Web Server Management: Securing Access to Web Servers
PrevChapter 3. Creating keys and certificatesNext

3.7. Viewing the certificate

The x509 sub-command will let us see what is inside the certificate.

Note how validity dates are included in the certificate. These are an important security measure, since they limit the amount of time a stolen certificate will remain a threat. Unfortunately they also provide a tool that allows CAs to extract money from clients on a regular basis.


$ openssl x509 -in WWW.crt -noout -text 
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            69:1f:68:82:22:df:92:cf:b8:f0:e1:2c:23:19:b6:8d
        Signature Algorithm: sha1WithRSAEncryption
        Issuer: C=ZA, ST=FOR TESTING PURPOSES ONLY, O=Thawte Certification, 
                OU=TEST TEST TEST, CN=Thawte Test CA Roo
        Validity
            Not Before: Mar 15 13:50:40 2007 GMT
            Not After : Apr  5 13:50:40 2007 GMT
        Subject: C=GB, ST=England, L=Cambridge, O=University of Cambridge, 
                 OU=Computing Service, CN=clt1.csi.cam.ac.uk
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
            RSA Public Key: (2048 bit)
                Modulus (2048 bit):
                    00:a8:0a:7f:25:9c:1d:b0:e9:0c:c8:24:6d:d6:fd:
                    00:01:9d:73:d1:c2:38:73:ec:16:de:78:19:d1:69:
                    c1:1c:98:65:e1:87:aa:db:1f:47:97:9f:65:21:4b:
                    02:a3:cb:ea:76:6b:ad:b7:2e:b8:c9:5e:a0:d9:14:
                    cb:7d:32:88:6b:ed:7e:05:3e:f3:bb:ee:23:83:a1:
                    bb:e7:4d:bc:04:44:bb:36:b6:79:34:31:25:ec:84:
                    49:1f:29:0b:00:d8:1e:c2:6a:e5:5a:f2:87:e1:40:
                    e3:7f:1f:8c:5f:5e:ca:78:a1:60:71:77:99:82:a1:
                    b1:6b:09:27:56:7b:fb:24:f5:80:f2:89:fa:c1:a6:
                    27:a6:b2:f1:e2:06:7b:e5:34:db:f9:cd:8b:01:be:
                    ed:f1:70:02:ac:04:36:b0:bf:8d:e0:0e:9f:5a:a3:
                    ac:bf:b6:56:d0:8c:0d:17:78:2d:1d:bc:89:68:67:
                    32:82:b8:26:77:a0:49:56:f1:ca:71:eb:2b:a4:7f:
                    8e:d3:b8:1d:62:d4:f1:cb:40:c6:94:eb:21:e4:3a:
                    fe:7b:2c:7a:27:d8:ae:db:f5:d4:c4:b7:9b:a0:61:
                    56:aa:5a:fa:80:cb:0c:9a:66:41:ce:73:3f:c3:0e:
                    90:98:71:4f:49:2b:21:c2:28:5c:be:b2:25:40:0f:
                    bc:eb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Basic Constraints: critical
                CA:FALSE
            X509v3 Extended Key Usage: 
                TLS Web Server Authentication, TLS Web Client Authentication
            X509v3 CRL Distribution Points: 
                URI:http://crl.thawte.com/ThawtePremiumServerCA.crl

            Authority Information Access: 
                OCSP - URI:http://ocsp.thawte.com

    Signature Algorithm: sha1WithRSAEncryption
        aa:58:81:f6:c3:ad:4e:b6:40:dc:e4:8c:c8:4d:93:a0:02:e3:
        d7:2c:64:47:7c:91:35:d3:db:b5:0a:44:3c:32:67:bd:6f:a0:
        c5:c4:fb:89:96:de:fc:4b:5c:f3:a5:18:49:78:e4:e4:0c:23:
        94:7c:98:b8:93:2e:ab:53:f2:17:30:b6:08:95:94:22:3e:85:
        de:1f:4a:1e:9b:8b:1f:50:1c:0b:08:08:a5:45:ca:84:59:92:
        65:29:2b:79:b4:32:ca:67:21:01:72:9e:22:53:b7:a3:89:64:
        21:c9:bc:5d:32:52:5d:85:16:97:87:fe:ae:97:55:ab:c1:60:
        ab:e3

Arguments used

-in

the name of the file containing the key

-noout

do not output the key itself

-text

display the contents of the key file as text

PrevHomeNext
Getting a real certificateUpSelf-signed certificates