$ openssl x509 -enddate -noout -in cacert.pem notAfter=Aug 13 23:59:00 2018 GMT $
If you want to view the starting date for the certificate, you can use
-startdate.
$ openssl x509 -startdate -enddate -noout -in cacert.pem notBefore=Aug 13 00:29:00 1998 GMT notAfter=Aug 13 23:59:00 2018 GMT $
Parameters that can be used to extract information regarding the certificate include the following:
| startdate | Start date for the certificate to be valid |
| enddate | Expiration date for the certificate |
| issuer | Certificate issuer |
| subject | Certificate subject |
| hash | Hash value for the certificate |
| purpose | Purpose for the certificate |
E.g.:
$ openssl x509 -startdate -enddate -issuer -subject -hash -noout -in cacert.pem notBefore=Aug 13 00:29:00 1998 GMT notAfter=Aug 13 23:59:00 2018 GMT issuer= /C=US/O=GTE Corporation/OU=GTE CyberTrust Solutions, Inc./CN=GTE CyberTr ust Global Root subject= /C=US/O=GTE Corporation/OU=GTE CyberTrust Solutions, Inc./CN=GTE CyberT rust Global Root 4d654d1d $ openssl x509 -purpose -noout -in cacert.pem Certificate purposes: SSL client : Yes SSL client CA : Yes (WARNING code=3) SSL server : Yes SSL server CA : Yes (WARNING code=3) Netscape SSL server : Yes Netscape SSL server CA : Yes (WARNING code=3) S/MIME signing : Yes S/MIME signing CA : Yes (WARNING code=3) S/MIME encryption : Yes S/MIME encryption CA : Yes (WARNING code=3) CRL signing : Yes CRL signing CA : Yes (WARNING code=3) Any Purpose : Yes Any Purpose CA : Yes OCSP helper : Yes OCSP helper CA : Yes (WARNING code=3) $
If you want to view additional information for the certificate, you can
also use the -text option, instead as shown below:
$ openssl x509 -text -noout -in cacert.pem
Certificate:
Data:
Version: 1 (0x0)
Serial Number: 421 (0x1a5)
Signature Algorithm: md5WithRSAEncryption
Issuer: C=US, O=GTE Corporation, OU=GTE CyberTrust Solutions, Inc., CN=GTE CyberTrust Global Root
Validity
Not Before: Aug 13 00:29:00 1998 GMT
Not After : Aug 13 23:59:00 2018 GMT
Subject: C=US, O=GTE Corporation, OU=GTE CyberTrust Solutions, Inc., CN=GTE CyberTrust Global Root
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public Key: (1024 bit)
Modulus (1024 bit):
00:95:0f:a0:b6:f0:50:9c:e8:7a:c7:88:cd:dd:17:
0e:2e:b0:94:d0:1b:3d:0e:f6:94:c0:8a:94:c7:06:
c8:90:97:c8:b8:64:1a:7a:7e:6c:3c:53:e1:37:28:
73:60:7f:b2:97:53:07:9f:53:f9:6d:58:94:d2:af:
8d:6d:88:67:80:e6:ed:b2:95:cf:72:31:ca:a5:1c:
72:ba:5c:02:e7:64:42:e7:f9:a9:2c:d6:3a:0d:ac:
8d:42:aa:24:01:39:e6:9c:3f:01:85:57:0d:58:87:
45:f8:d3:85:aa:93:69:26:85:70:48:80:3f:12:15:
c7:79:b4:1f:05:2f:3b:62:99
Exponent: 65537 (0x10001)
Signature Algorithm: md5WithRSAEncryption
6d:eb:1b:09:e9:5e:d9:51:db:67:22:61:a4:2a:3c:48:77:e3:
a0:7c:a6:de:73:a2:14:03:85:3d:fb:ab:0e:30:c5:83:16:33:
81:13:08:9e:7b:34:4e:df:40:c8:74:d7:b9:7d:dc:f4:76:55:
7d:9b:63:54:18:e9:f0:ea:f3:5c:b1:d9:8b:42:1e:b9:c0:95:
4e:ba:fa:d5:e2:7c:f5:68:61:bf:8e:ec:05:97:5f:5b:b0:d7:
a3:85:34:c4:24:a7:0d:0f:95:93:ef:cb:94:d8:9e:1f:9d:5c:
85:6d:c7:aa:ae:4f:1f:22:b5:cd:95:ad:ba:a7:cc:f9:ab:0b:
7a:7f
$OpenSSL usage options for X.509 are as follows:
usage: x509 args
-inform arg - input format - default PEM (one of DER, NET or PEM)
-outform arg - output format - default PEM (one of DER, NET or PEM)
-keyform arg - private key format - default PEM
-CAform arg - CA format - default PEM
-CAkeyform arg - CA key format - default PEM
-in arg - input file - default stdin
-out arg - output file - default stdout
-passin arg - private key password source
-serial - print serial number value
-subject_hash - print subject hash value
-issuer_hash - print issuer hash value
-hash - synonym for -subject_hash
-subject - print subject DN
-issuer - print issuer DN
-email - print email address(es)
-startdate - notBefore field
-enddate - notAfter field
-purpose - print out certificate purposes
-dates - both Before and After dates
-modulus - print the RSA key modulus
-pubkey - output the public key
-fingerprint - print the certificate fingerprint
-alias - output certificate alias
-noout - no certificate output
-ocspid - print OCSP hash values for the subject name and public key
-ocsp_uri - print OCSP Responder URL(s)
-trustout - output a "trusted" certificate
-clrtrust - clear all trusted purposes
-clrreject - clear all rejected purposes
-addtrust arg - trust certificate for a given purpose
-addreject arg - reject certificate for a given purpose
-setalias arg - set certificate alias
-days arg - How long till expiry of a signed certificate - def 30 days
-checkend arg - check whether the cert expires in the next arg seconds
exit 1 if so, 0 if not
-signkey arg - self sign cert with arg
-x509toreq - output a certification request object
-req - input is a certificate request, sign and output.
-CA arg - set the CA certificate, must be PEM format.
-CAkey arg - set the CA key, must be PEM format
missing, it is assumed to be in the CA file.
-CAcreateserial - create serial number file if it does not exist
-CAserial arg - serial file
-set_serial - serial number to use
-text - print the certificate in text form
-C - print out C code forms
-md2/-md5/-sha1/-mdc2 - digest to use
-extfile - configuration file with X509V3 extensions to add
-extensions - section from config file with X509V3 extensions to add
-clrext - delete extensions before signing and input certificate
-nameopt arg - various certificate name options
-engine e - use engine e, possibly a hardware device.
-certopt arg - various certificate text options
$