How To Read RSA, X509, PKCS12 Certificates with OpenSSL?
OpenSSL provides read different type of certificate and encoding formats. OpenSSL supports certificate formats like RSA, X509, PCKS12 etc. We will look how to read these certificate formats with OpenSSL.
Read RSA Private Key
RSA is popular format use to create asymmetric key pairs those named public and private key. We can use
rsa verb to read RSA private key with the following command.
$ openssl rsa -in myprivate.pem -check
We can see that the first line of command output provides
RSA key ok
Read X509 Certificate
Another case reading certificate with OpenSSL is reading and printing X509 certificates to the terminal. We will use
x509 version with the following command.
$ openssl x509 -in mycert.pem -text -noout
Print Certificate Purpose
X509 certificates also holds information about the purpose of the cerficate. This will be beneficial while using certificate to learn the creation aim of the certificate. We can print certificate purpose with the
-purpose command like below.
$ openssl x509 -in mycert.pem -text -noout -purpose
Read Web Sites HTTPS TLS/SSL Certificates
We can read and print web sites HTTPS certificates with the
s_client verb which is explained in this tutorial. We can print the SSL/TLS X509 certificate with the following command.
$ openssl s_client -showcerts -connect poftut.com:443
Read PKCS12 File
We can also read and print PKCS12 files which can be used store keys and related information. We will use
pkcs12 verb like below.
$ openssl pkcs12 -info -in keystore.p12
Read Certificate Signing Request
Certificate signing requests are used to create required request in order to sign our certificate from certificate authority. After creating a Certificate Signing Request we should check the CSR with the following command where we can see all information provided by CSR.
$ openssl req -text -noout -verify -in myrequest.csr