Skip to content

X.509 Certificates

Jump to bottom
takeshix edited this page May 10, 2018 · 1 revision

deen provides the X.509 plugin that prints a human-readable representation of X.509 certificates in PEM format. The representation is the same as running openssl x509 -text with the OpenSSL CLI tool.

In order to illustrate how to use the X.509 plugin, here is an example certificate:

-----BEGIN CERTIFICATE-----
MIIHeTCCBmGgAwIBAgIQC/20CQrXteZAwwsWyVKaJzANBgkqhkiG9w0BAQsFADB1
MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3
d3cuZGlnaWNlcnQuY29tMTQwMgYDVQQDEytEaWdpQ2VydCBTSEEyIEV4dGVuZGVk
IFZhbGlkYXRpb24gU2VydmVyIENBMB4XDTE2MDMxMDAwMDAwMFoXDTE4MDUxNzEy
MDAwMFowgf0xHTAbBgNVBA8MFFByaXZhdGUgT3JnYW5pemF0aW9uMRMwEQYLKwYB
BAGCNzwCAQMTAlVTMRkwFwYLKwYBBAGCNzwCAQITCERlbGF3YXJlMRAwDgYDVQQF
Ewc1MTU3NTUwMSQwIgYDVQQJExs4OCBDb2xpbiBQIEtlbGx5LCBKciBTdHJlZXQx
DjAMBgNVBBETBTk0MTA3MQswCQYDVQQGEwJVUzETMBEGA1UECBMKQ2FsaWZvcm5p
YTEWMBQGA1UEBxMNU2FuIEZyYW5jaXNjbzEVMBMGA1UEChMMR2l0SHViLCBJbmMu
MRMwEQYDVQQDEwpnaXRodWIuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB
CgKCAQEA54hc8pZclxgcupjiA/F/OZGRwm/ZlucoQGTNTKmBEgNsrn/mxhngWmPw
bAvUaLP//T79Jc+1WXMpxMiz9PK6yZRRFuIo0d2bx423NA6hOL2RTtbnfs+y0PFS
/YTpQSelTuq+Fuwts5v6aAweNyMcYD0HBybkkdosFoDccBNzJ92Ac8I5EVDUc3Or
/4jSyZwzxu9kdmBlBzeHMvsqdH8SX9mNahXtXxRpwZnBiUjw36PgN+s9GLWGrafd
02T0ux9Yzd5ezkMxukqEAQ7AKIIijvaWPAJbK/52XLhIy2vpGNylyni/DQD18bBP
T+ZG1uv0QQP9LuY/joO+FKDOTler4wIDAQABo4IDejCCA3YwHwYDVR0jBBgwFoAU
PdNQpdagre7zSmAKZdMh1Pj41g8wHQYDVR0OBBYEFIhcSGcZzKB2WS0RecO+oqyH
IidbMCUGA1UdEQQeMByCCmdpdGh1Yi5jb22CDnd3dy5naXRodWIuY29tMA4GA1Ud
DwEB/wQEAwIFoDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwdQYDVR0f
BG4wbDA0oDKgMIYuaHR0cDovL2NybDMuZGlnaWNlcnQuY29tL3NoYTItZXYtc2Vy
dmVyLWcxLmNybDA0oDKgMIYuaHR0cDovL2NybDQuZGlnaWNlcnQuY29tL3NoYTIt
ZXYtc2VydmVyLWcxLmNybDBLBgNVHSAERDBCMDcGCWCGSAGG/WwCATAqMCgGCCsG
AQUFBwIBFhxodHRwczovL3d3dy5kaWdpY2VydC5jb20vQ1BTMAcGBWeBDAEBMIGI
BggrBgEFBQcBAQR8MHowJAYIKwYBBQUHMAGGGGh0dHA6Ly9vY3NwLmRpZ2ljZXJ0
LmNvbTBSBggrBgEFBQcwAoZGaHR0cDovL2NhY2VydHMuZGlnaWNlcnQuY29tL0Rp
Z2lDZXJ0U0hBMkV4dGVuZGVkVmFsaWRhdGlvblNlcnZlckNBLmNydDAMBgNVHRMB
Af8EAjAAMIIBfwYKKwYBBAHWeQIEAgSCAW8EggFrAWkAdgCkuQmQtBhYFIe7E6LM
Z3AKPDWYBPkb37jjd80OyA3cEAAAAVNhieoeAAAEAwBHMEUCIQCHHSEY/ROK2/sO
ljbKaNEcKWz6BxHJNPOtjSyuVnSn4QIgJ6RqvYbSX1vKLeX7vpnOfCAfS2Y8lB5R
NMwk6us2QiAAdgBo9pj4H2SCvjqM7rkoHUz8cVFdZ5PURNEKZ6y7T0/7xAAAAVNh
iennAAAEAwBHMEUCIQDZpd5S+3to8k7lcDeWBhiJASiYTk2rNAT26lVaM3xhWwIg
NUqrkIODZpRg+khhp8ag65B8mu0p4JUAmkRDbiYnRvYAdwBWFAaaL9fC7NP14b1E
sj7HRna5vJkRXMDvlJhV1onQ3QAAAVNhieqZAAAEAwBIMEYCIQDnm3WStlvE99GC
izSx+UGtGmQk2WTokoPgo1hfiv8zIAIhAPrYeXrBgseA9jUWWoB4IvmcZtshjXso
nT8MIG1u1zF8MA0GCSqGSIb3DQEBCwUAA4IBAQCLbNtkxuspqycq8h1EpbmAX0wM
5DoW7hM/FVdz4LJ3Kmftyk1yd8j/PSxRrAQN2Mr/frKeK8NE1cMji32mJbBqpWtK
/+wC+avPplBUbNpzP53cuTMF/QssxItPGNP5/OT9Aj1BxA/NofWZKh4ufV7cz3pY
RDS4BF+EEFQ4l5GY+yp4WJA/xSvYsTHWeWxRD1/nl62/Rd9FN2NkacRVozCxRVle
FrBHTFxqIP6kDnxiLElBrZngtY07ietaYZVLQN/ETyqLQftsf8TecwTklbjvm8NT
JqbaIVifYwqwNN+4lRxS3F5lNlA/il12IOgbRioLI62o8G0DaEUQgHNf8vSG
-----END CERTIFICATE-----

