How to examine the metadata of an SSL (HTTPS/TLS) cert
Published 2015-6-9Here's how you can examine the metadata of various TLS RSA certificates (meaning things for HTTPS, SSL, CSR, PEM, etc).
Many thanks to https://www.sslshopper.com/ssl-certificate-tools.html
The Certificate Signing Request
openssl req -text -noout -in ./certs/tmp/my-server.csr.pem
The Certificates
You have info such as the name of the domain, the size of the key, the signer, etc.
openssl x509 -text -noout -in ./certs/server/my-server.crt.pem
openssl x509 -text -noout -in ./certs/ca/intermediate.crt.pem
openssl x509 -text -noout -in ./certs/ca/root.crt.pem
The Key
It's just random giberish garbage, no metadata to speak of... except key size.
openssl rsa -text -noout -in ./certs/server/my-server.key.pem
Verify the key matches the cert
openssl x509 -noout -modulus -in ./certs/server/my-server.crt.pem | openssl sha1
openssl rsa -noout -modulus -in ./certs/server/my-server.key.pem | openssl sha1
openssl req -noout -modulus -in ./certs/tmp/my-server.csr.pem | openssl sha1
Convert to a different format
If you need .der/.cer or .pfx/.p12 you can use the commands seen here: https://www.sslshopper.com/ssl-converter.html
By AJ ONeal
Thanks!
It's really motivating to know that people like you are benefiting
from what I'm doing and want more of it. :)
Did I make your day?
Buy me a coffee
(you can learn about the bigger picture I'm working towards on my patreon page )