Skip to main content
Delphix

How to Investigate Certificates (UNIX/Linux) (KBA10528)

  1. Last updated
  2. Save as PDF
 

 

KBA

KBA#
10528

Applicable Delphix Versions

Click here to view the versions of the Delphix engine to which this article applies
Date Release
Oct 18, 2023 16.0.0.0
Sep 21, 2023 15.0.0.0
Aug 24, 2023 14.0.0.0
Jul 24, 2023 13.0.0.0
Jun 21, 2023 12.0.0.0
May 25, 2023 11.0.0.0
Apr 13, 2023 10.0.0.0 | 10.0.0.1
Mar 13, 2023 | Mar 20, 2023 9.0.0.0 | 9.0.0.1
Feb 13, 2023 8.0.0.0
Jan 12, 2023 7.0.0.0
Releases Prior to 2023
Major Release All Sub Releases
6.0

6.0.0.0, 6.0.1.0, 6.0.1.1, 6.0.2.0, 6.0.2.1, 6.0.3.0, 6.0.3.1, 6.0.4.0, 6.0.4.1, 6.0.4.2, 6.0.5.0, 6.0.6.0, 6.0.6.1, 6.0.7.0, 6.0.8.0, 6.0.8.1, 6.0.9.0, 6.0.10.0, 6.0.10.1, 6.0.11.0, 6.0.12.0, 6.0.12.1, 6.0.13.0, 6.0.13.1, 6.0.14.0, 6.0.15.0, 6.0.16.0, 6.0.17.0, 6.0.17.1, 6.0.17.2

5.3

 5.3.0.0, 5.3.0.1, 5.3.0.2, 5.3.0.3, 5.3.1.0, 5.3.1.1, 5.3.1.2, 5.3.2.0, 5.3.3.0, 5.3.3.1, 5.3.4.0, 5.3.5.0, 5.3.6.0, 5.3.7.0, 5.3.7.1, 5.3.8.0, 5.3.8.1, 5.3.9.0

5.2

5.2.2.0, 5.2.2.1, 5.2.3.0, 5.2.4.0, 5.2.5.0, 5.2.5.1, 5.2.6.0, 5.2.6.1

5.1

5.1.0.0, 5.1.1.0, 5.1.2.0, 5.1.3.0, 5.1.4.0, 5.1.5.0, 5.1.5.1, 5.1.6.0, 5.1.7.0, 5.1.8.0, 5.1.8.1, 5.1.9.0, 5.1.10.0

5.0

5.0.1.0, 5.0.1.1, 5.0.2.0, 5.0.2.1, 5.0.2.2, 5.0.2.3, 5.0.3.0, 5.0.3.1, 5.0.4.0, 5.0.4.1, 5.0.5.0, 5.0.5.1, 5.0.5.2, 5.0.5.3, 5.0.5.4

Summary

How you investigate a certificate depends on whether this is for a client application investigating a certificate already installed on a server or for a server application that is failing to install a certificate. Specifically, we can use investigation commands and their output to:

  • Verify the certificate chain is unbroken back to the root CA certificate.
  • Verify the common name matches the hostname or FQDN of the server.
  • Verify that Subject Alternative Names (SANs) exist and that they exactly match the hostname or FQDN used to access the server from the client.
  • Verify that no certificate in the chain is outside of the validity period.
  • Verify the key length and ensure it is long enough to meet any security requirements you might have.
  • Verify that the end entity certificate has the expected alias defined.
  • Extract the certificates to PEM files for import to a truststore.

In the examples here, useful information in the output has been highlighted to help the reader understand commands with a great deal of output.

Investigating an In-Use Certificate

The following command can be used to extract useful information about the certificate, such as the validity period and chain. If you have not yet installed the root CA or intermediate CA certificates to your client truststore, the output of this command also provides the certificates themselves so they can be saved to file and imported.

$ openssl s_client -connect <HOSTNAME>:<PORT> -showcerts

Example:

