wiki:ESGF-Security/OpenSSLInESGFSheet

Version 8 (modified by terryk, 7 years ago) (diff)

--

Shows x509 certificate in readable format (-noout to not show certificate (PKCS1 DER encoded))

$ openssl x509 -noout -text -in pemFile.pem

Get the certificate of a data node and return its expired dates

$ openssl s_client -connect pcmdi7.llnl.gov:443 </dev/null 2>/dev/null|openssl x509 -noout -dates
notBefore=Oct 16 00:00:00 2013 GMT
notAfter=Oct 27 23:59:59 2014 GMT

Find out the hash of the cert. Options:

  • -subject_hash: print subject hash value
  • -subject_hash_old: print old-style (MD5) subject hash value
  • -issuer_hash: print issuer hash value
  • -issuer_hash_old: print old-style (MD5) issuer hash value
$ openssl x509 -subject_hash_old -noout -in cert