About cookies on this site Our websites require some cookies to function properly (required). In addition, other cookies may be used with your consent to analyze site usage, improve the user experience and for advertising. For more information, please review your options. By visiting our website, you agree to our processing of information as described in IBM’sprivacy statement. To provide a smooth navigation, your cookie preferences will be shared across the IBM web domains listed here.
Technical Blog Post
Abstract
Security: Extract the information from the certificate using OpenSSL
Body
Author: Manisha Khond
| There are certain situations where you want to decode the certificate to verify that it contains the correct information. The easiest way to view the certificate content on Windows host, is to open the certificate and view it’s contents field by field. There are tools available to parse the certificate contents. OpenSSL is free tool and it can decode the contents of the certificate as well.
|
| This is the certificate that we want to decode (Part of the certificate displayed below is erased due to security concerns).
|
 |
|
In next section, we will go through OpenSSL commands to decode the contents of the Certificate.
Get the full details on the certificate:
openssl x509 -text -in ibmcert.crt |
|
Certificate: Data: Version: 3 (0x2) Serial Number: 07:da:4b:af:e9:57:39:9f:31:2b:6f:c3:d4:87:c8:74 Signature Algorithm: sha256WithRSAEncryption Issuer: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=GeoTrust RSA CA 2018 Validity Not Before: Feb 19 00:00:00 2018 GMT Not After : Mar 21 12:00:00 2019 GMT Subject: C=US, ST=New York, L=Armonk, O=IBM, CN=www.ibm.com Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public Key: (2048 bit) Modulus (2048 bit): 00:c8:aa:36:b7:66:12:31:c8:b6:5e:cb:c0:4b:6c: 22:f6:a4:1b:b9:d9:52:e6:21:00:ee:f9:91:b1:ce: 7b:d0:fb:8d:58:66:b1:a3:88:47:93:b2:38:14:ad: 03:44:d5:1c:24:bd:86:87:5e:67:9a:69:be:b8:a0: c0:fc:b7:bf:f6:17:fb:3a:53:8a:10:60:f9:99:26: 7b:36:63:93:db:0e:fb:e8:20:40:b6:b0:cb:4d:ec: 73:7c:c9:eb:f0:f8:e8:a3:04:76:e3:81:fc:d0:96: 4b:66:10:6b:84:dd:67:b2:00:da:97:41:6a:dd:64: 14:29:5a:4d:9c:28:b5:b3:9d:20:26:30:c1:2e:ef: 64:9c:be:b9:28:70:65:90:af:b4:fe:f1:3f:74:8b: c8:b2:0b:15:87:00:41:5e:61:40:91:9a:d8:33:81: 85:c5:2b:85:56:8c:90:0d:46:e3:ca:6b:7d:83:49: 95:03:5d:61:1a:18:dd:fb:f2:2a:35:a3:02:ff:69: d1:06:12:4b:54:5e:a1:c9:cc:91:c9:da:a9:50:66: f2:b9:e0:6a:ba:b9:d9:05:9b:0a:37:25:ad:56:72: 58:8d:cc:f4:35:66:23:57:a3:83:64:77:02:d1:e3: 44:ec:c6:38:84:9e:49:8d:e6:21:3c:ae:55:fc:c1: 36:43 Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Authority Key Identifier: keyid:90:58:FF:B0:9C:75:A8:51:54:77:B1:ED:F2:A3:43:16:38:9E:6C:C5
X509v3 Subject Key Identifier: 81:1B:D2:F2:2B:73:FC:86:76:ED:19:DA:FE:5B:03:51:52:A9:CB:8F X509v3 Subject Alternative Name: xxx X509v3 Key Usage: critical Digital Signature, Key Encipherment X509v3 Extended Key Usage: TLS Web Server Authentication, TLS Web Client Authentication X509v3 CRL Distribution Points: URI:http://cdp.geotrust.com/GeoTrustRSACA2018.crl
