Let's say you have a certificate file, foo.cer. The file command can be used to determine if the file is cleartext or binary. In this example, foo.cer is a cleartext file.
~]# file foo.cer
foo.cer: PEM certificate
In this scenario, the cat command (on Linux) can be used to view the content of foo.cer. Something like this should be returned.
~]# cat foo.cer
-----BEGIN CERTIFICATE-----
MIIGhTCCBW2gAwIBAgITFwAS0Zj4+uylATknJgAAABLRmDANBgkqhkiG9w0BAQsF
ADBMMRQwEgYKCZImiZPyLGQBGRYEY29ycDEYMBYGCgmSJomT8ixkARkWCHRocml2
ysR4VfQLr+A3zbM59CQjewP40y7oFgrpNuj8Hp1AXud3nsakEYFaGcc=
-----END CERTIFICATE-----
And when using the openssl command to view the content of foo.cer you will NOT include the -inform der option.
openssl x509 -in example.crt -text -noout
Let's say the file command shows that foo.cer is a data file.
~]# file foo.file
foo.file: data
In this scenario, the cat command cannot be used. Attempting to view the content of foo.file will probably return mumbo jumbo, something like this.
~]# cat foo.file
h++-://c_+.+h_i+e++.c-+/ce_+e+_-+
If the file is a data file, you will need to include the -inform der option.
openssl x509 -in example.crt -inform der -text -noout
Which should display something like this.
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
18:00:12:de:98:f8:fa:ec:75:0d:39:27:26:fa:00:00:12:d1:98
Signature Algorithm: sha256WithRSAEncryption
Issuer: DC=com, DC=foo.example.com
Validity
Not Before: Apr 27 12:57:49 2020 GMT
Not After : Apr 27 12:57:49 2022 GMT
Subject: C=US, ST=WI, L=Appleton, O=Acme, OU=Information Technology, CN=foo.example.com
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (2048 bit)
Modulus:
00:d5:28:83:30:ca:eb:5b:42:1d:49:f1:eb:73:ca:
ec:cc:6c:13:f5:f3:72:73:95:0a:45:8c:20:be:d4:
fb:c6:c9:e2:02:05:bf:9e:7d:f6:96:ed:0f:64:22:
29:57:68:87:88:a3:40:af:18:49:62:40:f9:b8:fc:
b1:ec:9f:97:c2:28:62:8c:f7:3b:13:4b:0c:04:76:
13:af:6d:33:27:08:3c:bd:cc:e2:a9:c9:a8:71:85:
82:e4:38:17:1b:2f:cf:42:30:fb:78:4a:13:c8:63:
cc:0c:bc:66:56:1e:33:e9:48:2e:86:98:24:61:d0:
4a:9e:25:6f:54:9e:d1:b2:1a:83:f3:2c:a4:c1:3c:
77:45:2f:6c:c1:af:e1:35:97:15:51:2d:bd:8f:52:
4b:8d:2a:48:47:65:90:ee:6a:27:a2:ae:96:63:a5:
f6:f6:62:87:f7:f7:74:9f:a3:ea:0a:db:4d:83:99:
3b:f2:46:22:5e:f2:32:40:07:d2:84:4c:91:a1:40:
7c:1c:e8:64:fa:e9:b0:62:b5:84:ab:76:6c:8c:03:
d9:0d:26:1e:23:bb:c0:33:12:97:79:6e:14:b8:11:
07:ed:9e:95:d8:bc:6f:6b:8c:6c:35:c8:4b:12:fb:
7d:85:78:0f:c0:d2:df:9c:d9:2b:da:ee:0e:b6:bd:
d3:2b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Alternative Name:
DNS:example
X509v3 Subject Key Identifier:
96:16:15:4D:BF:3C:73:9E:5C:17:28:22:DE:11:81:EE:69:C6:10:E6
X509v3 Authority Key Identifier:
keyid:73:BB:DE:B5:54:49:BD:F2:8C:D9:BE:17:04:94:CB:27:B5:5E:84:B9
X509v3 CRL Distribution Points:
Full Name:
URI:http://crl.example.com/certenroll/example.crl
Authority Information Access:
CA Issuers - URI:http://crl.example.com/certenroll/issuer.crt
X509v3 Key Usage:
Digital Signature, Key Encipherment
1.4.6.7.4.1.322.21.7:
0..&+.....7.....C...=...8.......>........V..d...
X509v3 Extended Key Usage:
TLS Web Client Authentication, TLS Web Server Authentication
1.4.6.7.4.1.322.21.7:
0.0
..+.......0
..+.......
Signature Algorithm: sha256WithRSAEncryption
9e:07:5c:78:52:bb:ac:d9:a3:ce:43:66:cc:c2:1e:cf:af:de:
45:ad:b1:bd:cb:1e:45:9b:4a:ae:48:03:25:81:93:1f:11:1a:
ee:0b:c9:70:f4:d1:9d:d7:8f:02:fc:56:46:3a:5e:97:82:3e:
7b:d7:d4:4c:96:9e:16:91:bb:d9:80:18:b7:84:bf:3f:23:b3:
78:37:bd:fc:da:32:0d:42:1f:1f:d3:07:5a:87:f9:b6:56:dc:
46:d3:48:a2:69:50:0e:89:6c:c4:70:c4:bf:3e:5f:d1:2a:86:
f8:9e:27:27:a2:7f:b2:71:ca:b7:e4:73:51:2e:06:fc:0a:af:
a9:aa:c7:c1:69:4b:78:b1:a9:10:6d:e5:d5:76:da:21:30:32:
2e:aa:51:78:66:59:16:fe:66:4e:47:32:e9:89:91:eb:96:c6:
c9:84:71:c0:af:ed:d6:78:aa:d1:89:b7:c4:98:2c:f4:40:03:
13:07:1a:75:cc:f3:d0:5e:63:c2:a6:75:b7:de:14:ec:83:02:
63:17:13:0b:c1:dc:ad:f3:29:0f:1a:4d:1e:fc:d4:15:af:ca:
c4:78:55:f4:db:af:e0:37:cd:b3:39:f4:24:23:7b:03:f8:d3:
2e:e8:16:0a:e9:36:e8:fc:1e:9d:40:5e:e7:77:9e:c6:a4:11:
81:5a:19:c7
Did you find this article helpful?
If so, consider buying me a coffee over at