Examine SSL certificate on the command line

Date June 22, 2009

This is more for my documentation than anyone elses, but you might find it useful.

To examine an SSL certificate (for use on a secured web server) from the commandline, use this command:

openssl x509 -in filename.crt -noout -text

  • Greg

    Another useful trick -- use these to confirm you have the right key and cert file pair:

    openssl x509 -noout -text -in certfile -modulus | md5

    openssl rsa -noout -text -in keyfile -modulus | md5

    If the md5's match, you're good to go.

  • augmentedfourth

    Interesting... thanks! I always just check by loading the site in Firefox, but that's way more efficient.

  • Ryan Kovar

    Also useful for maintenance to throw a nagois check against it... I think check_http -C %how long of a warning you want before the cert expires%

  • Matt

    @Greg

    Wow, nice! That's a great trick. Thanks for the comment!

  • http://www.goodcoats.us/ Good Moncler Coats

    Woah this blog is excellent i like studying your articles. Stay up the good work! You know, lots of persons are searching round for this info, you can aid them greatly.

  • Ronald

    Tip on Greg's statement:

    In order to get a good modulus on checking the .crt and the .key files, leave off the "-text" option.
    Additionally, openssl can be used to md5 the modulus too:

    openssl x509 -noout -in server.crt -modulus | openssl md5
    dece7ece4a04a3ca449be98af17c5759
    openssl rsa -noout -in server.key -modulus | openssl md5
    dece7ece4a04a3ca449be98af17c5759

    Thanks,