Here's how you can examine the metadata of various TLS RSA certificates (meaning things for HTTPS, SSL, CSR, PEM, etc).

Many thanks to

The Certificate Signing Request

openssl req -text -noout -in ./certs/tmp/my-server.csr.pem

The Certificates

You have info such as the name of the domain, the size of the key, the signer, etc.

openssl x509 -text -noout -in ./certs/server/my-server.crt.pem
openssl x509 -text -noout -in ./certs/ca/intermediate.crt.pem
openssl x509 -text -noout -in ./certs/ca/root.crt.pem

The Key

It's just random giberish garbage, no metadata to speak of... except key size.

openssl rsa -text -noout -in ./certs/server/my-server.key.pem

Verify the key matches the cert

openssl x509 -noout -modulus -in ./certs/server/my-server.crt.pem | openssl sha1
openssl rsa -noout -modulus -in ./certs/server/my-server.key.pem | openssl sha1
openssl req -noout -modulus -in ./certs/tmp/my-server.csr.pem | openssl sha1

Convert to a different format

If you need .der/.cer or .pfx/.p12 you can use the commands seen here:

By AJ ONeal

If you loved this and want more like it, sign up!

Did I make your day?
Buy me a coffeeBuy me a coffee  

(you can learn about the bigger picture I'm working towards on my patreon page )