Useful OpenSSL command to view Certificate Content


OpenSSL

In this tutorial I will share openssl commands to view the content of different types of certificates such as

  • Certificate Signing Request (CSR)
  • Subject Alternative Name (SAN) certificate
  • server or client certificate
  • Certificate Authority (CA)

 

View the content of Private Key

We generate a private key with des3 encryption using following command which will prompt for passphrase:

~]# openssl genrsa -des3 -out ca.key 4096

To view the content of this private key we will use following syntax:

~]# openssl rsa -noout -text -in <PRIVATE_KEY>

So in our case the command would be:

~]# openssl rsa -noout -text -in ca.key

Sample output from my terminal (output is trimmed):

openssl view certificate
OpenSSL - Private Key File Content

 

View the content of CSR (Certificate Signing Request)

We can use the following command to generate a CSR using the key we created in the previous example:

 ~]# openssl req -new -key ca.key -out client.csr

Syntax to view the content of this CSR:

~]# openssl req -noout -text -in <CSR_FILE>

Sample output from my terminal:

openssl view certificate
OpenSSL - CSR content

 

View the content of CA certificate

We can use our existing key to generate CA certificate, here ca.cert.pem is the CA certificate file:

 ~]# openssl req -new -x509 -days 365 -key ca.key -out ca.cert.pem

To view the content of CA certificate we will use following syntax:

 ~]# openssl x509 -noout -text -in <CA_CERTIFICATE>

Sample output from my terminal (output is trimmed):

openssl view certificate
OpenSSL - CA Certificate content

 

View the content of signed Certificate

We can create a server or client certificate using following command using the key, CSR and CA certificate which we have created in this tutorial. Here server.crt is our final signed certificate

~]# openssl x509 -req -days 365 -in client.csr -CA ca.cert.pem -CAkey ca.key -CAcreateserial -out server.crt

To view the content of similar certificate we can use following syntax:

~]# openssl x509 -noout -text -in <CERTIFICATE>

Sample output from my server (output is trimmed):

openssl view certificate
OpenSSL - Certificate content

You can use the same command to view SAN (Subject Alternative Name) certificate as well.

 

Conclusion

In this tutorial we learned about openssl commands which can be used to view the content of different kinds of certificates. I have kept the tutorial short and crisp keeping to the point, you may check other articles on openssl in the left sidebar to understand how we can create different kinds of certificates using openssl.

 

Deepak Prasad

Deepak Prasad

He is the founder of GoLinuxCloud and brings over a decade of expertise in Linux, Python, Go, Laravel, DevOps, Kubernetes, Git, Shell scripting, OpenShift, AWS, Networking, and Security. With extensive experience, he excels in various domains, from development to DevOps, Networking, and Security, ensuring robust and efficient solutions for diverse projects. You can connect with him on his LinkedIn profile.

Can't find what you're searching for? Let us assist you.

Enter your query below, and we'll provide instant results tailored to your needs.

If my articles on GoLinuxCloud has helped you, kindly consider buying me a coffee as a token of appreciation.

Buy GoLinuxCloud a Coffee

For any other feedbacks or questions you can send mail to admin@golinuxcloud.com

Thank You for your support!!

Leave a Comment