Il est possible de voir toutes les données d’un certificat SSL à partir de son fichier .crt ou .pem. La commande à utiliser est : openssl x509 -noout -text -in /chemin/vers/le/certificat. Par exemple :
# openssl x509 -noout -text -in /etc/letsencrypt/live/palc.fr/fullchain.pem
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
04:b2:f9:cb:ca:20:c1:05:b9:08:fa:31:80:d8:31:2c:fd:b6
Signature Algorithm: sha256WithRSAEncryption
Issuer: C = US, O = Let's Encrypt, CN = R3
Validity
Not Before: Aug 30 08:10:06 2021 GMT
Not After : Nov 28 08:10:05 2021 GMT
Subject: CN = palc.fr
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b8:88:80:7f:d8:a9:30:71:e7:4e:4f:0d:a3:1b:
c9:51:f7:6e:b8:01:49:14:f1:c6:5d:07:fe:da:50:
6a:95:5a:fc:d6:97:e1:3b:5e:af:ab:8a:7b:11:8a:
a8:33:aa:34:71:0f:9a:0e:32:35:c8:96:29:86:08:
52:eb:24:a7:b8:8d:35:9f:e6:af:f7:29:3c:83:d9:
e3:89:9e:50:de:a9:fe:43:bd:d8:db:fd:70:f9:52:
ae:fd:a7:ae:55:88:6f:a4:da:48:05:7b:4a:ee:41:
2b:23:08:38:f3:e8:0f:aa:c7:93:9f:41:a1:1d:dd:
45:46:f9:81:da:33:6b:3e:95:28:d5:eb:24:78:35:
b9:7c:85:ea:c6:0d:12:d5:a3:8a:50:f6:42:ce:45:
1d:f3:41:fd:f4:ce:1c:28:10:45:c1:ad:39:0f:6e:
05:7b:8d:b8:f9:98:45:21:7a:b9:df:40:55:26:7a:
6f:e1:f6:d5:2a:44:42:92:55:b4:25:f3:97:36:3f:
8b:fb:9e:ec:21:2b:b0:36:5b:67:10:b6:75:d3:3b:
2b:cc:ed:ec:72:5c:c3:07:1f:b1:ad:f2:67:9e:f1:
37:10:16:c4:02:de:57:9f:a4:a6:54:a5:b4:61:5c:
63:bc:07:6a:87:00:97:81:d6:b0:2f:2c:1e:cc:e4:
11:a1
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Key Usage: critical
Digital Signature, Key Encipherment
X509v3 Extended Key Usage:
TLS Web Server Authentication, TLS Web Client Authentication
X509v3 Basic Constraints: critical
CA:FALSE
X509v3 Subject Key Identifier:
41:A3:12:A9:41:CF:C4:C4:0B:57:67:C0:1B:97:E4:49:1F:A0:02:B8
X509v3 Authority Key Identifier:
keyid:14:2E:B3:17:B7:58:56:CB:AE:50:09:40:E6:1F:AF:9D:8B:14:C2:C6
Authority Information Access:
OCSP - URI:http://r3.o.lencr.org
CA Issuers - URI:http://r3.i.lencr.org/
X509v3 Subject Alternative Name:
DNS:palc.fr, DNS:www.palc.fr
X509v3 Certificate Policies:
Policy: 2.23.140.1.2.1
Policy: 1.3.6.1.4.1.44947.1.1.1
CPS: http://cps.letsencrypt.org
CT Precertificate SCTs:
Signed Certificate Timestamp:
Version : v1 (0x0)
Log ID : 5C:DC:43:92:FE:E6:AB:45:44:B1:5E:9A:D4:56:E6:10:
37:FB:D5:FA:47:DC:A1:73:94:B2:5E:E6:F6:C7:0E:CA
Timestamp : Aug 30 09:10:07.070 2021 GMT
Extensions: none
Signature : ecdsa-with-SHA256
30:45:02:20:71:5B:63:71:90:A2:5F:BE:20:32:CB:54:
6B:92:DE:CE:4F:EE:24:AE:8D:95:AE:8E:69:61:5E:19:
94:6C:2A:84:02:21:00:8F:B2:5A:AB:36:EA:38:40:CD:
13:C2:71:D9:5A:B7:81:86:7C:13:57:8D:4A:B6:2E:6F:
65:98:9A:81:AF:AF:78
Signed Certificate Timestamp:
Version : v1 (0x0)
Log ID : F6:5C:94:2F:D1:77:30:22:14:54:18:08:30:94:56:8E:
E3:4D:13:19:33:BF:DF:0C:2F:20:0B:CC:4E:F1:64:E3
Timestamp : Aug 30 09:10:07.079 2021 GMT
Extensions: none
Signature : ecdsa-with-SHA256
30:45:02:21:00:F5:6D:43:4C:49:68:F7:E1:E3:D0:E2:
D1:1C:B2:A8:55:DA:7F:22:CA:35:17:C5:AE:3C:50:12:
1B:A5:D5:AE:D6:02:20:50:EC:B7:A4:37:62:3C:7A:FB:
96:4D:1B:17:AB:F8:9D:A1:3C:DE:37:6E:71:45:58:AE:
3C:7E:C7:5A:D0:B3:FB
Signature Algorithm: sha256WithRSAEncryption
89:34:fa:07:9c:ea:3e:05:70:dd:9f:11:b9:5a:36:3c:49:70:
47:86:41:bb:97:73:82:52:be:20:1e:93:53:d9:2d:e0:29:2a:
c7:83:5f:47:54:d8:57:72:f5:05:87:2f:f1:22:6c:bd:20:9f:
1f:5a:90:73:81:a7:3e:06:63:5f:f1:01:fa:01:2c:4a:13:61:
91:1e:c4:2d:d5:e1:17:28:8c:23:17:8c:42:b9:32:4d:dd:83:
1f:ce:a3:51:72:bf:9c:1a:6f:66:1e:75:59:34:c1:e0:b2:83:
c4:2e:1a:ad:d1:71:4d:43:79:9d:0b:af:1e:7b:7c:e4:d5:08:
b6:bf:ba:b8:fa:90:49:86:e6:ef:eb:9f:c5:a2:3a:39:2c:49:
03:81:30:36:e7:ed:d0:2c:1c:94:a7:97:0b:cc:a9:58:d8:0d:
a6:20:c6:5e:67:7b:b7:5f:13:1a:5b:b1:13:8b:d0:e2:69:79:
1e:e9:f6:2c:90:30:3c:a9:b8:e2:a5:a7:51:0b:a0:e0:f8:10:
11:ec:e4:0e:c4:3c:2a:3e:65:39:c7:2e:78:f8:56:52:92:db:
47:5b:81:9b:d3:f0:7a:be:bf:98:e9:a9:d2:92:d6:46:7d:2f:
a6:fc:25:eb:9f:5c:94:7a:fb:d0:fc:9a:49:8a:d0:4c:35:bb:
76:c2:4b:67
Ca peutpermets de vérifier facilement les DNS concerner, ou la date d’expiration, par exemple.