openssl : Extraire les informations d'un certificat

La commande suivante affiche toutes les informations du certificat indiqué :

$ openssl x509 -text -in mycert.pem

Qui a émis le certificat ?

$ openssl x509 -noout -in mycert.pem -issuer
issuer= /C=FR/ST=Loire Atlantique/L=Ancenis/CN=www.monsite.fr/emailAddress=toto@gmail.com

Pour qui a-t-il été émis ?

$ openssl x509 -noout -in mycert.pem -subject
subject= /C=FR/ST=Loire Atlantique/L=Ancenis/CN=www.monsite.fr/emailAddress=toto@gmail.com

Quelle est sa période de validité ?

$ openssl x509 -noout -in mycert.pem -dates
notBefore=Apr  9 15:28:28 2013 GMT
notAfter=Apr  9 15:28:28 2014 GMT

Toutes les infos précédentes :

$ openssl x509 -noout -in mycert.pem -issuer -subject -dates
issuer= /C=FR/ST=Loire Atlantique/L=Ancenis/CN=www.monsite.fr/emailAddress=toto@gmail.com
subject= /C=FR/ST=Loire Atlantique/L=Ancenis/CN=www.monsite.fr/emailAddress=toto@gmail.com
notBefore=Apr  9 15:28:28 2013 GMT
notAfter=Apr  9 15:28:28 2014 GMT

Quelle est sa valeur de hachage ?

$ openssl x509 -noout -in mycert.pem -hash
bf163efd

Quelle est son empreinte MD5 ?

$ openssl x509 -noout -in mycert.pem -fingerprint
SHA1 Fingerprint=C1:CD:DD:29:D1:8D:23:63:6D:3F:71:AD:7E:29:DE:26:FF:D4:11:17

Et à partir d'un certificat d'un site internet (plus de détail openssl : Récupérer un certificat distant)

$ echo | openssl s_client -connect quennec.fr:443 2>&1 | sed -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p' | openssl x509 -text -noout -in -

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            04:f8:64:c9:8c:bb:f8:c9:6a:fd:3f:b9:b2:42:a0:c5:9c:ab
        Signature Algorithm: sha256WithRSAEncryption
        Issuer: C = US, O = Let's Encrypt, CN = R3
        Validity
            Not Before: Mar 11 07:02:14 2024 GMT
            Not After : Jun  9 07:02:13 2024 GMT
        Subject: CN = quennec.fr
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:d3:a3:d3:f3:2c:f8:75:d0:71:5f:8f:8d:c4:
                    ...
                    83:f0:69:50:7a:fe:ce:a5:48:64:e1:5a:41:a0:a3:
                    8b:25
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Key Usage: critical
                Digital Signature, Key Encipherment
            X509v3 Extended Key Usage:
                TLS Web Server Authentication, TLS Web Client Authentication
            X509v3 Basic Constraints: critical
                CA:FALSE
            X509v3 Subject Key Identifier:
                F0:5D:1D:A5:87:7D:61:1D:AB:74:A4:DE:14:34:F4:D7:3A:52:56:F5
            X509v3 Authority Key Identifier:
                keyid:14:2E:B3:17:B7:58:56:CB:AE:50:09:40:E6:1F:AF:9D:8B:14:C2:C6

            Authority Information Access:
                OCSP - URI:http://r3.o.lencr.org
                CA Issuers - URI:http://r3.i.lencr.org/

            X509v3 Subject Alternative Name:
                DNS:*.quennec.fr, DNS:quennec.fr
            X509v3 Certificate Policies:
                Policy: 2.23.140.1.2.1

            CT Precertificate SCTs:
                Signed Certificate Timestamp:
                    Version   : v1 (0x0)
                    Log ID    : 3B:53:77:75:3E:2D:B9:80:4E:8B:30:5B:06:FE:40:3B:
                                67:D8:4F:C3:F4:C7:BD:00:0D:2D:72:6F:E1:FA:D4:17
                    Timestamp : Mar 11 08:02:14.835 2024 GMT
                    Extensions: none
                    Signature : ecdsa-with-SHA256
                                30:46:02:21:00:C6:D5:B3:6D:A4:45:49:25:9B:47:C9:
                                21:20:61:57:67:E9:EB:5A:EB:3F:80:87:3E:EF:41:F6:
                                7C:CD:2C:46:61:02:21:00:D8:27:12:05:AF:5E:9A:0D:
                                91:E9:DA:C5:5A:27:27:25:1D:31:56:A3:6D:4D:26:21:
                                5D:E9:08:B0:5F:1E:5F:88
                Signed Certificate Timestamp:
                    Version   : v1 (0x0)
                    Log ID    : 76:FF:88:3F:0A:B6:FB:95:51:C2:61:CC:F5:87:BA:34:
                                B4:A4:CD:BB:29:DC:68:42:0A:9F:E6:67:4C:5A:3A:74
                    Timestamp : Mar 11 08:02:14.890 2024 GMT
                    Extensions: none
                    Signature : ecdsa-with-SHA256
                                30:44:02:20:41:9E:16:0F:BF:95:4F:FA:23:4F:A4:06:
                                ...
                                0F:CB:99:8B:E9:87
    Signature Algorithm: sha256WithRSAEncryption
         0c:dd:53:bc:97:e0:18:39:94:19:fa:28:7c:67:b9:35:a4:ca:
         ...
         04:ee:d9:9

 

Etiquettes: