Hey! I'm available for hire (and I appreciate tips)  



Here's how you can examine the metadata of various TLS RSA certificates (meaning things for HTTPS, SSL, CSR, PEM, etc).

Many thanks to https://www.sslshopper.com/ssl-certificate-tools.html

The Certificate Signing Request

openssl req -text -noout -in ./certs/tmp/my-server.csr.pem

The Certificates

You have info such as the name of the domain, the size of the key, the signer, etc.

openssl x509 -text -noout -in ./certs/server/my-server.crt.pem
openssl x509 -text -noout -in ./certs/ca/intermediate.crt.pem
openssl x509 -text -noout -in ./certs/ca/root.crt.pem

The Key

It's just random giberish garbage, no metadata to speak of... except key size.

openssl rsa -text -noout -in ./certs/server/my-server.key.pem

Verify the key matches the cert

openssl x509 -noout -modulus -in ./certs/server/my-server.crt.pem | openssl sha1
openssl rsa -noout -modulus -in ./certs/server/my-server.key.pem | openssl sha1
openssl req -noout -modulus -in ./certs/tmp/my-server.csr.pem | openssl sha1

Convert to a different format

If you need .der/.cer or .pfx/.p12 you can use the commands seen here: https://www.sslshopper.com/ssl-converter.html


By AJ ONeal

Was this useful to you? Share it!

Also, you can give me a tip or hire me.


Published

2015-6-9

Categories


Tags