Examine SSL certificate on the command line

June 22, 2009

This is more for my documentation than anyone elses, but you might find it useful.

To examine an SSL certificate (for use on a secured web server) from the commandline, use this command:

openssl x509 -in filename.crt -noout -text

« Previous Entry

More Cable Management

Windows Desktop Automated Installations

Send this post to...

Add to Bloglines

Add to Del.icio.us

Add to Facebook

Add to Google Bookmarks

Add to LinkedIn

Add to Slashdot

Add to Stumble Upon

Add to Technorati

Add to Yahoo My Web

Category Posted in General

6 Responses to “Examine SSL certificate on the command line”

Greg said:

June 22nd, 2009 at 7:55 pm

Another useful trick -- use these to confirm you have the right key and cert file pair:

openssl x509 -noout -text -in certfile -modulus | md5

openssl rsa -noout -text -in keyfile -modulus | md5

If the md5's match, you're good to go.
augmentedfourth said:

June 22nd, 2009 at 8:29 pm

Interesting... thanks! I always just check by loading the site in Firefox, but that's way more efficient.
Ryan Kovar said:

June 22nd, 2009 at 10:25 pm

Also useful for maintenance to throw a nagois check against it... I think check_http -C %how long of a warning you want before the cert expires%
Matt said:

June 23rd, 2009 at 12:56 pm

@Greg

Wow, nice! That's a great trick. Thanks for the comment!
Good Moncler Coats said:

November 28th, 2011 at 12:55 am

Woah this blog is excellent i like studying your articles. Stay up the good work! You know, lots of persons are searching round for this info, you can aid them greatly.
Ronald said:

December 2nd, 2011 at 1:23 pm

Tip on Greg's statement:

In order to get a good modulus on checking the .crt and the .key files, leave off the "-text" option.
Additionally, openssl can be used to md5 the modulus too:

openssl x509 -noout -in server.crt -modulus | openssl md5
dece7ece4a04a3ca449be98af17c5759
openssl rsa -noout -in server.key -modulus | openssl md5
dece7ece4a04a3ca449be98af17c5759

Thanks,

Leave a Reply

Archives

▼2013 (37)
- ▼May (3)
- ►April (10)
- ►March (10)
- ►February (8)
- ►January (6)
►2012 (85)
- ►December (8)
- ►November (4)
- ►October (8)
- ►September (8)
- ►August (10)
- ►July (3)
- ►June (8)
- ►May (6)
- ►April (8)
- ►March (9)
- ►February (2)
- ►January (11)
►2011 (109)
- ►December (6)
- ►November (6)
- ►October (13)
- ►September (9)
- ►August (12)
- ►July (13)
- ►June (10)
- ►May (9)
- ►April (6)
- ►March (5)
- ►February (8)
- ►January (12)
►2010 (137)
- ►December (6)
- ►November (13)
- ►October (7)
- ►September (10)
- ►August (10)
- ►July (8)
- ►June (15)
- ►May (14)
- ►April (11)
- ►March (21)
- ►February (11)
- ►January (11)
►2009 (218)
- ►December (16)
- ►November (14)
- ►October (15)
- ►September (16)
- ►August (14)
- ►July (27)
- ►June (19)
- ►May (16)
- ►April (18)
- ►March (14)
- ►February (25)
- ►January (24)
►2008 (184)
- ►December (26)
- ►November (29)
- ►October (23)
- ►September (20)
- ►August (33)
- ►July (21)
- ►June (19)
- ►May (13)

About the Author

Hi! I'm Matt Simmons, author of the Standalone Sysadmin blog. I've been a small infrastructure administrator since aound 2001, nearly always on my own, hence the "Standalone Sysadmin" title. This year, I started working at Northeastern University's College of Computer and Information Science, so I'm getting a taste of a larger environment,but it's still small in the grand scheme of things, but I'll be passing along this new experience as I go through it! I started this blog in May of 2008 and have thoroughly enjoyed every interaction I've had because of it. Thank you for visiting!
Email me