I am using Java keytool. I have exported a self-signed .pem certificate from my keystore. Is there a command to view the certificate details directly from the .pem file (not of the certificate in the keystore)?
Asked
Active
Viewed 3.4e+01k times
210
-
Portecle is also very useful for that: http://portecle.sourceforge.net/ – endo64 Dec 28 '18 at 07:30
2 Answers
405
An alternative to using keytool, you can use the command
openssl x509 -in certificate.pem -text
This should work for any x509 .pem file provided you have openssl installed.
Cristian Ciupitu
- 19,240
- 7
- 48
- 73
StampyCode
- 6,099
- 2
- 25
- 43
-
7Actually, `keytool` errored out with `java.lang.Exception: Failed to parse input` for some pems, but this worked for all of them – Csaba Toth Apr 13 '18 at 18:23
-
If you want the aliases only: `openssl x509 -in file.pem -text | grep -A 1 'Alternative Name'` – qräbnö Jul 11 '18 at 10:27
-
4In my case I had to change "x509" with "rsa" so I guess it depends on the .pem contents. I used `file` command to know that it was "rsa" and not "x509" (e.g. `file xyz.pem`). – MegaTux May 22 '19 at 19:40
-
9@megatux a PEM file can contain a few different types of data `x509` is the format for certificates, `rsa` is the format for a public/private key pair. – alfwatt Jun 07 '19 at 22:46
-
1
-
4For shorter text-output try: `openssl x509 -in certificate.pem -text -noout` - This will omit the last ~ 40 lines of text from the output ( BEGIN CERTIFICATE ... END CERTIFICATE stuff) – knb Oct 22 '20 at 12:28
-
1
-
1
211
Use the -printcert command like this:
keytool -printcert -file certificate.pem
Cristian Ciupitu
- 19,240
- 7
- 48
- 73
Drona
- 6,482
- 1
- 27
- 35
-
35
-
13@Maximilian it may happen on APNS certificates, which combines private key & certificate into one `.pem`. Separate them into 2 files using text editor and the above command will work. (Hint: copy `-- BEGIN CERTIFICATE --` line to `-- END CERTIFICATE --` line to new file) – Raptor Jan 02 '15 at 04:13
-
1
-