Skip to content. | Skip to navigation

Personal tools

Navigation

You are here: Home / Notes / Openssl. Check local/remote certificate content, CSR content

Openssl. Check local/remote certificate content, CSR content

check local:

openssl x509 -text -in my_crt.pem

check remote:


openssl s_client -showcerts -connect example.com:443
smtp, pop3, imap, and ftp as starttls options.
openssl s_client -connect mail.example.com:pop3s
openssl s_client -connect mail.example.com:imaps
or:
openssl s_client -showcerts -starttls imap -connect mail.example.com:139
Specific SSL version.
openssl s_client -showcerts -ssl2 -connect www.domain.com:443
Present a client certificate.
openssl s_client -showcerts -cert cert.cer -key cert.key -connect example.com:443

CSR

Extract information from the CSR

$ openssl req -in example.com.csr -text -noout

Verify the signature

$ openssl req -in example.com.csr -noout -verify

Whom the certificate will be issued to?

$ openssl req -in example.com.csr -noout -subject

Show the public key

$ openssl req -in example.com.csr -noout -pubkey