$ echo Q | openssl s_client -connect 192.168.1.60:443 -showcerts
CONNECTED(00000003)
Can't use SSL_get_servername
depth=2 C = JA, ST = Hokkaido, L = Sapporo, O = Delphix, OU = Security, CN = root.ca.Delphix.com, emailAddress = noreply@delphix.com
verify error:num=19:self-signed certificate in certificate chain
verify return:1
depth=2 C = JA, ST = Hokkaido, L = Sapporo, O = Delphix, OU = Security, CN = root.ca.Delphix.com, emailAddress = noreply@delphix.com
verify return:1
depth=1 C = JA, ST = Hokkaido, O = Delphix, OU = Security, L = Sapporo, CN = web.ca.Delphix.com, emailAddress = noreply@delphix.com
verify return:1
depth=0 C = JA, ST = Hokkaido, O = Delphix, OU = Security, L = Sapporo, CN = sapporo
verify return:1
---
Certificate chain
 0 s:C = JA, ST = Hokkaido, O = Delphix, OU = Security, L = Sapporo, CN = sapporo
   i:C = JA, ST = Hokkaido, O = Delphix, OU = Security, L = Sapporo, CN = web.ca.Delphix.com, emailAddress = noreply@delphix.com
   a:PKEY: rsaEncryption, 2048 (bit); sigalg: RSA-SHA256
   v:NotBefore: May 28 01:59:40 2021 GMT; NotAfter: Jul 16 01:59:40 2026 GMT
-----BEGIN CERTIFICATE-----
MIIFATCCA+mgAwIBAgIEAJiWgTANBgkqhkiG9w0BAQsFADCBozELMAkGA1UEBhMC
SkExETAPBgNVBAgTCEhva2thaWRvMRMwEQYDVQQKEwpBc2lhQ29tdGVrMREwDwYD
VQQLEwhTZWN1cml0eTEQMA4GA1UEBxMHU2FwcG9ybzEeMBwGA1UEAxMVd2ViLmNh
LmFzaWFjb210ZWsuY29tMScwJQYJKoZIhvcNAQkBFhhkZXZlbG9wZXJAYXNpYWNv
bXRlay5jb20wHhcNMjEwNTI4MDE1OTQwWhcNMjYwNzE2MDE1OTQwWjBsMQswCQYD
VQQGEwJKQTERMA8GA1UECBMISG9ra2FpZG8xEzARBgNVBAoTCkFzaWFDb210ZWsx
ETAPBgNVBAsTCFNlY3VyaXR5MRAwDgYDVQQHEwdTYXBwb3JvMRAwDgYDVQQDEwdz
YXBwb3JvMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAw1UskI3XemLG
O31GjbJOdxyHChJAHdXOrPEXyhK368Z9s9fiv0/2bh0BLiAt0xDKhAGNIcOUHJmZ
lJK1OCjamT0WEjMoh1ONzHK71ccYapJGLbBnra+Z/vKTIj/tph5atCiWrbvWpSaA
ZO9P4iVrFudbIIcr//+I6THA01iZCnFdUfzfTGOpkutQPok/AnuEfJssFJcCiOU7
BV/LUxok2O9gbrPiNZ/rov8sj6Zw1uYxQWy0CI8jTobGxeQjr1y92IG5t43/Y8Kz
ugfTIrINiN+YVZ4MLup4UCSLORr/hFCxxi3+38iC3ykDl0jug1wUigX2/oqSRB6d
I6mqw7RcjwIDAQABo4IBcTCCAW0wNgYJYIZIAYb4QgENBCkWJ0FDIFg1MDkgQXV0
aG9yaXR5IEdlbmVyYXRlZCBDZXJ0aWZpY2F0ZTAdBgNVHQ4EFgQUilspTG9+KbPF
7RUBhsK4m4m3YCkwHwYDVR0jBBgwFoAUHcmWhX7IyDlQKbGhlHKqixESeXIwgYsG
A1UdHwSBgzCBgDA4oDagNIYyaHR0cDovL2NhLmFzaWFjb210ZWsuY29tL3dlYi5j
YS5hc2lhY29tdGVrLmNvbS5jcmwwRKBCoECGPmh0dHA6Ly9jYS5hc2lhY29tdGVr
LmNvbS9iLXg1MDkvY3Jscy93ZWIuY2EuYXNpYWNvbXRlay5jb20uY3JsMAkGA1Ud
EwQCMAAwEQYJYIZIAYb4QgEBBAQDAgZAMEcGA1UdEQRAMD6CGnNhcHBvcm8ubGFu
LmFzaWFjb210ZWsuY29tgiBhZG1pbi5zYXBwb3JvLmxhbi5hc2lhY29tdGVrLmNv
bTANBgkqhkiG9w0BAQsFAAOCAQEAinjO7pc08EdynA79sA0x89edt7QPOjhFaIG1
xmUdW5CvdWKacaNLkZyAT/pO58hNzwdvK5sCQaEk4UtF09kcKE8qTqHufd3b/8D8
WZnvZtT/mpxiAgbyeQO2rXTkWR5d6sGYvGKrRKa3N+en90Cx+q9rwtKf5rXemc+L
8XlYWRdgIA4gvITbGbGV3jl45s9VDveVxCFWX2RJTHSiRkan7+cTbQXdp5d1+0K9
24MPrR60sHnWEqcsL2m9lJQ7J2jXPG9BgfeN55yj/jS4p9BbNW7YHm468QrCXcSu
2sjBMpoNX602x0AyRSuc27jjdmW4+7NAiGivLisRsOzrwkEETQ==
-----END CERTIFICATE-----
 1 s:C = JA, ST = Hokkaido, L = Sapporo, O = Delphix, OU = Security, CN = root.ca.Delphix.com, emailAddress = noreply@delphix.com
   i:C = JA, ST = Hokkaido, L = Sapporo, O = Delphix, OU = Security, CN = root.ca.Delphix.com, emailAddress = noreply@delphix.com
   a:PKEY: rsaEncryption, 2048 (bit); sigalg: RSA-SHA256
   v:NotBefore: May 27 07:27:12 2021 GMT; NotAfter: May 23 07:27:12 2036 GMT
-----BEGIN CERTIFICATE-----
MIIE9DCCA9ygAwIBAgIUFcxjmSjmE1MnKBGgI2G4j9Yq/8cwDQYJKoZIhvcNAQEL
BQAwgaQxCzAJBgNVBAYTAkpBMREwDwYDVQQIEwhIb2trYWlkbzEQMA4GA1UEBxMH
U2FwcG9ybzETMBEGA1UEChMKQXNpYUNvbXRlazERMA8GA1UECxMIU2VjdXJpdHkx
HzAdBgNVBAMTFnJvb3QuY2EuYXNpYWNvbXRlay5jb20xJzAlBgkqhkiG9w0BCQEW
GGRldmVsb3BlckBhc2lhY29tdGVrLmNvbTAeFw0yMTA1MjcwNzI3MTJaFw0zNjA1
MjMwNzI3MTJaMIGkMQswCQYDVQQGEwJKQTERMA8GA1UECBMISG9ra2FpZG8xEDAO
BgNVBAcTB1NhcHBvcm8xEzARBgNVBAoTCkFzaWFDb210ZWsxETAPBgNVBAsTCFNl
Y3VyaXR5MR8wHQYDVQQDExZyb290LmNhLmFzaWFjb210ZWsuY29tMScwJQYJKoZI
hvcNAQkBFhhkZXZlbG9wZXJAYXNpYWNvbXRlay5jb20wggEiMA0GCSqGSIb3DQEB
AQUAA4IBDwAwggEKAoIBAQDBb183J7we/p25DbllcjCWvLiauv14+zqrXehvvvHs
Gx1bVvW5KQW6ZZU4BoCqFpagj5h5iZjWBx2+zPjU093B49UmFV5WJU991gbnYK1E
YcChCzuq5E3wItXISQKzQK6Ug3g8cQ7GlWYwWuuZ8Q5LbkEkxk5P144ocQoZ+5Ki
LkOEwb7D62W5DLqufQtF7r3XNalkrLDtkudhotS/GW2EdnblSw/6WjVoAVZyEu8c
I52u31BlB1giZOY2+Hqgvn54PGNw80YGgUo62Zsmw+RzmrMiu9MVf9z0elhUuopX
Vrf1Wzw0ByF0tDoTNFxqlGXSX30KdP9HL7GJhM0TWsyjAgMBAAGjggEaMIIBFjA2
BglghkgBhvhCAQ0EKRYnQUMgWDUwOSBBdXRob3JpdHkgR2VuZXJhdGVkIENlcnRp
ZmljYXRlMB0GA1UdDgQWBBRmuvg3DWScYaLOXvsXHxNbHwZ5RjAfBgNVHSMEGDAW
gBRmuvg3DWScYaLOXvsXHxNbHwZ5RjAMBgNVHRMEBTADAQH/MIGNBgNVHR8EgYUw
gYIwOaA3oDWGM2h0dHA6Ly9jYS5hc2lhY29tdGVrLmNvbS9yb290LmNhLmFzaWFj
b210ZWsuY29tLmNybDBFoEOgQYY/aHR0cDovL2NhLmFzaWFjb210ZWsuY29tL2It
eDUwOS9jcmxzL3Jvb3QuY2EuYXNpYWNvbXRlay5jb20uY3JsMA0GCSqGSIb3DQEB
CwUAA4IBAQAy9S8VBtyaejRcCTxKgfclLh9tMfqtHAHSYsicXsYKjwFBJw0UzI3q
