Reputation: 97
Certificate missing extensions
I'm using OpenSSL to generate keys/csrs/certs. I'm using a openssl.cnf file to add extensions to these certifications.
How do I check if a completed cert has the extensions that I requested using OpenSSL's command line?
I've tried this line of code:
openssl x509 -in certificate.crt -text -noout
But it doesn't show the extensions. I've also fiddled around with verify, but it doesn't work either.
I'm looking to check the values of these extensions: basicConstraints, keyUsage, serverAuth
Thanks
Upvotes: 2
Views: 2198
Answers (1)
Reputation: 123320
openssl x509 -in certificate.crt -text -nooutBut it doesn't show the extensions
If this does not show the extensions then there are probably no extensions in your certificate. If you take for instance the certificate you get when visiting paypal.com the command line above will give you lots of extensions, like:
X509v3 extensions:
X509v3 Subject Alternative Name:
DNS:history.paypal.com, DNS:t.paypal.com, ...
X509v3 Basic Constraints:
CA:FALSE
X509v3 Key Usage: critical
Digital Signature, Key Encipherment
X509v3 Extended Key Usage:
TLS Web Server Authentication, TLS Web Client Authentication
...
Upvotes: 2
Related Questions
- SSL certificate rejected trying to access GitHub over HTTPS behind firewall
- curl: (60) SSL certificate problem: unable to get local issuer certificate
- OpenSSL extensions to CA certificate
- Should the certificate signing request generated from a self signed certificate using openssl show extensions attributes?
- Trouble getting https to work with self signed certificate on aws elastic load balancer
- openssl x509 - what is trusted and rejected uses of SSL certificate?