An SSL certificate contains information about the subject to whom the certificate has been issued. It also contains public key. This tutorial demonstrates how to extract the public key from an SSL certificate using OpenSSL.
Let's say we have the following certificate:
-----BEGIN CERTIFICATE-----
MIICBzCCAbGgAwIBAgIUblsRRtsMLsqKSXHL3OeHVDTAaAkwDQYJKoZIhvcNAQEL
BQAwWDELMAkGA1UEBhMCVVMxFTATBgNVBAoMDFRlc3QgQ29tcGFueTEfMB0GA1UE
CwwWVGVzdCBPcmdhbml6YXRpb24gVW5pdDERMA8GA1UEAwwIdGVzdC5jb20wHhcN
MjIwNzE4MDEzMDMwWhcNMjMwNzE4MDEzMDMwWjBYMQswCQYDVQQGEwJVUzEVMBMG
A1UECgwMVGVzdCBDb21wYW55MR8wHQYDVQQLDBZUZXN0IE9yZ2FuaXphdGlvbiBV
bml0MREwDwYDVQQDDAh0ZXN0LmNvbTBcMA0GCSqGSIb3DQEBAQUAA0sAMEgCQQDf
6LwJoaDTpxNlaCXlLp6RAfgsE8j2yiPFZ0Pqy2u+a4gbZn2KxnVA/Ar/6foqC/Os
cEr1/h2F55D33xF3OyJVAgMBAAGjUzBRMB0GA1UdDgQWBBR01dWXvKnNVQl97YZP
vnpvtsFb7jAfBgNVHSMEGDAWgBR01dWXvKnNVQl97YZPvnpvtsFb7jAPBgNVHRMB
Af8EBTADAQH/MA0GCSqGSIb3DQEBCwUAA0EAOeLvRxxC+WnhnBaURnyhWM1aHP6j
WYXSGiQh6VA6vxoShAUFd56anAT7LfX6wJdnDJrtHkaK2zK6JM7mxqF79w==
-----END CERTIFICATE-----The openssl x509 command can be used to process the certificates. Run the following command to extract public key from certificate:
openssl x509 -in test.crt -pubkey -noout -out test.pubThe meaning of options:
-in test.crt- specifies the filename to read a certificate.-pubkey- outputs public key.-noout- specifies that an encoded version of the certificate should not be included in output.-out test.pub- specifies where public key should be saved.
Result:
-----BEGIN PUBLIC KEY-----
MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAN/ovAmhoNOnE2VoJeUunpEB+CwTyPbK
I8VnQ+rLa75riBtmfYrGdUD8Cv/p+ioL86xwSvX+HYXnkPffEXc7IlUCAwEAAQ==
-----END PUBLIC KEY-----
Leave a Comment
Cancel reply