En7EKNdrsSJxlaTqLmHgMYjP3emp0FkgOITz/A7RqL1uvyQ4/w9AZMlRpq8WVmCS
jUYwV5Rv6YZMhuXTWYEiOP4pq41IyeKpbwW0eSiu2cqByOUBBpkdFNbmXAe2JZnC
FJrEJ2PGz92Re0sH+DwcJztG7ouzl2pna50jyRnznaF1g0/e9UqsB1a90WzHfI4k
dmCvAUGfoG5qvtftdOhDLKtLgoCiIztCR90jTajrJ6z1+3suSHcCS+L3J2NslRO1
2yfWY+hb48rzMu4tJGOSgSvMp/I3RxLL
-----END CERTIFICATE-----
 2 s:C = JA, ST = Hokkaido, O = Delphix, OU = Security, L = Sapporo, CN = web.ca.Delphix.com, emailAddress = noreply@delphix.com
   i:C = JA, ST = Hokkaido, L = Sapporo, O = Delphix, OU = Security, CN = root.ca.Delphix.com, emailAddress = noreply@delphix.com
   a:PKEY: rsaEncryption, 2048 (bit); sigalg: RSA-SHA256
   v:NotBefore: May 27 07:31:17 2021 GMT; NotAfter: May 25 07:31:17 2031 GMT
-----BEGIN CERTIFICATE-----
MIIFGDCCBACgAwIBAgIEAJiWgDANBgkqhkiG9w0BAQsFADCBpDELMAkGA1UEBhMC
SkExETAPBgNVBAgTCEhva2thaWRvMRAwDgYDVQQHEwdTYXBwb3JvMRMwEQYDVQQK
EwpBc2lhQ29tdGVrMREwDwYDVQQLEwhTZWN1cml0eTEfMB0GA1UEAxMWcm9vdC5j
YS5hc2lhY29tdGVrLmNvbTEnMCUGCSqGSIb3DQEJARYYZGV2ZWxvcGVyQGFzaWFj
b210ZWsuY29tMB4XDTIxMDUyNzA3MzExN1oXDTMxMDUyNTA3MzExN1owgaMxCzAJ
BgNVBAYTAkpBMREwDwYDVQQIEwhIb2trYWlkbzETMBEGA1UEChMKQXNpYUNvbXRl
azERMA8GA1UECxMIU2VjdXJpdHkxEDAOBgNVBAcTB1NhcHBvcm8xHjAcBgNVBAMT
FXdlYi5jYS5hc2lhY29tdGVrLmNvbTEnMCUGCSqGSIb3DQEJARYYZGV2ZWxvcGVy
QGFzaWFjb210ZWsuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA
sX//eexqIg0WCxBzkQk5ArCHgyrAqdsXX8oXbaEGTjPTGyqP/JuNTDH4J+vK8zP0
3SmJ9cicZtv1oTcSqG0sdAK/M2Lh4F4VaXQZP4x0NCynz2F2ieIqB2DJyHV201ym
u+aGHCPdfWdxYgkbFFupmLJ54xLVsTACrD5eB8sd8Io2qNvnsz/tiFoXbyQ8AYbk
MUKpa3Jdg4Kg/M9x05fBTMtAgdg8TP14E6GId4eoYBx7twi/eEgb3iLThgamb6/F
/R6w9HyAzQnVqey+f719dHKoY00b8ggXnyz1+8sX+ouhvb91ndsWpms7xU2Z57QW
vfnO8HBhpfFGb4FB/nSc7QIDAQABo4IBTzCCAUswNgYJYIZIAYb4QgENBCkWJ0FD
IFg1MDkgQXV0aG9yaXR5IEdlbmVyYXRlZCBDZXJ0aWZpY2F0ZTAdBgNVHQ4EFgQU
HcmWhX7IyDlQKbGhlHKqixESeXIwHwYDVR0jBBgwFoAUZrr4Nw1knGGizl77Fx8T
Wx8GeUYwgY0GA1UdHwSBhTCBgjA5oDegNYYzaHR0cDovL2NhLmFzaWFjb210ZWsu
Y29tL3Jvb3QuY2EuYXNpYWNvbXRlay5jb20uY3JsMEWgQ6BBhj9odHRwOi8vY2Eu
YXNpYWNvbXRlay5jb20vYi14NTA5L2NybHMvcm9vdC5jYS5hc2lhY29tdGVrLmNv
bS5jcmwwDAYDVR0TBAUwAwEB/zARBglghkgBhvhCAQEEBAMCBFAwIAYDVR0RBBkw
F4IVd2ViLmNhLmFzaWFjb210ZWsuY29tMA0GCSqGSIb3DQEBCwUAA4IBAQCmx8Zk
kSl9Hj+HBALYCuM9wE3bOAH9r/z35wuFXm9gH5yPHT7Nk4emRMkLBcTeJQERmH4s
JYmENoBFidaHyZ4pjBggpuWIwbVmeixWrX4u9u8b2Hqt0Oek0xI/rBie/91dZVKG
irDggtDkdYdWH/B+UhH/n3FScD3WRBIJoNFaVwBV1ZZTgpEXj3myEH7/D5JiQ/Mq
lxkncEl/GixVsNFaX5pTPH4kY8fybF7P61OXpODA3wRm4N6rnPPKqTOfRda4IDBN
vg4gqJiONJKaZjGSpkuY1DsxDUtZiAYo8gLzY756keWszhBHyYkmSZbO97QcbGDv
/7CwNhcJmW6E551p
-----END CERTIFICATE-----
---
Server certificate
subject=C = JA, ST = Hokkaido, O = Delphix, OU = Security, L = Sapporo, CN = sapporo
issuer=C = JA, ST = Hokkaido, O = Delphix, OU = Security, L = Sapporo, CN = web.ca.Delphix.com, emailAddress = noreply@delphix.com
---
No client certificate CA names sent
Peer signing digest: SHA256
Peer signature type: RSA-PSS
Server Temp Key: X25519, 253 bits
---
SSL handshake has read 4528 bytes and written 386 bytes
Verification error: self-signed certificate in certificate chain
---
New, TLSv1.2, Cipher is ECDHE-RSA-AES256-GCM-SHA384
Server public key is 2048 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
SSL-Session:
    Protocol  : TLSv1.2
    Cipher    : ECDHE-RSA-AES256-GCM-SHA384
    Session-ID: 6B27104B768342BF859DDFA7EEE27EF0C8BCD51E752AFCE313668E8346E9DBB5
    Session-ID-ctx:
    Master-Key: 4C20DA4F0F4B4FD25FA082A300BBCD101AF289C7BF85A22E783F31F0C27629315CE2462D6A088319871824D7FFCD3CAB
    PSK identity: None
    PSK identity hint: None
    SRP username: None
    TLS session ticket lifetime hint: 300 (seconds)
    TLS session ticket:
    0000 - 2c ea e4 6e 20 06 82 93-4f ba 5c 37 03 5e 74 d1   ,..n ...O.\7.^t.
    0010 - 2d c7 92 96 77 fe e1 70-a3 fe 2a 48 4a 24 1e 39   -...w..p..*HJ$.9
    0020 - 6f 6d 5b 81 09 53 01 51-f0 ab d2 62 c4 de a2 43   om[..S.Q...b...C
    0030 - a5 80 00 55 be 78 0b ec-03 f7 69 0b 8a 2a b3 ee   ...U.x....i..*..
    0040 - d3 81 f9 1b 91 a4 cf ca-21 59 33 9b d9 cf e3 f8   ........!Y3.....
    0050 - ad 4f 25 e7 00 dc 94 91-1a 22 3c ed bc 75 83 97   .O%......"<..u..
    0060 - 2d fe 27 5a 95 ca a1 2b-8a 3a 37 03 6a 0b 71 f6   -.'Z...+.:7.j.q.
    0070 - cc 12 f1 b8 36 b0 57 ee-a2 0a 70 a1 5a 78 48 d9   ....6.W...p.ZxH.
    0080 - c9 f6 94 cc b6 16 94 2f-f5 4b 49 22 39 79 af 04   ......./.KI"9y..
    0090 - 62 af 7f 08 9f e8 24 1e-8c 57 07 e3 d2 99 80 a0   b.....$..W......
    00a0 - c7 1a c2 ac 2d 73 5d a5-7e e1 f1 9f 99 7c 8a 88   ....-s].~....|..
    00b0 - 4f d9 d6 5c 7a 38 9a 44-45 b9 dc 8b 84 b4 d6 bf   O..\z8.DE.......
    Start Time: 1699417461
    Timeout   : 7200 (sec)
    Verify return code: 19 (self-signed certificate in certificate chain)
    Extended master secret: yes
---

