La commande suivante affiche toutes les informations du certificat indiqué :
$ openssl x509 -text -in mycert.pem
Qui a émis le certificat ?
$ openssl x509 -noout -in mycert.pem -issuer
issuer= /C=FR/ST=Loire Atlantique/L=Ancenis/CN=www.monsite.fr/emailAddress=toto@gmail.com
Pour qui a-t-il été émis ?
$ openssl x509 -noout -in mycert.pem -subject
subject= /C=FR/ST=Loire Atlantique/L=Ancenis/CN=www.monsite.fr/emailAddress=toto@gmail.com
Quelle est sa période de validité ?
$ openssl x509 -noout -in mycert.pem -dates
notBefore=Apr 9 15:28:28 2013 GMT notAfter=Apr 9 15:28:28 2014 GMT
Toutes les infos précédentes :
$ openssl x509 -noout -in mycert.pem -issuer -subject -dates
issuer= /C=FR/ST=Loire Atlantique/L=Ancenis/CN=www.monsite.fr/emailAddress=toto@gmail.com subject= /C=FR/ST=Loire Atlantique/L=Ancenis/CN=www.monsite.fr/emailAddress=toto@gmail.com notBefore=Apr 9 15:28:28 2013 GMT notAfter=Apr 9 15:28:28 2014 GMT
Quelle est sa valeur de hachage ?
$ openssl x509 -noout -in mycert.pem -hash
bf163efd
Quelle est son empreinte MD5 ?
$ openssl x509 -noout -in mycert.pem -fingerprint
SHA1 Fingerprint=C1:CD:DD:29:D1:8D:23:63:6D:3F:71:AD:7E:29:DE:26:FF:D4:11:17
Et à partir d'un certificat d'un site internet (plus de détail openssl : Récupérer un certificat distant)
$ echo | openssl s_client -connect quennec.fr:443 2>&1 | sed -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p' | openssl x509 -text -noout
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
06:25:88:6d:14:fd:3c:f6:8c:b0:5d:c8:e1:72:85:1f:91:9b
Signature Algorithm: sha256WithRSAEncryption
Issuer: C = US, O = Let's Encrypt, CN = R10
Validity
Not Before: Mar 24 07:04:12 2025 GMT
Not After : Jun 22 07:04:11 2025 GMT
Subject: CN = quennec.fr
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (2048 bit)
Modulus:
00:92:99:4e:a7:eb:f9:90:3b:fa:2b:61:be:7b:a1:
30:e4:67:b5:c7:b3:26:9d:fd:46:46:0a:48:b5:43:
e8:86:98:0e:4b:ac:5f:32:e2:5b:33:34:57:18:5d:
b6:e9:a7:b1:3a:ce:f3:bc:38:31:72:0c:c1:91:24:
8a:0a:a3:3c:40:cc:55:45:ef:9d:6d:6b:db:7e:c5:
59:63:17:98:69:7e:46:7e:08:74:59:26:88:b9:1a:
d6:24:3e:0a:2b:e9:dd:b2:3a:59:c0:ab:59:91:c6:
5c:59:b6:fe:8a:7d:d8:af:32:e7:ab:ad:44:b6:eb:
e0:50:a4:ab:6c:0c:44:62:4e:20:b4:76:09:4c:64:
c4:70:aa:91:63:b3:4b:34:67:74:ba:dd:85:b7:4c:
24:1e:a3:68:2c:c9:ba:c2:3a:f4:d9:72:58:ad:2f:
4e:81:3d:2c:9c:f8:e0:ab:d8:32:1b:3f:bf:69:c9:
01:4e:05:6a:8e:7e:2b:93:45:d0:2e:3e:95:c8:6e:
70:22:b3:36:aa:77:11:e6:cd:34:56:4e:0e:9f:b0:
87:c8:e4:3a:62:f7:db:88:5e:f8:17:5d:69:c0:8d:
8e:ef:f2:89:b9:24:25:72:c4:da:46:8f:3e:7c:6f:
