Посмотреть pem сертификат linux

How can I check if the certificate file I have is in .pem format?

I have a root cert file and I don’t know whether or not it is in .pem format. How do I check if it is in .pem format?

7 Answers 7

Quote from the support page:

View ==== Even though PEM encoded certificates are ASCII they are not human readable. Here are some commands that will let you output the contents of a certificate in human readable form; View PEM encoded certificate ---------------------------- Use the command that has the extension of your certificate replacing cert.xxx with the name of your certificate openssl x509 -in cert.pem -text -noout openssl x509 -in cert.cer -text -noout openssl x509 -in cert.crt -text -noout If you get the folowing error it means that you are trying to view a DER encoded certifciate and need to use the commands in the “View DER encoded certificate below” unable to load certificate 12626:error:0906D06C:PEM routines:PEM_read_bio:no start line:pem_lib.c:647:Expecting: TRUSTED CERTIFICATE View DER encoded Certificate View DER encoded Certificate ---------------------------- openssl x509 -in certificate.der -inform der -text -noout If you get the following error it means that you are trying to view a PEM encoded certificate with a command meant for DER encoded certs. Use a command in the “View PEM encoded certificate above unable to load certificate 13978:error:0D0680A8:asn1 encoding routines:ASN1_CHECK_TLEN:wrong tag:tasn_dec.c:1306: 13978:error:0D07803A:asn1 encoding routines:ASN1_ITEM_EX_D2I:nested asn1 error:tasn_dec.c:380:Type=X509 

Источник

How to view the contents of a .pem certificate?

I am using Java keytool . I have exported a self-signed .pem certificate from my keystore. Is there a command to view the certificate details directly from the .pem file (not of the certificate in the keystore)?

Читайте также:  Линукс под сенсорный экран

3 Answers 3

An alternative to using keytool , you can use the command

openssl x509 -in certificate.pem -text 

This should work for any x509 .pem file provided you have openssl installed.

Actually, keytool errored out with java.lang.Exception: Failed to parse input for some pems, but this worked for all of them

In my case I had to change «x509» with «rsa» so I guess it depends on the .pem contents. I used file command to know that it was «rsa» and not «x509» (e.g. file xyz.pem ).

@megatux a PEM file can contain a few different types of data x509 is the format for certificates, rsa is the format for a public/private key pair.

For shorter text-output try: openssl x509 -in certificate.pem -text -noout — This will omit the last ~ 40 lines of text from the output ( BEGIN CERTIFICATE . END CERTIFICATE stuff)

Use the -printcert command like this:

keytool -printcert -file certificate.pem 

@Maximilian it may happen on APNS certificates, which combines private key & certificate into one .pem . Separate them into 2 files using text editor and the above command will work. (Hint: copy — BEGIN CERTIFICATE — line to — END CERTIFICATE — line to new file)

Источник

How do I display the contents of a SSL certificate?

You can display the contents of a PEM formatted certificate under Linux, using openssl:

$ openssl x509 -in acs.cdroutertest.com.pem -text 

The output of the above command should look something like this:

