Bootstrap FreeKB - OpenSSL - Display CER CRT PEM file data
OpenSSL - Display CER CRT PEM file data

Updated:   |  OpenSSL articles

Let's say you have a certificate file, foo.cer. The file command can be used to determine if the file is cleartext or binary. In this example, foo.cer is a cleartext file.

~]# file foo.cer
foo.cer: PEM certificate

 

In this scenario, the cat command (on Linux) can be used to view the content of foo.cer. Something like this should be returned.

~]# cat foo.cer
-----BEGIN CERTIFICATE-----
MIIGhTCCBW2gAwIBAgITFwAS0Zj4+uylATknJgAAABLRmDANBgkqhkiG9w0BAQsF
ADBMMRQwEgYKCZImiZPyLGQBGRYEY29ycDEYMBYGCgmSJomT8ixkARkWCHRocml2
ysR4VfQLr+A3zbM59CQjewP40y7oFgrpNuj8Hp1AXud3nsakEYFaGcc=
-----END CERTIFICATE-----

 

And when using the openssl command to view the content of foo.cer you will NOT include the -inform der option.

openssl x509 -in example.crt -text -noout 

 

Let's say the file command shows that foo.cer is a data file.

~]# file foo.file
foo.file: data

 

In this scenario, the cat command cannot be used. Attempting to view the content of foo.file will probably return mumbo jumbo, something like this.

~]# cat foo.file
h++-://c_+.+h_i+e++.c-+/ce_+e+_-+

 

If the file is a data file, you will need to include the -inform der option.

openssl x509 -in example.crt -inform der -text -noout

 

Which should display something like this.

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            18:00:12:de:98:f8:fa:ec:75:0d:39:27:26:fa:00:00:12:d1:98
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: DC=com, DC=foo.example.com
        Validity
            Not Before: Apr 27 12:57:49 2020 GMT
            Not After : Apr 27 12:57:49 2022 GMT
        Subject: C=US, ST=WI, L=Appleton, O=Acme, OU=Information Technology, CN=foo.example.com
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                Public-Key: (2048 bit)
                Modulus:
                    00:d5:28:83:30:ca:eb:5b:42:1d:49:f1:eb:73:ca:
                    ec:cc:6c:13:f5:f3:72:73:95:0a:45:8c:20:be:d4:
                    fb:c6:c9:e2:02:05:bf:9e:7d:f6:96:ed:0f:64:22:
                    29:57:68:87:88:a3:40:af:18:49:62:40:f9:b8:fc:
                    b1:ec:9f:97:c2:28:62:8c:f7:3b:13:4b:0c:04:76:
                    13:af:6d:33:27:08:3c:bd:cc:e2:a9:c9:a8:71:85:
                    82:e4:38:17:1b:2f:cf:42:30:fb:78:4a:13:c8:63:
                    cc:0c:bc:66:56:1e:33:e9:48:2e:86:98:24:61:d0:
                    4a:9e:25:6f:54:9e:d1:b2:1a:83:f3:2c:a4:c1:3c:
                    77:45:2f:6c:c1:af:e1:35:97:15:51:2d:bd:8f:52:
                    4b:8d:2a:48:47:65:90:ee:6a:27:a2:ae:96:63:a5:
                    f6:f6:62:87:f7:f7:74:9f:a3:ea:0a:db:4d:83:99:
                    3b:f2:46:22:5e:f2:32:40:07:d2:84:4c:91:a1:40:
                    7c:1c:e8:64:fa:e9:b0:62:b5:84:ab:76:6c:8c:03:
                    d9:0d:26:1e:23:bb:c0:33:12:97:79:6e:14:b8:11:
                    07:ed:9e:95:d8:bc:6f:6b:8c:6c:35:c8:4b:12:fb:
                    7d:85:78:0f:c0:d2:df:9c:d9:2b:da:ee:0e:b6:bd:
                    d3:2b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Alternative Name: 
                DNS:example
            X509v3 Subject Key Identifier: 
                96:16:15:4D:BF:3C:73:9E:5C:17:28:22:DE:11:81:EE:69:C6:10:E6
            X509v3 Authority Key Identifier: 
                keyid:73:BB:DE:B5:54:49:BD:F2:8C:D9:BE:17:04:94:CB:27:B5:5E:84:B9

            X509v3 CRL Distribution Points: 

                Full Name:
                  URI:http://crl.example.com/certenroll/example.crl
                  
            Authority Information Access: 
                CA Issuers - URI:http://crl.example.com/certenroll/issuer.crt

            X509v3 Key Usage: 
                Digital Signature, Key Encipherment
            1.4.6.7.4.1.322.21.7: 
                0..&+.....7.....C...=...8.......>........V..d...
            X509v3 Extended Key Usage: 
                TLS Web Client Authentication, TLS Web Server Authentication
            1.4.6.7.4.1.322.21.7: 
                0.0
..+.......0
..+.......
    Signature Algorithm: sha256WithRSAEncryption
         9e:07:5c:78:52:bb:ac:d9:a3:ce:43:66:cc:c2:1e:cf:af:de:
         45:ad:b1:bd:cb:1e:45:9b:4a:ae:48:03:25:81:93:1f:11:1a:
         ee:0b:c9:70:f4:d1:9d:d7:8f:02:fc:56:46:3a:5e:97:82:3e:
         7b:d7:d4:4c:96:9e:16:91:bb:d9:80:18:b7:84:bf:3f:23:b3:
         78:37:bd:fc:da:32:0d:42:1f:1f:d3:07:5a:87:f9:b6:56:dc:
         46:d3:48:a2:69:50:0e:89:6c:c4:70:c4:bf:3e:5f:d1:2a:86:
         f8:9e:27:27:a2:7f:b2:71:ca:b7:e4:73:51:2e:06:fc:0a:af:
         a9:aa:c7:c1:69:4b:78:b1:a9:10:6d:e5:d5:76:da:21:30:32:
         2e:aa:51:78:66:59:16:fe:66:4e:47:32:e9:89:91:eb:96:c6:
         c9:84:71:c0:af:ed:d6:78:aa:d1:89:b7:c4:98:2c:f4:40:03:
         13:07:1a:75:cc:f3:d0:5e:63:c2:a6:75:b7:de:14:ec:83:02:
         63:17:13:0b:c1:dc:ad:f3:29:0f:1a:4d:1e:fc:d4:15:af:ca:
         c4:78:55:f4:db:af:e0:37:cd:b3:39:f4:24:23:7b:03:f8:d3:
         2e:e8:16:0a:e9:36:e8:fc:1e:9d:40:5e:e7:77:9e:c6:a4:11:
         81:5a:19:c7

 




Did you find this article helpful?

If so, consider buying me a coffee over at Buy Me A Coffee



Comments


Add a Comment


Please enter e0f240 in the box below so that we can be sure you are a human.