In the example above, there is some TLS handshake related information which may be useful for troubleshooting TLS issues. However, here we are primarily interested in the certificate details. 

In the real example provided, we have a chain that shows us that:

  • The end entity (Server Certificate) C = JA, ST = Hokkaido, O = Delphix, OU = Security, L = Sapporo, CN = sapporo ...
  • ... was signed by intermediate CA certificate C = JA, ST = Hokkaido, O = Delphix, OU = Security, L = Sapporo, CN = web.ca.Delphix.com, emailAddress = noreply@delphix.com
  • ... which was in turn signed by root CA certificate C = JA, ST = Hokkaido, L = Sapporo, O = Delphix, OU = Security, CN = root.ca.Delphix.com, emailAddress = noreply@delphix.com The chain is unbroken because every certificate's Issuer also exists in the output. 
  • The validity for the end entity certificate is NotBefore: May 28 01:59:40 2021 GMT; NotAfter: Jul 16 01:59:40 2026 GMT which happens to also be the validity period for the chain as well, because it is the latest NotBefore value and the earliest NotAfter value. In some cases, a CA certificate might expire first in which case the validity of the chain would take the earliest NotAfter timestamp. It is something to be careful of when getting a new certificate from a CA that is near the end of its own validity period.
  • You can also see that the end entity certificate (Server public key) is 2048 bit. This is useful to know, as applications may impose a minimum length. 2048 bit is the common minimum accepted key length currently, but there are older CAs still issuing 1024 and even 512 bit keys which will be rejected by many applications. 
  • Finally, if needed, you can extract a certificate. This is most useful for installing CA certificates to a truststore. Simply copy the base64 section beginning with  -----BEGIN CERTIFICATE----- (including the dashes as shown) up to and including -----END CERTIFICATE----- and save it to a plain text file with the *.pem extension. 

 

 

Note

Note:

What this is not showing us is the Subject Alternative Names (SANs) for the certificate. To do that, you will need to extract the server certificate to a PEM file as described above and then refer to the PEM section in Investigating a certificate file below.

Investigating a Certificate File

The methods described below all provide similar output which allows you to investigate all characteristics of a certificate or all certificates in a keystore file. 

PEM

$ openssl x509 -in <FILENAME> -text -nocert

Example

$ openssl x509 -in sapporo.pem -text -nocert
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 10000001 (0x989681)
        Signature Algorithm: sha256WithRSAEncryption
        Issuer: C = JA, ST = Hokkaido, O = Delphix, OU = Security, L = Sapporo, CN = web.ca.Delphix.com, emailAddress = noreply@delphix.com
        Validity
            Not Before: May 28 01:59:40 2021 GMT
            Not After : Jul 16 01:59:40 2026 GMT
        Subject: C = JA, ST = Hokkaido, O = Delphix, OU = Security, L = Sapporo, CN = sapporo
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                Public-Key: (2048 bit)
                Modulus:
                    00:c3:55:2c:90:8d:d7:7a:62:c6:3b:7d:46:8d:b2:
                    4e:77:1c:87:0a:12:40:1d:d5:ce:ac:f1:17:ca:12:
                    b7:eb:c6:7d:b3:d7:e2:bf:4f:f6:6e:1d:01:2e:20:
                    2d:d3:10:ca:84:01:8d:21:c3:94:1c:99:99:94:92:
                    b5:38:28:da:99:3d:16:12:33:28:87:53:8d:cc:72:
                    bb:d5:c7:18:6a:92:46:2d:b0:67:ad:af:99:fe:f2:
                    93:22:3f:ed:a6:1e:5a:b4:28:96:ad:bb:d6:a5:26:
                    80:64:ef:4f:e2:25:6b:16:e7:5b:20:87:2b:ff:ff:
                    88:e9:31:c0:d3:58:99:0a:71:5d:51:fc:df:4c:63:
                    a9:92:eb:50:3e:89:3f:02:7b:84:7c:9b:2c:14:97:
                    02:88:e5:3b:05:5f:cb:53:1a:24:d8:ef:60:6e:b3:
                    e2:35:9f:eb:a2:ff:2c:8f:a6:70:d6:e6:31:41:6c:
                    b4:08:8f:23:4e:86:c6:c5:e4:23:af:5c:bd:d8:81:
                    b9:b7:8d:ff:63:c2:b3:ba:07:d3:22:b2:0d:88:df:
                    98:55:9e:0c:2e:ea:78:50:24:8b:39:1a:ff:84:50:
                    b1:c6:2d:fe:df:c8:82:df:29:03:97:48:ee:83:5c:
                    14:8a:05:f6:fe:8a:92:44:1e:9d:23:a9:aa:c3:b4:
                    5c:8f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            Netscape Comment:
                AC X509 Authority Generated Certificate
            X509v3 Subject Key Identifier:
                8A:5B:29:4C:6F:7E:29:B3:C5:ED:15:01:86:C2:B8:9B:89:B7:60:29
            X509v3 Authority Key Identifier:
                1D:C9:96:85:7E:C8:C8:39:50:29:B1:A1:94:72:AA:8B:11:12:79:72
            X509v3 CRL Distribution Points:
                Full Name:
                  URI:http://ca.Delphix.com/web.ca.Delphix.com.crl
                Full Name:
                  URI:http://ca.Delphix.com/b-x509/crls/web.ca.Delphix.com.crl
            X509v3 Basic Constraints:
                CA:FALSE
            Netscape Cert Type:
                SSL Server
            X509v3 Subject Alternative Name:
                DNS:sapporo.lan.Delphix.com, DNS:admin.sapporo.lan.Delphix.com
    Signature Algorithm: sha256WithRSAEncryption
    Signature Value:
        8a:78:ce:ee:97:34:f0:47:72:9c:0e:fd:b0:0d:31:f3:d7:9d:
        b7:b4:0f:3a:38:45:68:81:b5:c6:65:1d:5b:90:af:75:62:9a:
        71:a3:4b:91:9c:80:4f:fa:4e:e7:c8:4d:cf:07:6f:2b:9b:02:
        41:a1:24:e1:4b:45:d3:d9:1c:28:4f:2a:4e:a1:ee:7d:dd:db:
        ff:c0:fc:59:99:ef:66:d4:ff:9a:9c:62:02:06:f2:79:03:b6:
        ad:74:e4:59:1e:5d:ea:c1:98:bc:62:ab:44:a6:b7:37:e7:a7:
        f7:40:b1:fa:af:6b:c2:d2:9f:e6:b5:de:99:cf:8b:f1:79:58:
        59:17:60:20:0e:20:bc:84:db:19:b1:95:de:39:78:e6:cf:55:
        0e:f7:95:c4:21:56:5f:64:49:4c:74:a2:46:46:a7:ef:e7:13:
        6d:05:dd:a7:97:75:fb:42:bd:db:83:0f:ad:1e:b4:b0:79:d6:
        12:a7:2c:2f:69:bd:94:94:3b:27:68:d7:3c:6f:41:81:f7:8d:
        e7:9c:a3:fe:34:b8:a7:d0:5b:35:6e:d8:1e:6e:3a:f1:0a:c2:
        5d:c4:ae:da:c8:c1:32:9a:0d:5f:ad:36:c7:40:32:45:2b:9c:
        db:b8:e3:76:65:b8:fb:b3:40:88:68:af:2e:2b:11:b0:ec:eb:
        c2:41:04:4d

JKS

 

Note

Note:

You must have Java installed. JKS files created with newer versions of Java may fail to open correctly in older versions of Java.

