sample output from my terminal (output is trimmed):
View the content of CSR (Certificate Signing Request) We can use the following command to generate a CSR using the key we created in the previous example:
~]# openssl req -new -key ca.key -out client.csr Syntax to view the content of this CSR:
~]# openssl req -noout -text -in <CSR_FILE> Sample output from my terminal:
View the content of CA certificate We can use our existing key to generate CA certificate, here ca.cert.pem is the CA certificate file:
~]# openssl req -new -x509 -days 365 -key ca.key -out ca.cert.pem To view the content of CA certificate we will use following syntax:
~]# openssl x509 -noout -text -in <CA_CERTIFICATE> Sample output from my terminal (output is trimmed):
View the content of signed Certificate We can create a server or client certificate using following command using the key, CSR and CA certificate which we have created in this tutorial. Here server.crt is our final signed certificate
~]# openssl x509 -req -days 365 -in client.csr -CA ca.cert.pem -CAkey ca.key -CAcreateserial -out server.crt To view the content of similar certificate we can use following syntax:
~]# openssl x509 -noout -text -in Sample output from my server (output is trimmed):
You can use the same command to view SAN (Subject Alternative Name) certificate as well.
Conclusion In this tutorial we learned about openssl commands which can be used to view the content of different kinds of certificates. I have kept the tutorial short and crisp keeping to the point, you may check other articles on openssl in the left sidebar to understand how we can create different kinds of certificates using openssl.