This certificate can be printed by deen by either supplying the filename (where the certificate is stored) or by piping it into STDIN:

$ deen -p x509 cert.pem
or
$ cat cert.pem | deen -p x509 -
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            0b:fd:b4:09:0a:d7:b5:e6:40:c3:0b:16:c9:52:9a:27
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert SHA2 Extended Validation Server CA
        Validity
            Not Before: Mar 10 00:00:00 2016 GMT
            Not After : May 17 12:00:00 2018 GMT
        Subject: businessCategory=Private Organization/jurisdictionC=US/jurisdictionST=Delaware/serialNumber=5157550/street=88 Colin P Kelly, Jr Street/postalCode=94107, C=US, ST=California, L=San Francisco, O=GitHub, Inc., CN=github.com
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                Public-Key: (2048 bit)
                Modulus:
                    00:e7:88:5c:f2:96:5c:97:18:1c:ba:98:e2:03:f1:
                    7f:39:91:91:c2:6f:d9:96:e7:28:40:64:cd:4c:a9:
                    81:12:03:6c:ae:7f:e6:c6:19:e0:5a:63:f0:6c:0b:
                    d4:68:b3:ff:fd:3e:fd:25:cf:b5:59:73:29:c4:c8:
                    b3:f4:f2:ba:c9:94:51:16:e2:28:d1:dd:9b:c7:8d:
                    b7:34:0e:a1:38:bd:91:4e:d6:e7:7e:cf:b2:d0:f1:
                    52:fd:84:e9:41:27:a5:4e:ea:be:16:ec:2d:b3:9b:
                    fa:68:0c:1e:37:23:1c:60:3d:07:07:26:e4:91:da:
                    2c:16:80:dc:70:13:73:27:dd:80:73:c2:39:11:50:
                    d4:73:73:ab:ff:88:d2:c9:9c:33:c6:ef:64:76:60:
                    65:07:37:87:32:fb:2a:74:7f:12:5f:d9:8d:6a:15:
                    ed:5f:14:69:c1:99:c1:89:48:f0:df:a3:e0:37:eb:
                    3d:18:b5:86:ad:a7:dd:d3:64:f4:bb:1f:58:cd:de:
                    5e:ce:43:31:ba:4a:84:01:0e:c0:28:82:22:8e:f6:
                    96:3c:02:5b:2b:fe:76:5c:b8:48:cb:6b:e9:18:dc:
                    a5:ca:78:bf:0d:00:f5:f1:b0:4f:4f:e6:46:d6:eb:
                    f4:41:03:fd:2e:e6:3f:8e:83:be:14:a0:ce:4e:57:
                    ab:e3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Authority Key Identifier: 
                keyid:3D:D3:50:A5:D6:A0:AD:EE:F3:4A:60:0A:65:D3:21:D4:F8:F8:D6:0F
[...]

This option can also be used with OpenSSL's s_client to print certificates of SSL/TLS enabled services:

$ openssl s_client -showcerts -connect github.com:443 </dev/null 2>/dev/null | deen -p x509 -

Certificates in DER format

The PEM format is just a Base64-encoded representation of certificates with a "BEGIN CERTIFICATE" prefix and a "END CERTIFICATE" suffix. SO in order to use the --x509 option certificates in DER formats have to be encoded first:

$ cat cert.der | deen -p base64 - | deen -p x509 -

Note: deen will try to add the prefix and suffix to the Base64 encoded data.

Clone this wiki locally