1. Openssl Show Pem Certificate Details
  2. Openssl Read Pem Certificate
  3. Openssl Dump Pem File
  4. Openssl View Pem Certificate Details
  5. Openssl Generate Pem Certificate And Key

Last updated: 14/06/2018

Openssl x509 -noout -fingerprint -sha256 -inform pem -in certificate-file.crt SHA-1 openssl x509 -noout -fingerprint -sha1 -inform pem -in certificate-file.crt MD5 openssl x509 -noout -fingerprint -md5 -inform pem -in certificate-file.crt The example below displays the value of the same certificate using each algorithm. One way to verify if 'keytool' did export my certificate using DER and PEM formats correctly or not is to use 'OpenSSL' to view those certificate files. To do this, I used the 'openssl x509' command to view keytoolcrt.der and keytoolcrt.pem. One way to verify if 'keytool' did export my certificate using DER and PEM formats correctly or not is to use 'OpenSSL' to view those certificate files. To do this, I used the 'openssl x509' command to view keytoolcrt.der and keytoolcrt.pem. You can display the contents of a PEM formatted certificate under Linux, using openssl: $ openssl x509 -in acs.cdroutertest.com.pem -text The output of the above command should look something like this. A PEM encoded certificate is a block of encoded text that contains all of the certificate information and public key. Another simple way to view the information in a certificate on a Windows machine is to just double-click the certificate file.

How to use OpenSSL?

OpenSSL is the true Swiss Army knife of certificate management, and just like with the real McCoy, you spend more time extracting the nail file when what you really want is the inflatable hacksaw. You'll find an overview of the most commonly used commands below.

Certificate requests and key generation

Typically, when you ordered a new SSL certificate you must generate a CSR or certificate signing request, with a new private key:

Alternatively, use the Kinamo CSR Generator for easy CSR creation.

Generate a new certificate request using an existing private key:

Generate a certificate request starting from an existing certificate:

Generate a new RSA private key:

Encrypt a private key with a passphrase:

Remove a passphrase from an encrypted private key:

Generate a new ECC private key:

Create a self-signed certificate

Generate a self-signed certificate for testing purposes with one year validity period, together with a new 2048-bit key:

View and verify certificates

Check and display a certificate request (CSR):

Verify and display a key pair:

Openssl View Pem Certificate

View a PEM-encoded certificate:

Openssl Show Pem Certificate Details

View a certificate encoded in PKCS#7 format:

View a certificate and key pair encoded in PKCS#12 format:

Verify an SSL connection and display all certificates in the chain:

The Kinamo SSL Tester will give you the same results, in a human-readable format.

Control whether a certificate, a certificate request and a private key have the same public key:

Openssl example github. Check a certificate and its intermediate certificate chain for web server purposes:

Certificate conversion

Openssl Read Pem Certificate

Conversion of PKCS#12 ( .pfx .p12, typically used on Microsoft Windows) files with private key and certificate to PEM (typically used on Linux):

Conversion of PEM to PKCS#12:

Openssl Dump Pem File

Conversion of PKCS#7 format ( .p7b .p7c ) to PEM:

Conversion of PEM format to PKCS#7:

Openssl View Pem Certificate Details

Conversion of DER (.crt .cer or .der) to PEM:

Conversion from PEM to DER format:

Checking SSL Connections

Openssl Generate Pem Certificate And Key

This will output the website's certificate, including any intermediate certificates