Web Server Management: Securing Access to Web Servers | ||
---|---|---|
Prev | Chapter 3. Creating keys and certificates | Next |
The x509 sub-command will let us see what is inside the certificate.
Note how validity dates are included in the certificate. These are an important security measure, since they limit the amount of time a stolen certificate will remain a threat. Unfortunately they also provide a tool that allows CAs to extract money from clients on a regular basis.
$ openssl x509 -in WWW.crt -noout -text Certificate: Data: Version: 3 (0x2) Serial Number: 69:1f:68:82:22:df:92:cf:b8:f0:e1:2c:23:19:b6:8d Signature Algorithm: sha1WithRSAEncryption Issuer: C=ZA, ST=FOR TESTING PURPOSES ONLY, O=Thawte Certification, OU=TEST TEST TEST, CN=Thawte Test CA Roo Validity Not Before: Mar 15 13:50:40 2007 GMT Not After : Apr 5 13:50:40 2007 GMT Subject: C=GB, ST=England, L=Cambridge, O=University of Cambridge, OU=Computing Service, CN=clt1.csi.cam.ac.uk Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public Key: (2048 bit) Modulus (2048 bit): 00:a8:0a:7f:25:9c:1d:b0:e9:0c:c8:24:6d:d6:fd: 00:01:9d:73:d1:c2:38:73:ec:16:de:78:19:d1:69: c1:1c:98:65:e1:87:aa:db:1f:47:97:9f:65:21:4b: 02:a3:cb:ea:76:6b:ad:b7:2e:b8:c9:5e:a0:d9:14: cb:7d:32:88:6b:ed:7e:05:3e:f3:bb:ee:23:83:a1: bb:e7:4d:bc:04:44:bb:36:b6:79:34:31:25:ec:84: 49:1f:29:0b:00:d8:1e:c2:6a:e5:5a:f2:87:e1:40: e3:7f:1f:8c:5f:5e:ca:78:a1:60:71:77:99:82:a1: b1:6b:09:27:56:7b:fb:24:f5:80:f2:89:fa:c1:a6: 27:a6:b2:f1:e2:06:7b:e5:34:db:f9:cd:8b:01:be: ed:f1:70:02:ac:04:36:b0:bf:8d:e0:0e:9f:5a:a3: ac:bf:b6:56:d0:8c:0d:17:78:2d:1d:bc:89:68:67: 32:82:b8:26:77:a0:49:56:f1:ca:71:eb:2b:a4:7f: 8e:d3:b8:1d:62:d4:f1:cb:40:c6:94:eb:21:e4:3a: fe:7b:2c:7a:27:d8:ae:db:f5:d4:c4:b7:9b:a0:61: 56:aa:5a:fa:80:cb:0c:9a:66:41:ce:73:3f:c3:0e: 90:98:71:4f:49:2b:21:c2:28:5c:be:b2:25:40:0f: bc:eb Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Basic Constraints: critical CA:FALSE X509v3 Extended Key Usage: TLS Web Server Authentication, TLS Web Client Authentication X509v3 CRL Distribution Points: URI:http://crl.thawte.com/ThawtePremiumServerCA.crl Authority Information Access: OCSP - URI:http://ocsp.thawte.com Signature Algorithm: sha1WithRSAEncryption aa:58:81:f6:c3:ad:4e:b6:40:dc:e4:8c:c8:4d:93:a0:02:e3: d7:2c:64:47:7c:91:35:d3:db:b5:0a:44:3c:32:67:bd:6f:a0: c5:c4:fb:89:96:de:fc:4b:5c:f3:a5:18:49:78:e4:e4:0c:23: 94:7c:98:b8:93:2e:ab:53:f2:17:30:b6:08:95:94:22:3e:85: de:1f:4a:1e:9b:8b:1f:50:1c:0b:08:08:a5:45:ca:84:59:92: 65:29:2b:79:b4:32:ca:67:21:01:72:9e:22:53:b7:a3:89:64: 21:c9:bc:5d:32:52:5d:85:16:97:87:fe:ae:97:55:ab:c1:60: ab:e3
Arguments used
-in
the name of the file containing the key
-noout
do not output the key itself
-text
display the contents of the key file as text