 

$ keytool -keystore <FILENAME> -list -v

Example

$ keytool -keystore myKeystore.jks -list -v
Enter keystore password:
Keystore type: jks
Keystore provider: SUN

Your keystore contains 1 entry

Alias name: tomcat
Creation date: 08-Nov-2023
Entry type: PrivateKeyEntry
Certificate chain length: 3
Certificate[1]:
Owner: CN=sapporo, L=Sapporo, OU=Security, O=Delphix, ST=Hokkaido, C=JA
Issuer: EMAILADDRESS=noreply@delphix.com, CN=web.ca.Delphix.com, L=Sapporo, OU=Security, O=Delphix, ST=Hokkaido, C=JA
Serial number: 989681
Valid from: Fri May 28 01:59:40 UTC 2021 until: Thu Jul 16 01:59:40 UTC 2026
Certificate fingerprints:
         MD5:  E0:24:E2:C9:1F:C3:80:17:E3:28:DA:41:E4:20:E4:40
         SHA1: 9E:9A:4E:EE:05:96:B1:AD:FE:9F:A6:F2:CD:C5:0E:7B:21:22:60:D5
         SHA256: 79:B2:09:E1:F9:0D:3B:C0:2B:AF:91:4A:76:91:52:AE:BB:92:0A:BE:27:35:57:7F:9D:9A:5D:E5:D0:27:9D:FD
Signature algorithm name: SHA256withRSA
Subject Public Key Algorithm: 2048-bit RSA key
Version: 3

Extensions:

#1: ObjectId: 2.16.840.1.113730.1.13 Criticality=false
0000: 16 27 41 43 20 58 35 30   39 20 41 75 74 68 6F 72  .'AC X509 Author
0010: 69 74 79 20 47 65 6E 65   72 61 74 65 64 20 43 65  ity Generated Ce
0020: 72 74 69 66 69 63 61 74   65                       rtificate


#2: ObjectId: 2.5.29.35 Criticality=false
AuthorityKeyIdentifier [
KeyIdentifier [
0000: 1D C9 96 85 7E C8 C8 39   50 29 B1 A1 94 72 AA 8B  .......9P)...r..
0010: 11 12 79 72                                        ..yr
]
]

#3: ObjectId: 2.5.29.19 Criticality=false
BasicConstraints:[
  CA:false
  PathLen: undefined
]

#4: ObjectId: 2.5.29.31 Criticality=false
CRLDistributionPoints [
  [DistributionPoint:
     [URIName: http://ca.Delphix.com/web.ca.Delphix.com.crl]
, DistributionPoint:
     [URIName: http://ca.Delphix.com/b-x509/crls/web.ca.Delphix.com.crl]
]]

#5: ObjectId: 2.16.840.1.113730.1.1 Criticality=false
NetscapeCertType [
   SSL server
]

#6: ObjectId: 2.5.29.17 Criticality=false
SubjectAlternativeName [
  DNSName: sapporo.lan.Delphix.com
  DNSName: admin.sapporo.lan.Delphix.com
]

#7: ObjectId: 2.5.29.14 Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
0000: 8A 5B 29 4C 6F 7E 29 B3   C5 ED 15 01 86 C2 B8 9B  .[)Lo.).........
0010: 89 B7 60 29                                        ..`)
]
]

Certificate[2]:
Owner: EMAILADDRESS=noreply@delphix.com, CN=web.ca.Delphix.com, L=Sapporo, OU=Security, O=Delphix, ST=Hokkaido, C=JA
Issuer: EMAILADDRESS=noreply@delphix.com, CN=root.ca.Delphix.com, OU=Security, O=Delphix, L=Sapporo, ST=Hokkaido, C=JA
Serial number: 989680
Valid from: Thu May 27 07:31:17 UTC 2021 until: Sun May 25 07:31:17 UTC 2031
Certificate fingerprints:
         MD5:  F4:F6:05:B5:32:A8:87:D9:CD:AC:4F:0A:F9:47:7C:DB
         SHA1: 22:8B:78:C6:1D:92:1F:2A:CB:4E:C2:3E:6D:47:5A:2C:B7:4D:90:E6
         SHA256: 3F:16:1E:90:F1:17:C4:1F:4A:75:C6:92:6B:A1:9C:E1:58:D1:72:0E:7E:47:37:01:1A:9E:E5:E0:8A:7E:A5:A4
Signature algorithm name: SHA256withRSA
Subject Public Key Algorithm: 2048-bit RSA key
Version: 3

Extensions:

#1: ObjectId: 2.16.840.1.113730.1.13 Criticality=false
0000: 16 27 41 43 20 58 35 30   39 20 41 75 74 68 6F 72  .'AC X509 Author
0010: 69 74 79 20 47 65 6E 65   72 61 74 65 64 20 43 65  ity Generated Ce
0020: 72 74 69 66 69 63 61 74   65                       rtificate


#2: ObjectId: 2.5.29.35 Criticality=false
AuthorityKeyIdentifier [
KeyIdentifier [
0000: 66 BA F8 37 0D 64 9C 61   A2 CE 5E FB 17 1F 13 5B  f..7.d.a..^....[
0010: 1F 06 79 46                                        ..yF
]
]

#3: ObjectId: 2.5.29.19 Criticality=false
BasicConstraints:[
  CA:true
  PathLen:2147483647
]

#4: ObjectId: 2.5.29.31 Criticality=false
CRLDistributionPoints [
  [DistributionPoint:
     [URIName: http://ca.Delphix.com/root.ca.Delphix.com.crl]
, DistributionPoint:
     [URIName: http://ca.Delphix.com/b-x509/crls/root.ca.Delphix.com.crl]
]]

#5: ObjectId: 2.16.840.1.113730.1.1 Criticality=false
NetscapeCertType [
   SSL server
   Object Signing
]

#6: ObjectId: 2.5.29.17 Criticality=false
SubjectAlternativeName [
  DNSName: web.ca.Delphix.com
]

#7: ObjectId: 2.5.29.14 Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
0000: 1D C9 96 85 7E C8 C8 39   50 29 B1 A1 94 72 AA 8B  .......9P)...r..
0010: 11 12 79 72                                        ..yr
]
]