X509v3 Certificate Policies: Policy: 2.16.840.1.114412.1.1 CPS: https://www.digicert.com/CPS Policy: 2.23.140.1.2.2
Authority Information Access: OCSP - URI:http://status.geotrust.com CA Issuers - URI:http://cacerts.geotrust.com/GeoTrustRSACA2018.crt
X509v3 Basic Constraints: CA:FALSE 1.3.6.1.4.1.11129.2.4.2: ......w.......X......gp !g.../O...6...".p.s0.u..u..Y|..C._..n.V.GV6.J.`....^......a...J.....F0D. /a...v. .. zG#....^....^...D8=.'.....3..... Signature Algorithm: sha256WithRSAEncryption 36:79:07:98:7f:57:71:96:98:47:0c:88:f9:41:a1:52:56:a4: 01:d3:dc:eb:a9:47:03:53:3a:2f:d5:ef:41:66:bf:6c:8b:74: 8a:a7:a8:3f:9c:c6:9b:33:7a:77:09:c8:69:70:14:9b:13:e8: 77:15:cb:98:d4:00:11:7c:82:26:47:a7:03:98:9b:cb:d5:65: 9f:89:cd:c8:d2:36:80:76:b1:d2:52:da:3a:39:2a:0a:10:0f: e1:27:d3:c2:6a:c1:7b:93:70:af:88:8c:41:85:31:5b:e0:4a: f2:6b:74:07:5c:5a:dc:09:4b:f9:dd:23:0c:59:0c:63:cf:a5: 98:1e:1b:2f:1c:05:08:a3:c0:44:28:e4:a2:f5:55:bf:1c:4a: 86:a7:0f:69:8d:58:67:de:b9:1e:2a:d0:13:f7:0e:ee:6e:48: 12:89:46:21:64:fa:db:50:c9:f7:7f:e8:36:11:ec:9f:25:1a: 9c:7f:49:07:c6:03:1e:49:71:d7:f2:19:23:9a:dc:a3:bc:0f: 3e:8e:fc:52:d0:f7:b3:8d:a0:b6:ac:e8:ee:d7:37:32:fd:5b: 42:e6:45:2c:10:83:3b:60:59:06:17:1e:1a:c6:1f:9e:7e:c1: d6:83:16:6d:c2:30:8f:5e:c6:1f:13:a5:83:de:5d:96:ca:80: b2:df:8c:dd -----BEGIN CERTIFICATE----- MIII0TCCB7mgAwIBAgIQB9pLr+lXOZ8xK2/D1IfIdDANBgkqhkiG9w0BAQsFADBe MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3 d3cuZGlnaWNlcnQuY29tMR0wGwYDVQQDExRHZW9UcnVzdCBSU0EgQ0EgMjAxODAe Fw0xODAyMTkwMDAwMDBaFw0xOTAzMjExMjAwMDBaMFUxCzAJBgNVBAYTAlVTMREw DwYDVQQIEwhOZXcgWW9yazEPMA0GA1UEBxMGQXJtb25rMQwwCgYDVQQKEwNJQk0x FDASBgNVBAMTC3d3dy5pYm0uY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB CgKCAQEAyKo2t2YSMci2XsvAS2wi9qQbudlS5iEA7vmRsc570PuNWGaxo4hHk7I4 FK0DRNUcJL2Gh15nmmm+uKDA/Le/9hf7OlOKEGD5mSZ7NmOT2w776CBAtrDLTexz fMnr8PjoowR244H80JZLZhBrhN1nsgDal0Fq3WQUKVpNnCi1s50gJjDBLu9knL65 KHBlkK+0/vE/dIvIsgsVhwBBXmFAkZrYM4GFxSuFVoyQDUbjymt9g0mVA11hGhjd +/IqNaMC/2nRBhJLVF6hycyRydqpUGbyueBqurnZBZsKNyWtVnJYjcz0NWYjV6OD ZHcC0eNE7MY4hJ5JjeYhPK5V/ME2QwIDAQABo4IFkjCCBY4wHwYDVR0jBBgwFoAU kFj/sJx1qFFUd7Ht8qNDFjiebMUwHQYDVR0OBBYEFIEb0vIrc/yGdu0Z2v5bA1FS qcuPMIIDAwYDVR0RBIIC+jCCAvaCC3d3dy5pYm0uY29tggdpYm0uY29tghJjbGll bnQtcHJlLmlibS5jb22CDW15aWJtLmlibS5jb22CEXVzbXIuY21zLnM4MWMuY29t gg53d3ctMDUuaWJtLmNvbYIPdXMuY21zLnM4MWMuY29tghN3d3d0ZXN0LWFwaS5p Ym0uY29tghN0aGluay1zdGFnZS5pYm0uY29tgg93d3ctMTEyLmlibS5jb22CD2Fw LmNtcy5zODFjLmNvbYILbXAuczgxYy5jb22CFXd3dy5kZXZlbG9wZXIuaWJtLmNv bYIQd3d3c3RhZ2UuaWJtLmNvbYITMS5jbXNzdGFnZS5zODFjLmNvbYIUd3d3c3Rh Z2UtYXBpLmlibS5jb22CEGFwaS53d3cuczgxYy5jb22CD3d3dy0zNTYuaWJtLmNv bYIPd3d3LWFwaS5pYm0uY29tgg53d3ctMDYuaWJtLmNvbYIOY2xpZW50LmlibS5j b22CCW0uaWJtLmNvbYIPZXUuY21zLnM4MWMuY29tghR3d3ctOTY5c3RhZ2UuaWJt LmNvbYIRZGV2ZWxvcGVyLmlibS5jb22CEjEuY21zdGVzdC5zODFjLmNvbYIPd3d3 LTkzNS5pYm0uY29tgg93d3d0ZXN0LmlibS5jb22CEzEuZGFtc3RhZ2UuczgxYy5j