Il est possible de voir toutes les données d’un certificat SSL à partir de son fichier .crt ou .pem. La commande à utiliser est : openssl x509 -noout -text -in /chemin/vers/le/certificat
. Par exemple :
# openssl x509 -noout -text -in /etc/letsencrypt/live/palc.fr/fullchain.pem Certificate: Data: Version: 3 (0x2) Serial Number: 04:b2:f9:cb:ca:20:c1:05:b9:08:fa:31:80:d8:31:2c:fd:b6 Signature Algorithm: sha256WithRSAEncryption Issuer: C = US, O = Let's Encrypt, CN = R3 Validity Not Before: Aug 30 08:10:06 2021 GMT Not After : Nov 28 08:10:05 2021 GMT Subject: CN = palc.fr Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public-Key: (2048 bit) Modulus: 00:b8:88:80:7f:d8:a9:30:71:e7:4e:4f:0d:a3:1b: c9:51:f7:6e:b8:01:49:14:f1:c6:5d:07:fe:da:50: 6a:95:5a:fc:d6:97:e1:3b:5e:af:ab:8a:7b:11:8a: a8:33:aa:34:71:0f:9a:0e:32:35:c8:96:29:86:08: 52:eb:24:a7:b8:8d:35:9f:e6:af:f7:29:3c:83:d9: e3:89:9e:50:de:a9:fe:43:bd:d8:db:fd:70:f9:52: ae:fd:a7:ae:55:88:6f:a4:da:48:05:7b:4a:ee:41: 2b:23:08:38:f3:e8:0f:aa:c7:93:9f:41:a1:1d:dd: 45:46:f9:81:da:33:6b:3e:95:28:d5:eb:24:78:35: b9:7c:85:ea:c6:0d:12:d5:a3:8a:50:f6:42:ce:45: 1d:f3:41:fd:f4:ce:1c:28:10:45:c1:ad:39:0f:6e: 05:7b:8d:b8:f9:98:45:21:7a:b9:df:40:55:26:7a: 6f:e1:f6:d5:2a:44:42:92:55:b4:25:f3:97:36:3f: 8b:fb:9e:ec:21:2b:b0:36:5b:67:10:b6:75:d3:3b: 2b:cc:ed:ec:72:5c:c3:07:1f:b1:ad:f2:67:9e:f1: 37:10:16:c4:02:de:57:9f:a4:a6:54:a5:b4:61:5c: 63:bc:07:6a:87:00:97:81:d6:b0:2f:2c:1e:cc:e4: 11:a1 Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Key Usage: critical Digital Signature, Key Encipherment X509v3 Extended Key Usage: TLS Web Server Authentication, TLS Web Client Authentication X509v3 Basic Constraints: critical CA:FALSE X509v3 Subject Key Identifier: 41:A3:12:A9:41:CF:C4:C4:0B:57:67:C0:1B:97:E4:49:1F:A0:02:B8 X509v3 Authority Key Identifier: keyid:14:2E:B3:17:B7:58:56:CB:AE:50:09:40:E6:1F:AF:9D:8B:14:C2:C6 Authority Information Access: OCSP - URI:http://r3.o.lencr.org CA Issuers - URI:http://r3.i.lencr.org/ X509v3 Subject Alternative Name: DNS:palc.fr, DNS:www.palc.fr X509v3 Certificate Policies: Policy: 2.23.140.1.2.1 Policy: 1.3.6.1.4.1.44947.1.1.1 CPS: http://cps.letsencrypt.org CT Precertificate SCTs: Signed Certificate Timestamp: Version : v1 (0x0) Log ID : 5C:DC:43:92:FE:E6:AB:45:44:B1:5E:9A:D4:56:E6:10: 37:FB:D5:FA:47:DC:A1:73:94:B2:5E:E6:F6:C7:0E:CA Timestamp : Aug 30 09:10:07.070 2021 GMT Extensions: none Signature : ecdsa-with-SHA256 30:45:02:20:71:5B:63:71:90:A2:5F:BE:20:32:CB:54: 6B:92:DE:CE:4F:EE:24:AE:8D:95:AE:8E:69:61:5E:19: 94:6C:2A:84:02:21:00:8F:B2:5A:AB:36:EA:38:40:CD: 13:C2:71:D9:5A:B7:81:86:7C:13:57:8D:4A:B6:2E:6F: 65:98:9A:81:AF:AF:78 Signed Certificate Timestamp: Version : v1 (0x0) Log ID : F6:5C:94:2F:D1:77:30:22:14:54:18:08:30:94:56:8E: E3:4D:13:19:33:BF:DF:0C:2F:20:0B:CC:4E:F1:64:E3 Timestamp : Aug 30 09:10:07.079 2021 GMT Extensions: none Signature : ecdsa-with-SHA256 30:45:02:21:00:F5:6D:43:4C:49:68:F7:E1:E3:D0:E2: D1:1C:B2:A8:55:DA:7F:22:CA:35:17:C5:AE:3C:50:12: 1B:A5:D5:AE:D6:02:20:50:EC:B7:A4:37:62:3C:7A:FB: 96:4D:1B:17:AB:F8:9D:A1:3C:DE:37:6E:71:45:58:AE: 3C:7E:C7:5A:D0:B3:FB Signature Algorithm: sha256WithRSAEncryption 89:34:fa:07:9c:ea:3e:05:70:dd:9f:11:b9:5a:36:3c:49:70: 47:86:41:bb:97:73:82:52:be:20:1e:93:53:d9:2d:e0:29:2a: c7:83:5f:47:54:d8:57:72:f5:05:87:2f:f1:22:6c:bd:20:9f: 1f:5a:90:73:81:a7:3e:06:63:5f:f1:01:fa:01:2c:4a:13:61: 91:1e:c4:2d:d5:e1:17:28:8c:23:17:8c:42:b9:32:4d:dd:83: 1f:ce:a3:51:72:bf:9c:1a:6f:66:1e:75:59:34:c1:e0:b2:83: c4:2e:1a:ad:d1:71:4d:43:79:9d:0b:af:1e:7b:7c:e4:d5:08: b6:bf:ba:b8:fa:90:49:86:e6:ef:eb:9f:c5:a2:3a:39:2c:49: 03:81:30:36:e7:ed:d0:2c:1c:94:a7:97:0b:cc:a9:58:d8:0d: a6:20:c6:5e:67:7b:b7:5f:13:1a:5b:b1:13:8b:d0:e2:69:79: 1e:e9:f6:2c:90:30:3c:a9:b8:e2:a5:a7:51:0b:a0:e0:f8:10: 11:ec:e4:0e:c4:3c:2a:3e:65:39:c7:2e:78:f8:56:52:92:db: 47:5b:81:9b:d3:f0:7a:be:bf:98:e9:a9:d2:92:d6:46:7d:2f: a6:fc:25:eb:9f:5c:94:7a:fb:d0:fc:9a:49:8a:d0:4c:35:bb: 76:c2:4b:67
Ca peutpermets de vérifier facilement les DNS concerner, ou la date d’expiration, par exemple.