Dumping SSL certificate information

It seems lately I’m regularly having to dump the information from SSL certificates (for instance to get the “Subject” or CA signer). Since I keep having to look up the exact syntax, I thought it easier to save here and figured it might help others.

So, if in PEM format, use the following:

openssl x509 -text -in cert.pem

If in PKCS#12 format, use this:

openssl pkcs12 -info -in cert.pfx

To dump a CSR (Certificate Signing Request), use this:

openssl req -text -in request.csr

More can be found here and here.


You can also pull the publickey side of a certificate from an active website, which can be handy. The output will be in PEM format:

openssl s_client -connect somehost.somedomain.com:443 >cert.pem

It will give you some information about the certificate you just pulled, however you will need to use the above PEM dump example to get things like the serial number.

Leave a Reply

You can use these HTML tags

<a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code class="" title="" data-url=""> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong> <pre class="" title="" data-url=""> <span class="" title="" data-url="">