Linux : How to get certificate information from a certificate file

How to get certificate information from a certificate file?

As an engineer, administrator, operator or a developer, sometimes you need to learn certificate information from an application, host system or whatever else. Almost all modern browsers allows you to get certificate information by simply clicking a red/green or crossed lock icon or following page information agents.

But sometimes you can’t use browsers, you can’t leave your cli session due to lack of connection problem or some other factors. If you need to learn basic certificate information in Linux, you can use openssl command line tool. openssl is a handy tool that allows you to perform bunch of certificate based requirements, including getting certificate, renewing, generating a new one and of course getting information from them.

In this article you simply get the certificate information from a saved certificate.

[ozgurkkisa@workstation]$ openssl x509 -in \
  wildcard-api.pem -noout -subject -issuer -ext 'subjectAltName' -dates
subject=C = US, ST = NC, L = Raleigh, O = "Red Hat, Inc.", OU = Training, CN = *.apps.ocp4.example.com
issuer=C = US, ST = NC, L = Raleigh, O = "Red Hat, Inc.", OU = Training, CN = GLS Training Classroom Certificate Authority
X509v3 Subject Alternative Name:
    DNS:*.apps.ocp4.example.com, DNS:api.ocp4.example.com
notBefore=Sep  2 14:11:33 2021 GMT
notAfter=Aug 31 14:11:33 2031 GMT

As seen at the above, I run the command :

openssl x509 -in \

wildcard-api.pem -noout -subject -issuer -ext ‘subjectAltName’ -dates

wildcar-api.pem is my certificate that stored on my workstation, also I called the subject name, Subject alternative name, issuer information and certificate creation and expiration date.As you see, issuer is Redhat, certificate dns name is a wildcard domain name *.app.ocp4.example.com and alternative names are *.app.ocp4.example.com and app.ocp4.example.com

It will expire at 31 Aug 2031

If you haven’t the certificates as file, you can fetch them from the server. To perform this, use openssl again by running like that :

[ozgurkkisa@workstation]$ openssl s_client -connect www.google.com:443 -showcerts

The command would show you the connection certificates as a screen output. To save the output as a file, simply select the output with begun with — — BEGIN CERTIFICATE — — — until — — END CERTIFICATE — — — and paste information into an empty file.

Another and more useful method is the just putting > ~/google.cer line to the at the end of the original command above.

Note: The command above shows you the output, but you cannot back to the console automatically. You need to press ctrl+c to quit. For the method above, you should press ctrl+c to exit so file would be created.

I think this simple information will be handy for further operations and your action plans.

See you soon, Regards all techies!