Certificate[3]:
Owner: EMAILADDRESS=noreply@delphix.com, CN=root.ca.Delphix.com, OU=Security, O=Delphix, L=Sapporo, ST=Hokkaido, C=JA
Issuer: EMAILADDRESS=noreply@delphix.com, CN=root.ca.Delphix.com, OU=Security, O=Delphix, L=Sapporo, ST=Hokkaido, C=JA
Serial number: 15cc639928e61353272811a02361b88fd62affc7
Valid from: Thu May 27 07:27:12 UTC 2021 until: Fri May 23 07:27:12 UTC 2036
Certificate fingerprints:
         MD5:  3B:A3:2D:11:A6:BD:32:A6:AC:EF:D4:AD:AC:A1:17:30
         SHA1: 0D:1E:48:DE:B0:1B:07:EA:84:C6:8E:92:63:A6:A4:4B:68:75:F5:45
         SHA256: 92:C8:EB:2B:DE:0E:4C:0B:B1:F1:DE:07:82:46:78:CA:6A:61:49:48:43:94:37:BF:08:AC:1A:16:32:26:69:D5
Signature algorithm name: SHA256withRSA
Subject Public Key Algorithm: 2048-bit RSA key
Version: 3

Extensions:

#1: ObjectId: 2.16.840.1.113730.1.13 Criticality=false
0000: 16 27 41 43 20 58 35 30   39 20 41 75 74 68 6F 72  .'AC X509 Author
0010: 69 74 79 20 47 65 6E 65   72 61 74 65 64 20 43 65  ity Generated Ce
0020: 72 74 69 66 69 63 61 74   65                       rtificate


#2: ObjectId: 2.5.29.35 Criticality=false
AuthorityKeyIdentifier [
KeyIdentifier [
0000: 66 BA F8 37 0D 64 9C 61   A2 CE 5E FB 17 1F 13 5B  f..7.d.a..^....[
0010: 1F 06 79 46                                        ..yF
]
]

#3: ObjectId: 2.5.29.19 Criticality=false
BasicConstraints:[
  CA:true
  PathLen:2147483647
]

#4: ObjectId: 2.5.29.31 Criticality=false
CRLDistributionPoints [
  [DistributionPoint:
     [URIName: http://ca.Delphix.com/root.ca.Delphix.com.crl]
, DistributionPoint:
     [URIName: http://ca.Delphix.com/b-x509/crls/root.ca.Delphix.com.crl]
]]

#5: ObjectId: 2.5.29.14 Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
0000: 66 BA F8 37 0D 64 9C 61   A2 CE 5E FB 17 1F 13 5B  f..7.d.a..^....[
0010: 1F 06 79 46                                        ..yF
]
]


*******************************************
*******************************************

PKCS#12 and PFX

 

Note

Note:

PFX files are the Microsoft implementation of the PCS#12 keystore format and are broadly compatible with each other.

 

$ openssl pkcs12 -in <FILENAME> -info

Example

$ openssl pkcs12 -in sapporo.p12 -info
Enter Import Password:
MAC: sha1, Iteration 2048
MAC length: 20, salt length: 8
PKCS7 Encrypted data: pbeWithSHA1And40BitRC2-CBC, Iteration 2048
Certificate bag
Bag Attributes
    friendlyName: tomcat
    localKeyID: 9E 9A 4E EE 05 96 B1 AD FE 9F A6 F2 CD C5 0E 7B 21 22 60 D5
subject=C = JA, ST = Hokkaido, O = Delphix, OU = Security, L = Sapporo, CN = sapporo

issuer=C = JA, ST = Hokkaido, O = Delphix, OU = Security, L = Sapporo, CN = web.ca.Delphix.com, emailAddress = noreply@delphix.com

-----BEGIN CERTIFICATE-----
MIIFATCCA+mgAwIBAgIEAJiWgTANBgkqhkiG9w0BAQsFADCBozELMAkGA1UEBhMC
SkExETAPBgNVBAgTCEhva2thaWRvMRMwEQYDVQQKEwpBc2lhQ29tdGVrMREwDwYD
VQQLEwhTZWN1cml0eTEQMA4GA1UEBxMHU2FwcG9ybzEeMBwGA1UEAxMVd2ViLmNh
LmFzaWFjb210ZWsuY29tMScwJQYJKoZIhvcNAQkBFhhkZXZlbG9wZXJAYXNpYWNv
bXRlay5jb20wHhcNMjEwNTI4MDE1OTQwWhcNMjYwNzE2MDE1OTQwWjBsMQswCQYD
VQQGEwJKQTERMA8GA1UECBMISG9ra2FpZG8xEzARBgNVBAoTCkFzaWFDb210ZWsx
ETAPBgNVBAsTCFNlY3VyaXR5MRAwDgYDVQQHEwdTYXBwb3JvMRAwDgYDVQQDEwdz
YXBwb3JvMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAw1UskI3XemLG
O31GjbJOdxyHChJAHdXOrPEXyhK368Z9s9fiv0/2bh0BLiAt0xDKhAGNIcOUHJmZ
lJK1OCjamT0WEjMoh1ONzHK71ccYapJGLbBnra+Z/vKTIj/tph5atCiWrbvWpSaA
ZO9P4iVrFudbIIcr//+I6THA01iZCnFdUfzfTGOpkutQPok/AnuEfJssFJcCiOU7
BV/LUxok2O9gbrPiNZ/rov8sj6Zw1uYxQWy0CI8jTobGxeQjr1y92IG5t43/Y8Kz
ugfTIrINiN+YVZ4MLup4UCSLORr/hFCxxi3+38iC3ykDl0jug1wUigX2/oqSRB6d
I6mqw7RcjwIDAQABo4IBcTCCAW0wNgYJYIZIAYb4QgENBCkWJ0FDIFg1MDkgQXV0
aG9yaXR5IEdlbmVyYXRlZCBDZXJ0aWZpY2F0ZTAdBgNVHQ4EFgQUilspTG9+KbPF
7RUBhsK4m4m3YCkwHwYDVR0jBBgwFoAUHcmWhX7IyDlQKbGhlHKqixESeXIwgYsG
A1UdHwSBgzCBgDA4oDagNIYyaHR0cDovL2NhLmFzaWFjb210ZWsuY29tL3dlYi5j
YS5hc2lhY29tdGVrLmNvbS5jcmwwRKBCoECGPmh0dHA6Ly9jYS5hc2lhY29tdGVr
LmNvbS9iLXg1MDkvY3Jscy93ZWIuY2EuYXNpYWNvbXRlay5jb20uY3JsMAkGA1Ud
EwQCMAAwEQYJYIZIAYb4QgEBBAQDAgZAMEcGA1UdEQRAMD6CGnNhcHBvcm8ubGFu
LmFzaWFjb210ZWsuY29tgiBhZG1pbi5zYXBwb3JvLmxhbi5hc2lhY29tdGVrLmNv
bTANBgkqhkiG9w0BAQsFAAOCAQEAinjO7pc08EdynA79sA0x89edt7QPOjhFaIG1
xmUdW5CvdWKacaNLkZyAT/pO58hNzwdvK5sCQaEk4UtF09kcKE8qTqHufd3b/8D8
WZnvZtT/mpxiAgbyeQO2rXTkWR5d6sGYvGKrRKa3N+en90Cx+q9rwtKf5rXemc+L
8XlYWRdgIA4gvITbGbGV3jl45s9VDveVxCFWX2RJTHSiRkan7+cTbQXdp5d1+0K9
24MPrR60sHnWEqcsL2m9lJQ7J2jXPG9BgfeN55yj/jS4p9BbNW7YHm468QrCXcSu
2sjBMpoNX602x0AyRSuc27jjdmW4+7NAiGivLisRsOzrwkEETQ==
-----END CERTIFICATE-----
Certificate bag
Bag Attributes
    friendlyName: root
subject=C = JA, ST = Hokkaido, L = Sapporo, O = Delphix, OU = Security, CN = root.ca.Delphix.com, emailAddress = noreply@delphix.com

issuer=C = JA, ST = Hokkaido, L = Sapporo, O = Delphix, OU = Security, CN = root.ca.Delphix.com, emailAddress = noreply@delphix.com