b22CDnd3dy0wMS5pYm0uY29tggthcGkuaWJtLm5ldIINdGhpbmsuaWJtLmNvbYIO MS5kYW0uczgxYy5jb22CDnd3dy0wNy5pYm0uY29tgg4xLmNtcy5zODFjLmNvbYIO d3d3LTAzLmlibS5jb22CEzEud3d3c3RhZ2UuczgxYy5jb22CDjEud3d3LnM4MWMu Y29tggt3d3cubmljLmlibYIRMS5jbXNwb2MuczgxYy5jb22CEmNsaWVudC1jZHQu aWJtLmNvbYIOd3d3cG9jLmlibS5jb22CD3d3dy05NjkuaWJtLmNvbYIQd3d3LTIw MDAuaWJtLmNvbTAOBgNVHQ8BAf8EBAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUHAwEG CCsGAQUFBwMCMD4GA1UdHwQ3MDUwM6AxoC+GLWh0dHA6Ly9jZHAuZ2VvdHJ1c3Qu Y29tL0dlb1RydXN0UlNBQ0EyMDE4LmNybDBMBgNVHSAERTBDMDcGCWCGSAGG/WwB ATAqMCgGCCsGAQUFBwIBFhxodHRwczovL3d3dy5kaWdpY2VydC5jb20vQ1BTMAgG BmeBDAECAjB1BggrBgEFBQcBAQRpMGcwJgYIKwYBBQUHMAGGGmh0dHA6Ly9zdGF0 dXMuZ2VvdHJ1c3QuY29tMD0GCCsGAQUFBzAChjFodHRwOi8vY2FjZXJ0cy5nZW90 cnVzdC5jb20vR2VvVHJ1c3RSU0FDQTIwMTguY3J0MAkGA1UdEwQCMAAwggEEBgor BgEEAdZ5AgQCBIH1BIHyAPAAdwCkuQmQtBhYFIe7E6LMZ3AKPDWYBPkb37jjd80O yA3cEAAAAWGwB/7vAAAEAwBIMEYCIQDOazkJq+N0anorzX70OWKcgcunHlKnNxeG BzsSUYl4WAIhAPMUqVkgaJSWCDdNDSFn/u6cL0+ejto2F/XsIs9wmHMwAHUAh3W/ 51l8+IxDmV+9827/Vo1HVjb/SrVgwbTq/16ggw8AAAFhsAf/SgAABAMARjBEAiAv YckuyHana2MPXT6SWWcGV1aW4uKsEMQYaUczWCkNGQIgekcjpvWzF16Kis+CXpfQ nEQ4Pa8n+cO4nNEz4MgRjwswDQYJKoZIhvcNAQELBQADggEBADZ5B5h/V3GWmEcM iPlBoVJWpAHT3OupRwNTOi/V70Fmv2yLdIqnqD+cxpszencJyGlwFJsT6HcVy5jU ABF8giZHpwOYm8vVZZ+JzcjSNoB2sdJS2jo5KgoQD+En08JqwXuTcK+IjEGFMVvg SvJrdAdcWtwJS/ndIwxZDGPPpZgeGy8cBQijwEQo5KL1Vb8cSoanD2mNWGfeuR4q 0BP3Du5uSBKJRiFk+ttQyfd/6DYR7J8lGpx/SQfGAx5JcdfyGSOa3KO8Dz6O/FLQ 97ONoLas6O7XNzL9W0LmRSwQgztgWQYXHhrGH55+wdaDFm3CMI9exh8TpYPeXZbK gLLfjN0= -----END CERTIFICATE-----
|
| Note: The Subject Alternative Name has the list of all DNS entries. This field is masked due to Security concerns.
Get the certificate issuer:
openssl x509 -noout -in ibmcert.crt -issuer
issuer= /C=US/O=DigiCert Inc/OU=www.digicert.com/CN=GeoTrust RSA CA 2018
Get the certificate Subject:
openssl x509 -noout -in ibmcert.crt -subject
subject= /C=US/ST=New York/L=Armonk/O=IBM/CN=www.ibm.com
Get the valid certificate dates:
openssl x509 -noout -in ibmcert.crt -dates
notBefore=Feb 19 00:00:00 2018 GMT notAfter=Mar 21 12:00:00 2019 GMT |
| Get the issuer, subject and valid dates:
openssl x509 -noout -in ibmcert.crt -issuer -subject -dates
issuer= /C=US/O=DigiCert Inc/OU=www.digicert.com/CN=GeoTrust RSA CA 2018 subject= /C=US/ST=New York/L=Armonk/O=IBM/CN=www.ibm.com notBefore=Feb 19 00:00:00 2018 GMT notAfter=Mar 21 12:00:00 2019 GMT |
|
Get the certificate Thumbprint:
openssl x509 -noout -in ibmcert.crt -fingerprint
SHA1 Fingerprint=A2:B5:46:36:3D:1C:21:07:5E:3F:E3:07:50:B9:83:18:1E:6B:D7:4F |
|
Do you have further questions or concerns? Please comment using "Add a comment" section of the blog. |
[{"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SS3JSW","label":"IBM Sterling B2B Integrator"},"Component":"","Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"","Edition":"","Line of Business":{"code":"LOB59","label":"Sustainability Software"}}]
UID
ibm11120515