It seems lately I’m regularly having to dump the information from SSL certificates (for instance to get the “Subject” or CA signer). Since I keep having to look up the exact syntax, I thought it easier to save here and figured it might help others.
So, if in PEM format, use the following:
openssl x509 -text -in cert.pem
If in PKCS#12 format, use this:
openssl pkcs12 -info -in cert.pfx
To dump a CSR (Certificate Signing Request), use this:
openssl req -text -in request.csr
To dump/check a private key:
openssl rsa -text -noout -in key.pem
You can also pull the publickey side of a certificate from an active website, which can be handy. The output will be in PEM format:
openssl s_client -showcerts -connect somehost.somedomain.com:443 >cert.pem </dev/null
It will give you information about the certificate you just pulled, however you will need to use the above PEM dump example to get things like the serial number.