-----BEGIN CERTIFICATE-----
MIIE9DCCA9ygAwIBAgIUFcxjmSjmE1MnKBGgI2G4j9Yq/8cwDQYJKoZIhvcNAQEL
BQAwgaQxCzAJBgNVBAYTAkpBMREwDwYDVQQIEwhIb2trYWlkbzEQMA4GA1UEBxMH
U2FwcG9ybzETMBEGA1UEChMKQXNpYUNvbXRlazERMA8GA1UECxMIU2VjdXJpdHkx
HzAdBgNVBAMTFnJvb3QuY2EuYXNpYWNvbXRlay5jb20xJzAlBgkqhkiG9w0BCQEW
GGRldmVsb3BlckBhc2lhY29tdGVrLmNvbTAeFw0yMTA1MjcwNzI3MTJaFw0zNjA1
MjMwNzI3MTJaMIGkMQswCQYDVQQGEwJKQTERMA8GA1UECBMISG9ra2FpZG8xEDAO
BgNVBAcTB1NhcHBvcm8xEzARBgNVBAoTCkFzaWFDb210ZWsxETAPBgNVBAsTCFNl
Y3VyaXR5MR8wHQYDVQQDExZyb290LmNhLmFzaWFjb210ZWsuY29tMScwJQYJKoZI
hvcNAQkBFhhkZXZlbG9wZXJAYXNpYWNvbXRlay5jb20wggEiMA0GCSqGSIb3DQEB
AQUAA4IBDwAwggEKAoIBAQDBb183J7we/p25DbllcjCWvLiauv14+zqrXehvvvHs
Gx1bVvW5KQW6ZZU4BoCqFpagj5h5iZjWBx2+zPjU093B49UmFV5WJU991gbnYK1E
YcChCzuq5E3wItXISQKzQK6Ug3g8cQ7GlWYwWuuZ8Q5LbkEkxk5P144ocQoZ+5Ki
LkOEwb7D62W5DLqufQtF7r3XNalkrLDtkudhotS/GW2EdnblSw/6WjVoAVZyEu8c
I52u31BlB1giZOY2+Hqgvn54PGNw80YGgUo62Zsmw+RzmrMiu9MVf9z0elhUuopX
Vrf1Wzw0ByF0tDoTNFxqlGXSX30KdP9HL7GJhM0TWsyjAgMBAAGjggEaMIIBFjA2
BglghkgBhvhCAQ0EKRYnQUMgWDUwOSBBdXRob3JpdHkgR2VuZXJhdGVkIENlcnRp
ZmljYXRlMB0GA1UdDgQWBBRmuvg3DWScYaLOXvsXHxNbHwZ5RjAfBgNVHSMEGDAW
gBRmuvg3DWScYaLOXvsXHxNbHwZ5RjAMBgNVHRMEBTADAQH/MIGNBgNVHR8EgYUw
gYIwOaA3oDWGM2h0dHA6Ly9jYS5hc2lhY29tdGVrLmNvbS9yb290LmNhLmFzaWFj
b210ZWsuY29tLmNybDBFoEOgQYY/aHR0cDovL2NhLmFzaWFjb210ZWsuY29tL2It
eDUwOS9jcmxzL3Jvb3QuY2EuYXNpYWNvbXRlay5jb20uY3JsMA0GCSqGSIb3DQEB
CwUAA4IBAQAy9S8VBtyaejRcCTxKgfclLh9tMfqtHAHSYsicXsYKjwFBJw0UzI3q
En7EKNdrsSJxlaTqLmHgMYjP3emp0FkgOITz/A7RqL1uvyQ4/w9AZMlRpq8WVmCS
jUYwV5Rv6YZMhuXTWYEiOP4pq41IyeKpbwW0eSiu2cqByOUBBpkdFNbmXAe2JZnC
FJrEJ2PGz92Re0sH+DwcJztG7ouzl2pna50jyRnznaF1g0/e9UqsB1a90WzHfI4k
dmCvAUGfoG5qvtftdOhDLKtLgoCiIztCR90jTajrJ6z1+3suSHcCS+L3J2NslRO1
2yfWY+hb48rzMu4tJGOSgSvMp/I3RxLL
-----END CERTIFICATE-----
Certificate bag
Bag Attributes
    friendlyName: intermediate1
subject=C = JA, ST = Hokkaido, O = Delphix, OU = Security, L = Sapporo, CN = web.ca.Delphix.com, emailAddress = noreply@delphix.com

issuer=C = JA, ST = Hokkaido, L = Sapporo, O = Delphix, OU = Security, CN = root.ca.Delphix.com, emailAddress = noreply@delphix.com

