SSL certificate contains information about subject to whom the certificate has been issued. It includes organization name, organizational unit name, common name, etc. SSL certificate also contains serial number, expiration date of the certificate, public key, signature, etc. This tutorial shows how to decode SSL certificate using OpenSSL.
Let's say we have the following certificate:
-----BEGIN CERTIFICATE-----
MIICBzCCAbGgAwIBAgIUblsRRtsMLsqKSXHL3OeHVDTAaAkwDQYJKoZIhvcNAQEL
BQAwWDELMAkGA1UEBhMCVVMxFTATBgNVBAoMDFRlc3QgQ29tcGFueTEfMB0GA1UE
CwwWVGVzdCBPcmdhbml6YXRpb24gVW5pdDERMA8GA1UEAwwIdGVzdC5jb20wHhcN
MjIwNzE4MDEzMDMwWhcNMjMwNzE4MDEzMDMwWjBYMQswCQYDVQQGEwJVUzEVMBMG
A1UECgwMVGVzdCBDb21wYW55MR8wHQYDVQQLDBZUZXN0IE9yZ2FuaXphdGlvbiBV
bml0MREwDwYDVQQDDAh0ZXN0LmNvbTBcMA0GCSqGSIb3DQEBAQUAA0sAMEgCQQDf
6LwJoaDTpxNlaCXlLp6RAfgsE8j2yiPFZ0Pqy2u+a4gbZn2KxnVA/Ar/6foqC/Os
cEr1/h2F55D33xF3OyJVAgMBAAGjUzBRMB0GA1UdDgQWBBR01dWXvKnNVQl97YZP
vnpvtsFb7jAfBgNVHSMEGDAWgBR01dWXvKnNVQl97YZPvnpvtsFb7jAPBgNVHRMB
Af8EBTADAQH/MA0GCSqGSIb3DQEBCwUAA0EAOeLvRxxC+WnhnBaURnyhWM1aHP6j
WYXSGiQh6VA6vxoShAUFd56anAT7LfX6wJdnDJrtHkaK2zK6JM7mxqF79w==
-----END CERTIFICATE-----The openssl x509 command can be used to decode certificate.
openssl x509 -in test.crt -text -nooutThe meaning of options:
-in test.crt- specifies the filename to read a certificate.-text- specifies that information should be printed in text form.-noout- specifies that encoded version of the certificate should not be included in output.
A part of the output:
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
6e:5b:11:46:db:0c:2e:ca:8a:49:71:cb:dc:e7:87:54:34:c0:68:09
Signature Algorithm: sha256WithRSAEncryption
Issuer: C = US, O = Test Company, OU = Test Organization Unit, CN = test.com
Validity
Not Before: Jul 18 01:30:30 2022 GMT
Not After : Jul 18 01:30:30 2023 GMT
Subject: C = US, O = Test Company, OU = Test Organization Unit, CN = test.com
...
Leave a Comment
Cancel reply