====== Print Information about a Key ====== openssl x509 -inform DER -in testkey.cer -noout -text Informations about the used arguments from the OpenSSL man page: * ''[[http://www.openssl.org/docs/apps/x509.html|x509]]'': Certificate display and signing utility. * ''[[http://www.openssl.org/docs/apps/x509.html#item__inform|-inform DER]]'': This specifies the input format normally the command will expect an X509 certificate but this can change if other options such as -req are present. The DER format is the DER encoding of the certificate and PEM is the base64 encoding of the DER encoding with header and footer lines added. The NET option is an obscure Netscape server format that is now obsolete. * ''[[http://www.openssl.org/docs/apps/x509.html#item__in|-in testkey.cer]]'': This specifies the input filename to read a certificate from or standard input if this option is not specified. * ''[[http://www.openssl.org/docs/apps/x509.html#item__noout|-noout]]'': this option prevents output of the encoded version of the request. * ''[[http://www.openssl.org/docs/apps/x509.html#item__text|-text]]'': prints out the certificate in text form. Full details are output including the public key, signature algorithms, issuer and subject names, serial number any extensions present and any trust settings. You should redirect the output into a file (with "''> testkey_info.txt''") or into some pager (like "''| less''") as this outputs a lot of information. {{tag>cryptography howto openssl security}}