cdrouter@linux:/usr/cdrouter/tests> openssl x509 -in acs.cdroutertest.com.pem -text Certificate:  Data:  Version: 3 (0x2)  Serial Number:  04:7a:f7:95:47:c0:7d:0f:ef:80:a5:b2:1f:51:e3:63  Signature Algorithm: sha256WithRSAEncryption  Issuer: C = GB, ST = Greater Manchester, L = Salford, O = COMODO CA Limited, CN = COMODO RSA Domain Validation Secure Server CA  Validity  Not Before: Mar 12 00:00:00 2018 GMT  Not After : Mar 11 23:59:59 2020 GMT  Subject: OU = Domain Control Validated, OU = PositiveSSL, CN = acs.cdroutertest.com  Subject Public Key Info:  Public Key Algorithm: rsaEncryption  Public-Key: (2048 bit)  Modulus:  00:eb:fe:b5:1a:16:0d:49:3f:15:18:99:44:eb:63:  ef:e4:7e:de:f7:91:2a:2f:3c:9d:43:57:62:52:92:  17:a6:48:0b:de:86:43:6b:77:5c:77:9d:05:6c:64:  eb:96:fa:97:c8:f9:93:3e:72:3c:c4:84:f3:e2:98:  60:9c:17:92:bf:01:12:a3:20:69:19:16:39:1c:48:  0b:e0:db:e2:bc:d0:48:57:4d:a6:0d:1a:a1:3a:51:  25:b5:d9:1c:61:ba:34:b7:76:56:15:72:7e:69:eb:  07:0f:20:3e:f9:41:56:8b:1b:51:eb:55:cd:9c:61:  a1:c8:a1:42:1f:6e:87:5e:a1:1b:68:11:e5:4e:66:  36:7c:4a:2c:23:e4:98:71:31:f7:0c:28:ee:1d:65:  99:1d:1f:40:1e:da:b5:a4:de:5b:6d:8d:c3:35:3b:  06:b4:5d:82:a6:61:27:29:25:ab:71:12:71:9c:0c:  f6:68:c1:54:58:3a:1d:a1:ce:ea:10:a6:2d:e0:4a:  f5:f4:45:b4:2d:25:37:f5:0e:b2:c3:03:1f:35:73:  59:46:36:6a:73:a2:2c:3f:70:c8:e4:26:49:a3:20:  8f:38:7c:55:d0:2e:f5:8a:24:00:7b:ce:36:8d:60:  5a:7b:c5:4b:66:cd:49:d0:e6:51:6d:b5:9e:a8:68:  06:79  Exponent: 65537 (0x10001)  X509v3 extensions:  X509v3 Authority Key Identifier:  keyid:90:AF:6A:3A:94:5A:0B:D8:90:EA:12:56:73:DF:43:B4:3A:28:DA:E7   X509v3 Subject Key Identifier:  CC:31:0F:36:85:92:91:A8:0D:61:46:9E:9C:FE:9E:23:42:B9:D6:92  X509v3 Key Usage: critical  Digital Signature, Key Encipherment  X509v3 Basic Constraints: critical  CA:FALSE  X509v3 Extended Key Usage:  TLS Web Server Authentication, TLS Web Client Authentication  X509v3 Certificate Policies:  Policy: 1.3.6.1.4.1.6449.1.2.2.7  CPS: https://secure.comodo.com/CPS  Policy: 2.23.140.1.2.1   X509v3 CRL Distribution Points:   Full Name:  URI:http://crl.comodoca.com/COMODORSADomainValidationSecureServerCA.crl   Authority Information Access:  CA Issuers - URI:http://crt.comodoca.com/COMODORSADomainValidationSecureServerCA.crt  OCSP - URI:http://ocsp.comodoca.com   X509v3 Subject Alternative Name:  DNS:acs.cdroutertest.com, DNS:www.acs.cdroutertest.com  Signature Algorithm: sha256WithRSAEncryption  44:fd:29:96:b3:ca:c9:b6:10:5e:74:40:14:6a:a0:c4:41:21:  5b:16:0b:e2:13:eb:8a:25:19:5f:30:73:0f:2b:9e:68:7b:67:  3b:71:db:a3:72:91:52:db:02:8c:13:b3:fd:71:2e:4a:4c:d1:  02:6e:7e:1f:0e:0a:cf:bb:29:71:91:42:8a:e8:68:8f:a2:b4:  