In this tutorial I will share openssl commands to view the content of different types of certificates such as
- Certificate Signing Request (CSR)
- Subject Alternative Name (SAN) certificate
- server or client certificate
- Certificate Authority (CA)
View the content of Private Key
We generate a private key with des3
encryption using following command which will prompt for passphrase:
~]# openssl genrsa -des3 -out ca.key 4096
To view the content of this private key we will use following syntax:
~]# openssl rsa -noout -text -in <PRIVATE_KEY>
So in our case the command would be:
~]# openssl rsa -noout -text -in ca.key
Sample output from my terminal (output is trimmed):
View the content of CSR (Certificate Signing Request)
We can use the following command to generate a CSR using the key we created in the previous example:
~]# openssl req -new -key ca.key -out client.csr
Syntax to view the content of this CSR:
~]# openssl req -noout -text -in <CSR_FILE>
Sample output from my terminal:
View the content of CA certificate
We can use our existing key to generate CA certificate, here ca.cert.pem
is the CA certificate file:
~]# openssl req -new -x509 -days 365 -key ca.key -out ca.cert.pem
To view the content of CA certificate we will use following syntax:
~]# openssl x509 -noout -text -in <CA_CERTIFICATE>
Sample output from my terminal (output is trimmed):
View the content of signed Certificate
We can create a server or client certificate using following command using the key, CSR and CA certificate which we have created in this tutorial. Here server.crt is our final signed certificate
~]# openssl x509 -req -days 365 -in client.csr -CA ca.cert.pem -CAkey ca.key -CAcreateserial -out server.crt
To view the content of similar certificate we can use following syntax:
~]# openssl x509 -noout -text -in <CERTIFICATE>
Sample output from my server (output is trimmed):
You can use the same command to view SAN (Subject Alternative Name) certificate as well.
Conclusion
In this tutorial we learned about openssl commands which can be used to view the content of different kinds of certificates. I have kept the tutorial short and crisp keeping to the point, you may check other articles on openssl in the left sidebar to understand how we can create different kinds of certificates using openssl.