60:66:f5:7a:48:71:07:bf:17:7c:af:83:65:35:dc:
a7:ff
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Key Usage: critical
Digital Signature, Key Encipherment
X509v3 Extended Key Usage:
TLS Web Server Authentication, TLS Web Client Authentication
X509v3 Basic Constraints: critical
CA:FALSE
X509v3 Subject Key Identifier:
AC:FA:7E:33:43:2A:AB:BC:A3:72:B6:67:84:50:49:6D:DB:B1:31:8B
X509v3 Authority Key Identifier:
BB:BC:C3:47:A5:E4:BC:A9:C6:C3:A4:72:0C:10:8D:A2:35:E1:C8:E8
Authority Information Access:
OCSP - URI:http://r10.o.lencr.org
CA Issuers - URI:http://r10.i.lencr.org/
X509v3 Subject Alternative Name:
DNS:*.quennec.fr, DNS:quennec.fr
X509v3 Certificate Policies:
Policy: 2.23.140.1.2.1
X509v3 CRL Distribution Points:
Full Name:
URI:http://r10.c.lencr.org/28.crl
CT Precertificate SCTs:
Signed Certificate Timestamp:
Version : v1 (0x0)
Log ID : A2:E3:0A:E4:45:EF:BD:AD:9B:7E:38:ED:47:67:77:53:
D7:82:5B:84:94:D7:2B:5E:1B:2C:C4:B9:50:A4:47:E7
Timestamp : Mar 24 08:02:42.415 2025 GMT
Extensions: none
Signature : ecdsa-with-SHA256
30:45:02:21:00:EA:28:0B:64:B1:10:BB:B1:84:B2:BB:
87:EF:1B:79:EB:70:AD:5F:59:2D:7A:60:FA:41:EE:1B:
59:DB:9B:C3:EC:02:20:2B:14:53:76:D5:82:9C:00:0C:
57:C4:9D:0A:B9:69:AF:31:72:E0:96:B8:93:E2:D7:AE:
63:0D:29:98:9D:25:35
Signed Certificate Timestamp:
Version : v1 (0x0)
Log ID : CF:11:56:EE:D5:2E:7C:AF:F3:87:5B:D9:69:2E:9B:E9:
1A:71:67:4A:B0:17:EC:AC:01:D2:5B:77:CE:CC:3B:08
Timestamp : Mar 24 08:02:44.496 2025 GMT
Extensions: none
Signature : ecdsa-with-SHA256
30:45:02:20:34:F2:55:44:63:E9:83:B8:0B:80:3A:2F:
23:CB:40:D2:13:CB:65:1D:66:06:36:A6:D5:8A:24:72:
62:29:F0:08:02:21:00:81:46:1B:93:9B:A8:86:DC:1D:
F7:BD:CC:A9:B3:89:2A:89:91:FF:E0:B3:B7:EA:4C:E3:
CD:4F:75:C2:58:57:1D
Signature Algorithm: sha256WithRSAEncryption
Signature Value:
0d:e4:74:86:17:9b:cc:4e:c8:ff:a4:e2:79:4a:1a:f1:c8:a2:
6b:e4:b8:7b:9e:35:4e:04:52:91:2a:23:51:d7:a9:73:c7:7c:
84:1e:79:5c:0e:4f:4b:22:d0:84:76:8f:6a:5b:fb:f9:10:d7:
94:7e:d9:2b:b3:02:cc:e7:ac:1b:30:11:59:66:33:3f:fa:77:
be:c4:ea:df:98:c5:38:87:7a:f9:65:f0:80:0a:2b:85:72:e3:
5b:69:fd:fb:37:84:73:9c:3c:8b:7d:f3:df:b9:62:de:b0:e0:
b9:c0:83:8c:fe:e8:6b:dd:9b:30:d5:74:84:fe:21:e2:1d:31:
41:56:01:15:33:67:39:4a:7e:ff:fe:87:45:7c:d6:30:ae:df:
f3:f4:f2:13:a5:80:2b:0e:b2:35:a3:a4:da:11:73:6f:6f:ea:
ac:74:ee:6e:c2:b4:ae:82:cc:53:33:e6:50:cf:c6:80:d1:f4:
4c:81:df:b6:eb:ca:63:93:09:d7:d9:df:3a:b4:66:23:e2:4e:
b1:c0:86:3b:c9:bf:cd:94:41:db:b9:4b:5f:d7:4c:1d:b2:20:
8b:c0:c1:ca:0c:d7:26:d2:92:ab:b1:34:45:92:00:e1:e8:4f:
40:0d:58:00:2b:d0:01:0b:1c:fb:b5:4f:92:94:4f:1c:2b:3a:
ec:e9:b6:cf