Useful openssl commands to view certificate content

In this tutorial I will share openssl commands to view the content of different types of certificates such as

  • Certificate Signing Request (CSR)
  • Subject Alternative Name (SAN) certificate
  • server or client certificate
  • Certificate Authority (CA)

 

View the content of Private Key

We generate a private key with des3 encryption using following command which will prompt for passphrase:

~]# openssl genrsa -des3 -out ca.key 4096

To view the content of this private key we will use following syntax:

~]# openssl rsa -noout -text -in <PRIVATE_KEY>

So in our case the command would be:

~]# openssl rsa -noout -text -in ca.key

Sample output from my terminal (output is trimmed):

openssl view certificate
OpenSSL - Private Key File Content

 

View the content of CSR (Certificate Signing Request)

We can use the following command to generate a CSR using the key we created in the previous example:

 ~]# openssl req -new -key ca.key -out client.csr

Syntax to view the content of this CSR:

~]# openssl req -noout -text -in <CSR_FILE>

Sample output from my terminal:

openssl view certificate
OpenSSL - CSR content

 

View the content of CA certificate

We can use our existing key to generate CA certificate, here ca.cert.pem is the CA certificate file:

 ~]# openssl req -new -x509 -days 365 -key ca.key -out ca.cert.pem

To view the content of CA certificate we will use following syntax:

 ~]# openssl x509 -noout -text -in <CA_CERTIFICATE>

Sample output from my terminal (output is trimmed):

openssl view certificate
OpenSSL - CA Certificate content

 

View the content of signed Certificate

We can create a server or client certificate using following command using the key, CSR and CA certificate which we have created in this tutorial. Here server.crt is our final signed certificate

~]# openssl x509 -req -days 365 -in client.csr -CA ca.cert.pem -CAkey ca.key -CAcreateserial -out server.crt

To view the content of similar certificate we can use following syntax:

~]# openssl x509 -noout -text -in <CERTIFICATE>

Sample output from my server (output is trimmed):

openssl view certificate
OpenSSL - Certificate content

You can use the same command to view SAN (Subject Alternative Name) certificate as well.

 

Conclusion

In this tutorial we learned about openssl commands which can be used to view the content of different kinds of certificates. I have kept the tutorial short and crisp keeping to the point, you may check other articles on openssl in the left sidebar to understand how we can create different kinds of certificates using openssl.

Leave a Comment

Please use shortcodes <pre class=comments>your code</pre> for syntax highlighting when adding code.