d6:52:e4:f4:93:df:13:98:a4:58:e6:77:e4:78:86:ae:ad:73:  b7:6d:43:25:dd:1f:92:c0:36:97:04:2a:87:40:87:16:16:c3:  79:13:10:a2:2e:a0:cb:27:0f:ee:c6:5a:1a:5b:55:5b:b7:9d:  20:12:7c:8b:0d:20:32:3e:8c:c1:5a:56:31:27:0e:fb:4c:d7:  7a:ad:c5:22:58:ad:97:c7:bd:75:14:bb:e7:58:f5:c8:f6:49:  f8:43:68:13:2e:d4:3a:67:02:13:e8:35:50:05:df:d9:32:90:  e1:c6:bb:b0:aa:52:fb:4f:1f:92:dd:d3:55:7a:28:67:91:be:  c0:5c:b7:7b:74:37:0e:d8:69:36:f5:74:b9:a3:61:7c:29:31:  3e:8b:51:a2:df:fc:f4:dc:48:93:46:c9:b2:35:30:6c:48:66:  2a:6e:f5:6f:17:d7:2b:07:b4:c4:b9:67:65:67:1a:d8:76:80:  8f:ff:fd:ef -----BEGIN CERTIFICATE----- MIIFTjCCBDagAwIBAgIQBHr3lUfAfQ/vgKWyH1HjYzANBgkqhkiG9w0BAQsFADCB kDELMAkGA1UEBhMCR0IxGzAZBgNVBAgTEkdyZWF0ZXIgTWFuY2hlc3RlcjEQMA4G A1UEBxMHU2FsZm9yZDEaMBgGA1UEChMRQ09NT0RPIENBIExpbWl0ZWQxNjA0BgNV BAMTLUNPTU9ETyBSU0EgRG9tYWluIFZhbGlkYXRpb24gU2VjdXJlIFNlcnZlciBD QTAeFw0xODAzMTIwMDAwMDBaFw0yMDAzMTEyMzU5NTlaMFIxITAfBgNVBAsTGERv bWFpbiBDb250cm9sIFZhbGlkYXRlZDEUMBIGA1UECxMLUG9zaXRpdmVTU0wxFzAV BgNVBAMTDmFjcy5xYWNhZmUuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB CgKCAQEA6/61GhYNST8VGJlE62Pv5H7e95EqLzydQ1diUpIXpkgL3oZDa3dcd50F bGTrlvqXyPmTPnI8xITz4phgnBeSvwESoyBpGRY5HEgL4NvivNBIV02mDRqhOlEl tdkcYbo0t3ZWFXJ+aesHDyA++UFWixtR61XNnGGhyKFCH26HXqEbaBHlTmY2fEos I+SYcTH3DCjuHWWZHR9AHtq1pN5bbY3DNTsGtF2CpmEnKSWrcRJxnAz2aMFUWDod oc7qEKYt4Er19EW0LSU39Q6ywwMfNXNZRjZqc6IsP3DI5CZJoyCPOHxV0C71iiQA e842jWBae8VLZs1J0OZRbbWeqGgGeQIDAQABo4IB3zCCAdswHwYDVR0jBBgwFoAU kK9qOpRaC9iQ6hJWc99DtDoo2ucwHQYDVR0OBBYEFMwxDzaFkpGoDWFGnpz+niNC udaSMA4GA1UdDwEB/wQEAwIFoDAMBgNVHRMBAf8EAjAAMB0GA1UdJQQWMBQGCCsG AQUFBwMBBggrBgEFBQcDAjBPBgNVHSAESDBGMDoGCysGAQQBsjEBAgIHMCswKQYI KwYBBQUHAgEWHWh0dHBzOi8vc2VjdXJlLmNvbW9kby5jb20vQ1BTMAgGBmeBDAEC ATBUBgNVHR8ETTBLMEmgR6BFhkNodHRwOi8vY3JsLmNvbW9kb2NhLmNvbS9DT01P RE9SU0FEb21haW5WYWxpZGF0aW9uU2VjdXJlU2VydmVyQ0EuY3JsMIGFBggrBgEF BQcBAQR5MHcwTwYIKwYBBQUHMAKGQ2h0dHA6Ly9jcnQuY29tb2RvY2EuY29tL0NP TU9ET1JTQURvbWFpblZhbGlkYXRpb25TZWN1cmVTZXJ2ZXJDQS5jcnQwJAYIKwYB BQUHMAGGGGh0dHA6Ly9vY3NwLmNvbW9kb2NhLmNvbTAtBgNVHREEJjAkgg5hY3Mu cWFjYWZlLmNvbYISd3d3LmFjcy5xYWNhZmUuY29tMA0GCSqGSIb3DQEBCwUAA4IB AQBE/SmWs8rJthBedEAUaqDEQSFbFgviE+uKJRlfMHMPK55oe2c7cdujcpFS2wKM E7P9cS5KTNECbn4fDgrPuylxkUKK6GiPorTWUuT0k98TmKRY5nfkeIaurXO3bUMl 3R+SwDaXBCqHQIcWFsN5ExCiLqDLJw/uxloaW1Vbt50gEnyLDSAyPozBWlYxJw77 TNd6rcUiWK2Xx711FLvnWPXI9kn4Q2gTLtQ6ZwIT6DVQBd/ZMpDhxruwqlL7Tx+S 3dNVeihnkb7AXLd7dDcO2Gk29XS5o2F8KTE+i1Gi3/z03EiTRsmyNTBsSGYqbvVv F9crB7TEuWdlZxrYdoCP//3v -----END CERTIFICATE----- 

Likewise, you can display the contents of a DER formatted certificate using this command:

$ openssl x509 -in MYCERT.der -inform der -text 

Источник

Оцените статью
Adblock
detector