Examine SSL certificate on the command line

Date June 22, 2009

This is more for my documentation than anyone elses, but you might find it useful.

To examine an SSL certificate (for use on a secured web server) from the commandline, use this command:

openssl x509 -in filename.crt -noout -text

6 Responses to “Examine SSL certificate on the command line”

  1. Greg said:

    Another useful trick -- use these to confirm you have the right key and cert file pair:

    openssl x509 -noout -text -in certfile -modulus | md5

    openssl rsa -noout -text -in keyfile -modulus | md5

    If the md5's match, you're good to go.

  2. augmentedfourth said:

    Interesting... thanks! I always just check by loading the site in Firefox, but that's way more efficient.

  3. Ryan Kovar said:

    Also useful for maintenance to throw a nagois check against it... I think check_http -C %how long of a warning you want before the cert expires%

  4. Matt said:


    Wow, nice! That's a great trick. Thanks for the comment!

  5. Good Moncler Coats said:

    Woah this blog is excellent i like studying your articles. Stay up the good work! You know, lots of persons are searching round for this info, you can aid them greatly.

  6. Ronald said:

    Tip on Greg's statement:

    In order to get a good modulus on checking the .crt and the .key files, leave off the "-text" option.
    Additionally, openssl can be used to md5 the modulus too:

    openssl x509 -noout -in server.crt -modulus | openssl md5
    openssl rsa -noout -in server.key -modulus | openssl md5


Leave a Reply

XHTML: You can use these tags: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>