- Посмотреть сертификат p12 linux
- Useful openssl commands to view certificate content
- View the content of CSR (Certificate Signing Request)
- View the content of CA certificate
- View the content of signed Certificate
- Conclusion
- Bash — read *.p12 keystore info
- Practical example
- Alternative titles
- Working with openssl to extract information from a pkcs12 certificate
Посмотреть сертификат p12 linux
Консольная команда openssl может отображать полную информацию для различных типов контейнеров электронной подписи. Вот несколько команд.
Информация о сертификате (для файла *.crt):
openssl x509 -in certificate.crt -text -noout
Информация о приватном ключе (для файла *.key):
openssl rsa -in privateKey.key -check
Информация о файле сертификата PKCS#12 (для *.pfx или *.p12):
openssl pkcs12 -info -in keyStore.p12
Информация о файле CSR запроса (для файла *.csr):
openssl req -text -noout -verify -in CSR.csr
Информацяи о файле PEM-сертификата (для файла *.pem)
openssl x509 -in CERTIFICATE.pem -text -noout
- Установка «John the ripper» под Linux
- AppArmor – песочница для приложений
- Использоватние OpenSSL для шифрования и расшифровки файлов
- Как через OpenSSL посмотреть информацию о сертификате ключа электронной подписи
- Основы работы с OpenSSL
- Линукс — история одного взлома: получение root-доступа через подмену sudo
- Инструкция по установке Крипто-Про УЭК под Linux
- Получение пароля любого пользователя путем сканирования /proc/kcore
- Создание шифрованного раздела в виде файла в Linux
- Использование функции PBKDF2 и другие методы перемешивания битов пароля
- Как с помощью OpenSSL получить информацию о сертификате с HTTPS сайта?
Useful openssl commands to view certificate content
We generate a private key with des3 encryption using following command which will prompt for passphrase:
~]# openssl genrsa -des3 -out ca.key 4096 To view the content of this private key we will use following syntax:
~]# openssl rsa -noout -text -in
So in our case the command would be:
~]# openssl rsa -noout -text -in ca.key Sample output from my terminal (output is trimmed):
View the content of CSR (Certificate Signing Request)
We can use the following command to generate a CSR using the key we created in the previous example:
~]# openssl req -new -key ca.key -out client.csr Syntax to view the content of this CSR:
~]# openssl req -noout -text -in
Sample output from my terminal:
View the content of CA certificate
We can use our existing key to generate CA certificate, here ca.cert.pem is the CA certificate file:
~]# openssl req -new -x509 -days 365 -key ca.key -out ca.cert.pem To view the content of CA certificate we will use following syntax:
~]# openssl x509 -noout -text -in
Sample output from my terminal (output is trimmed):
View the content of signed Certificate
We can create a server or client certificate using following command using the key, CSR and CA certificate which we have created in this tutorial. Here server.crt is our final signed certificate
~]# openssl x509 -req -days 365 -in client.csr -CA ca.cert.pem -CAkey ca.key -CAcreateserial -out server.crt To view the content of similar certificate we can use following syntax:
~]# openssl x509 -noout -text -in
Sample output from my server (output is trimmed):
You can use the same command to view SAN (Subject Alternative Name) certificate as well.
Conclusion
In this tutorial we learned about openssl commands which can be used to view the content of different kinds of certificates. I have kept the tutorial short and crisp keeping to the point, you may check other articles on openssl in the left sidebar to understand how we can create different kinds of certificates using openssl.
Didn’t find what you were looking for? Perform a quick search across GoLinuxCloud
If my articles on GoLinuxCloud has helped you, kindly consider buying me a coffee as a token of appreciation.
For any other feedbacks or questions you can either use the comments section or contact me form.
Thank You for your support!!
Bash — read *.p12 keystore info
Shri
In this short article, we would like to show how to read information about *.p12 keystore file using openssl command.
openssl pkcs12 -info -in /path/to/keystore_file.p12Practical example
Run the following command:
openssl pkcs12 -info -in /path/to/keystore_file.p12Where: /path/to/keystore_file.p12 should be changed into keystore file that we want to read.
Note: it is necessary to type password to read file (do it after Enter Import Password: message appeard).
