Viewing Components of Certificates

Cryptography Tutorials - Herong's Tutorial Examples

∟Viewing Components of Certificates

This section provides a tutorial example on how to view different components in certificate with the OpenSSL command line tool.

Here is how to see the components of a certificate:

herong> openssl x509 -in herong.crt -noout -text
Certificate:
 Data:
  Version: 3 (0x2)
  Serial Number: 0 (0x0)
  Signature Algorithm: md5WithRSAEncryption
  Issuer: C=CN, ST=PN, L=LN, O=ON, OU=UN, CN=Herong Yang
  Validity
   Not Before: Jul 15 02:19:47 2002 GMT
   Not After : Aug 14 02:19:47 2002 GMT
  Subject: C=CN, ST=PN, L=LN, O=ON, OU=UN, CN=Herong Yang
  Subject Public Key Info:
   Public Key Algorithm: rsaEncryption
   RSA Public Key: (512 bit)
    Modulus (512 bit):
     00:a9:e6:19:c6:ee:88:01:86:d9:72:9e:93:92:db:
     57:01:7b:02:84:fc:1e:e3:57:5e:2a:7b:2b:25:9e:
     bd:ba:c5:95:2c:49:59:28:df:a6:67:86:26:8e:ff:
     36:cc:3a:84:5c:28:af:6f:11:c8:0c:b5:c2:c5:b9:
     04:d6:0e:5d:d1
    Exponent: 65537 (0x10001)
  X509v3 extensions:
   X509v3 Subject Key Identifier:
    55:C8:EF:49:2B:5D:E4:03:C5:98:1B:68:24:28:47:88:D4:0E:77:04
   X509v3 Authority Key Identifier:
    keyid:55:C8:EF:49:2B:5D:E4:03:C5:98:1B:68:24:28:47:88:D4:0E:77:04
    DirName:/C=CN/ST=PN/L=LN/O=ON/OU=UN/CN=Herong Yang
    serial:00
   X509v3 Basic Constraints:
    CA:TRUE
 Signature Algorithm: md5WithRSAEncryption
  3f:ba:0c:c1:ae:38:ca:f6:37:16:9c:35:5f:18:79:64:de:27:
  0d:46:ad:28:57:b4:62:df:6c:ff:f8:74:17:eb:b6:91:7e:06:
  6e:ec:a5:9d:23:e2:6e:5a:6e:c3:09:fa:cf:34:65:70:15:65:
  10:3a:6b:0f:b9:ef:6b:64:18:0e

This certificate tells us that:

The subject is "C=CN, ST=PN, L=LN, O=ON, OU=UN, CN=Herong Yang"
The subject's public key is included in it.
The issuer is "C=CN, ST=PN, L=LN, O=ON, OU=UN, CN=Herong Yang". The issuer is identical to the subject, because this is a self-signed certificate.
The certificate is valid for one month.
The certificate is signed by the issuer with the signature at the end.