Useful OpenSSL command to view Certificate Content

In security | Tags: #openssl, #ssl certificate
Useful OpenSSL command to view Certificate Content

In this tutorial I will share openssl commands to view the content of different types of certificates such as

  • Certificate Signing Request (CSR)
  • Subject Alternative Name (SAN) certificate
  • server or client certificate
  • Certificate Authority (CA)

View the content of Private Key

We generate a private key with des3 encryption using following command which will prompt for passphrase:

text 
~]# openssl genrsa -des3 -out ca.key 4096

To view the content of this private key we will use following syntax:

text 
~]# openssl rsa -noout -text -in <PRIVATE_KEY>

So in our case the command would be:

text 
~]# openssl rsa -noout -text -in ca.key

Sample output from my terminal (output is trimmed):

openssl view certificate

OpenSSL - Private Key File Content

View the content of CSR (Certificate Signing Request)

We can use the following command to generate a CSR using the key we created in the previous example:

text 
 ~]# openssl req -new -key ca.key -out client.csr

Syntax to view the content of this CSR:

text 
~]# openssl req -noout -text -in <CSR_FILE>

Sample output from my terminal:

openssl view certificate

OpenSSL - CSR content

View the content of CA certificate

We can use our existing key to generate CA certificate, here ca.cert.pem is the CA certificate file:

text 
 ~]# openssl req -new -x509 -days 365 -key ca.key -out ca.cert.pem

To view the content of CA certificate we will use following syntax:

text 
 ~]# openssl x509 -noout -text -in <CA_CERTIFICATE>

Sample output from my terminal (output is trimmed):

openssl view certificate

OpenSSL - CA Certificate content

View the content of signed Certificate

We can create a server or client certificate using following command using the key, CSR and CA certificate which we have created in this tutorial. Here server.crt is our final signed certificate

text 
~]# openssl x509 -req -days 365 -in client.csr -CA ca.cert.pem -CAkey ca.key -CAcreateserial -out server.crt

To view the content of similar certificate we can use following syntax:

text 
~]# openssl x509 -noout -text -in <CERTIFICATE>

Sample output from my server (output is trimmed):

openssl view certificate

OpenSSL - Certificate content

You can use the same command to view SAN (Subject Alternative Name) certificate as well.

Conclusion

In this tutorial we learned about openssl commands which can be used to view the content of different kinds of certificates. I have kept the tutorial short and crisp keeping to the point, you may check other articles on openssl in the left sidebar to understand how we can create different kinds of certificates using openssl.

Deepak Prasad

Deepak Prasad

R&D Engineer

Founder of GoLinuxCloud with over a decade of expertise in Linux, Python, Go, Laravel, DevOps, Kubernetes, Git, Shell scripting, OpenShift, AWS, Networking, and Security. With extensive experience, he excels across development, DevOps, networking, and security, delivering robust and efficient solutions for diverse projects.

View all posts →

Related Articles

How to revoke missing/lost certificate OpenSSL [Step-by-Step]

How to revoke missing/lost certificate OpenSSL [Step-by-Step]

Generate duplicate certificates OpenSSL CA [Same CN]

Generate duplicate certificates OpenSSL CA [Same CN]

How to add X.509 extensions to certificate OpenSSL

How to add X.509 extensions to certificate OpenSSL

openssl ca vs openssl x509 comparison [With Examples]

openssl ca vs openssl x509 comparison [With Examples]

How to manually expire any certificate OpenSSL

How to manually expire any certificate OpenSSL

Things to consider when creating CSR with OpenSSL

Things to consider when creating CSR with OpenSSL

Shell script to generate certificate OpenSSL [No Prompts]

Shell script to generate certificate OpenSSL [No Prompts]

Renew self-signed certificate OpenSSL [Step-by-Step]

Renew self-signed certificate OpenSSL [Step-by-Step]