Enter Import Password: MAC: sha1, Iteration 2048 MAC length: 20, salt length: 8 PKCS7 Encrypted data: pbeWithSHA1And40BitRC2-CBC, Iteration 2048 Certificate bag Bag Attributes localKeyID: 45 12 22 14 8A F0 84 1F 9B FD 0A F4 B7 36 42 48 29 B3 7B 8E subject=O = "CloudFlare, Inc.", OU = CloudFlare Origin CA, CN = CloudFlare Origin Certificate issuer=C = US, O = "CloudFlare, Inc.", OU = CloudFlare Origin SSL Certificate Authority, L = San Francisco, ST = California -----BEGIN CERTIFICATE----- MIIEoDCCA4m9rA3Xr7ISvGhawOYO4wDQYJKoZIigAwIBAgIURCoe1iJ3hvcNAQEL BQAwgYsxCzAJBgNVBAYTAlVTMRkwFwYDVQQKExBDbG91ZEZsYXJlLCBJbmMuMTQw MgYDVQQLE2VydGlmaWNhdGUgQXVytDbG91ZEZsYXJlIE9yaWdpbiBTU0wgQ0aG9y . m6uDTG1iDPRzRpwlhyLG3xxV5Bm4rdb0a6lQyrMuG/WHGBlMVaw3csfM5KHrVwz/ W9nvxbAJfjIUNttPfJyZM+5l9lCMgOIhr2jhjRepgfyT2cljeab1Gn5dHocuG/Ig MAwGCCqGSIb3DQIJBQAwFAYIKoZIhvcNAwcECCsEIHead7OfBIIEyAESSwbs4mXU 9Vb3OehP7nSjyPrgb6jHM8w8CWnB06wuDAyZwGaWYe6JHDLJ -----END CERTIFICATE----- PKCS7 Data Shrouded Keybag: pbeWithSHA1And3-KeyTripleDES-CBC, Iteration 2048 Bag Attributes localKeyID: 45 12 22 14 8A F0 84 1F 9B FD 0A F4 B7 36 42 48 29 B3 7B 8E Key Attributes: Enter PEM pass phrase: Verifying - Enter PEM pass phrase: -----BEGIN ENCRYPTED PRIVATE KEY----- MIIFHDBOBgkqhkiG9w0BBQ0wQTApBgkqhkiG9w0BBQwwHAQIDwd95onkExYCAggA kzl1Xx59Fm+84ByxwMz7JwLFy/LI5hvhTK85Id+Uff1lVAL+K6hAPGRJgPP0XCse y2+butmmB1wDrTb7UMHqX6yCe4ODZARZmH7lEE0KK8DUF0duev9e8jGupFeX7x82 . pWNvFzbRizAMv5bjP0YOL3yxpnIPDPrpyVD0wCpj/DEWEIB9nxyTdvbrH5crRitJ 41teOi4X9IyqQuB9YobIAkeeuwEtsUkcJ9Gm7x7Csi7oVeV+PFc2cKPbJcBQLixE aXRNvMRMwEQYDVQQIEwpDYWxpZm9yb5MRYwFAYDVQQHEw1TYW4gRnJhbmNpc2mlh E2565aVqP7g5gL9F/xXP/A== -----END ENCRYPTED PRIVATE KEY-----Alternative titles
Working with openssl to extract information from a pkcs12 certificate
I would like some help with the openssl command. I need to automate the retrieval of the subject= line in a pkcs12 certificate for a script I’m working on. I’ve used openssl to view the contents of the Identity/Certificate:
openssl pkcs12 -info -in /Users/[user]/Desktop/ID.pfx But I am prompted three times for the password. I used -passin to eliminate one of the password prompts, but I am still being prompted for the PEM pass phrase and verification entry.
I need to figure out a way to pass $ to the other two password challenges or have the scrip issue a ctl-c. The piece of info I need is outputted to the stdout before the second password prompt. Any help would be appreciated! Obviously I gutted the certificate output for this post. but you should get the idea of what I’m seeing:
bash-3.2# openssl pkcs12 -info -in /Users/[user]/Desktop/ID.pfx -passin pass:$ MAC Iteration 2048 MAC verified OK PKCS7 Encrypted data: pbeWithSHA1And40BitRC2-CBC, Iteration 2048 Certificate bag Bag Attributes localKeyID: **** friendlyName: **** subject=**** issuer=**** -----BEGIN CERTIFICATE----- ::HASH REMOVED:: -----END CERTIFICATE----- PKCS7 Data Shrouded Keybag: **** Bag Attributes localKeyID: **** friendlyName: **** Key Attributes: Enter PEM pass phrase: Verifying - Enter PEM pass phrase: -----BEGIN RSA PRIVATE KEY----- Proc-Type: 4,ENCRYPTED DEK-Info: ::HASH REMOVED:: -----END RSA PRIVATE KEY----- bash-3.2#