Dumping SSL certificate information

It seems lately I’m regularly having to dump the information from SSL certificates (for instance to get the “Subject” or CA signer). Since I keep having to look up the exact syntax, I thought it easier to save here and figured it might help others.

So, if in PEM format, use the following:

openssl x509 -text -in cert.pem

If in PKCS#12 format, use this:

openssl pkcs12 -info -in cert.pfx

To dump a CSR (Certificate Signing Request), use this:

openssl req -text -in request.csr

To dump/check a private key:

openssl rsa -text -noout -in key.pem

More can be found here and here.


You can also pull the publickey side of a certificate from an active website, which can be handy. The output will be in PEM format:

openssl s_client -showcerts -connect somehost.somedomain.com:443 >cert.pem </dev/null

It will give you information about the certificate you just pulled, however you will need to use the above PEM dump example to get things like the serial number.


Leave a Reply

Your email address will not be published. Required fields are marked *