-----BEGIN CERTIFICATE-----
MIIFGDCCBACgAwIBAgIEAJiWgDANBgkqhkiG9w0BAQsFADCBpDELMAkGA1UEBhMC
SkExETAPBgNVBAgTCEhva2thaWRvMRAwDgYDVQQHEwdTYXBwb3JvMRMwEQYDVQQK
EwpBc2lhQ29tdGVrMREwDwYDVQQLEwhTZWN1cml0eTEfMB0GA1UEAxMWcm9vdC5j
YS5hc2lhY29tdGVrLmNvbTEnMCUGCSqGSIb3DQEJARYYZGV2ZWxvcGVyQGFzaWFj
b210ZWsuY29tMB4XDTIxMDUyNzA3MzExN1oXDTMxMDUyNTA3MzExN1owgaMxCzAJ
BgNVBAYTAkpBMREwDwYDVQQIEwhIb2trYWlkbzETMBEGA1UEChMKQXNpYUNvbXRl
azERMA8GA1UECxMIU2VjdXJpdHkxEDAOBgNVBAcTB1NhcHBvcm8xHjAcBgNVBAMT
FXdlYi5jYS5hc2lhY29tdGVrLmNvbTEnMCUGCSqGSIb3DQEJARYYZGV2ZWxvcGVy
QGFzaWFjb210ZWsuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA
sX//eexqIg0WCxBzkQk5ArCHgyrAqdsXX8oXbaEGTjPTGyqP/JuNTDH4J+vK8zP0
3SmJ9cicZtv1oTcSqG0sdAK/M2Lh4F4VaXQZP4x0NCynz2F2ieIqB2DJyHV201ym
u+aGHCPdfWdxYgkbFFupmLJ54xLVsTACrD5eB8sd8Io2qNvnsz/tiFoXbyQ8AYbk
MUKpa3Jdg4Kg/M9x05fBTMtAgdg8TP14E6GId4eoYBx7twi/eEgb3iLThgamb6/F
/R6w9HyAzQnVqey+f719dHKoY00b8ggXnyz1+8sX+ouhvb91ndsWpms7xU2Z57QW
vfnO8HBhpfFGb4FB/nSc7QIDAQABo4IBTzCCAUswNgYJYIZIAYb4QgENBCkWJ0FD
IFg1MDkgQXV0aG9yaXR5IEdlbmVyYXRlZCBDZXJ0aWZpY2F0ZTAdBgNVHQ4EFgQU
HcmWhX7IyDlQKbGhlHKqixESeXIwHwYDVR0jBBgwFoAUZrr4Nw1knGGizl77Fx8T
Wx8GeUYwgY0GA1UdHwSBhTCBgjA5oDegNYYzaHR0cDovL2NhLmFzaWFjb210ZWsu
Y29tL3Jvb3QuY2EuYXNpYWNvbXRlay5jb20uY3JsMEWgQ6BBhj9odHRwOi8vY2Eu
YXNpYWNvbXRlay5jb20vYi14NTA5L2NybHMvcm9vdC5jYS5hc2lhY29tdGVrLmNv
bS5jcmwwDAYDVR0TBAUwAwEB/zARBglghkgBhvhCAQEEBAMCBFAwIAYDVR0RBBkw
F4IVd2ViLmNhLmFzaWFjb210ZWsuY29tMA0GCSqGSIb3DQEBCwUAA4IBAQCmx8Zk
kSl9Hj+HBALYCuM9wE3bOAH9r/z35wuFXm9gH5yPHT7Nk4emRMkLBcTeJQERmH4s
JYmENoBFidaHyZ4pjBggpuWIwbVmeixWrX4u9u8b2Hqt0Oek0xI/rBie/91dZVKG
irDggtDkdYdWH/B+UhH/n3FScD3WRBIJoNFaVwBV1ZZTgpEXj3myEH7/D5JiQ/Mq
lxkncEl/GixVsNFaX5pTPH4kY8fybF7P61OXpODA3wRm4N6rnPPKqTOfRda4IDBN
vg4gqJiONJKaZjGSpkuY1DsxDUtZiAYo8gLzY756keWszhBHyYkmSZbO97QcbGDv
/7CwNhcJmW6E551p
-----END CERTIFICATE-----
PKCS7 Data
Shrouded Keybag: pbeWithSHA1And3-KeyTripleDES-CBC, Iteration 2048
Bag Attributes
    friendlyName: tomcat
    localKeyID: 9E 9A 4E EE 05 96 B1 AD FE 9F A6 F2 CD C5 0E 7B 21 22 60 D5
Key Attributes: <No Attributes>
Enter PEM pass phrase:
Verifying - Enter PEM pass phrase:
-----BEGIN ENCRYPTED PRIVATE KEY-----
MIIPBgNVBAgTCEhva2thaWRvMRAwDgYDVQQHEwdTYXBwb3JvMRMwEQYDVQQK
EwpBc2lhQ29tdGVrMREwDwYDVQQLEwhTZWN1cml0eTEfMB0GA1UEAxMWcm9vdC5j
YS5hc2lhY29tdGVrLmNvbTEnMCUGCSqGSIb3DQEJARYYZGV2ZWxvcGVyQGFzaWFj
b210ZWsuY29tMB4XDTIxMDUyNzA3MzExN1oXDTMxMDUyNTA3MzExN1owgaMxCzAJ
BgNVBAYTAkpBMREwDwYDVQQIEwhIb2trYWlkbzETMBEGA1UEChMKQXNpYUNvbXRl
azERMA8GA1UECxMIUSCOOBYDOONOTAREALKEYFOOBARhcHBvcm8xHjAcBgNVBAMT
FXdlYi5jYS5hc2lhY29tdGVrLmNvbTEnMCUGCSqGSIb3DQEJARYYZGV2ZWxvcGVy
QGFzaWFjb210ZWsuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA
sX//eexqIg0WCxBzkQk5ArCHgyrAqdsXX8oXbaEGTjPTGyqP/JuNTDH4J+vK8zP0
3SmJ9cicZtv1oTcSqG0sdAK/M2Lh4F4VaXQZP4x0NCynz2F2ieIqB2DJyHV201ym
u+aGHCPdfWdxYgkbFFupmLJ54xLVsTACrD5eB8sd8Io2qNvnsz/tiFoXbyQ8AYbk
MUKpa3Jdg4Kg/M9x05fBTMtAgdg8TP14E6GId4eoYBx7twi/eEgb3iLThgamb6/F
/R6w9HyAzQnVqey+f719dHKoY00b8ggXnyz1+8sX+ouhvb91ndsWpms7xU2Z57QW
vfnO8HBhpfFGb4FB/nSc7QIDAQABo4IBTzCCAUswNgYJYIZIAYb4QgENBCkWJ0FD
IFg1MDkgQXV0aG9yaXR5IEdlbmVyYXRlZCBDZXJ0aWZpY2F0ZTAdBgNVHQ4EFgQU
HcmWhX7IyDlQKbGhlHKqixESeXIwHwYDVR0jBBgwFoAUZrr4Nw1knGGizl77Fx8T
Wx8GeUYwgY0GA1UdHwSBhTCBgjA5oDegNYYzaHR0cDovL2NhLmFzaWFjb210ZWsu
Y29tL3Jvb3QuY2EuYXNpYWNvbXRlay5jb20uY3JsMEWgQ6BBhj9odHRwOi8vY2Eu
YXNpYWNvbXRlay5jb20vYi14NTA5L2NybHMvcm9vdC5jYS5hc2lhY29tdGVrLmNv
bS5jcmwwDAYDVR0TBAUwAwEB/zARBglghkgBhvhCAQEEBAMCBFAwIAYDVR0RBBkw
F4IVd2ViLmNhLmFzaWFjb210ZWsuY29tMA0GCSqGSIb3DQEBCwUAA4IBAQCmx8Zk
kSl9Hj+HBALYCuM9wE3bOAH9r/z35wuFXm9gH5yPHT7Nk4emRMkLBcTeJQERmH4s
JYmENoBFidaHyZ4pjBggpuWIwbVmeixWrX4u9u8b2Hqt0Oek0xI/rBie/91dZVKG
irDggtDkdYdWH/B+UhH/n3FScD3WRBIJoNFaVwBV1ZZTgpEXj3myEH7/D5JiQ/Mq
lxkncEl/GixVsNFaX5pTPH4kY8fybF7P61OXpODA3wRm4N6rnPPKqTOfRda4IDBN
vg4gqJiONJKaZjGSpkuY1DsxDUtZiAYo8gLzY756keWszhBHyYkmSZbO97QcbGDv
/7CwNhcJmW6E5510mg==
-----END ENCRYPTED PRIVATE KEY-----

Unlike the JKS format, the PKCS#12 container does not extract and store the metadata for attributes such as SANs, validity periods, or other details. For this, you need to pass the raw PEM sections for the public and private keys to the openssl. Simply copy the base64 sections beginning with  -----BEGIN CERTIFICATE----- (including the dashes as shown) up to and including -----END CERTIFICATE----- and save it to a plain text file with the *.pem extension. It is not usually required to extract and investigate private keys. 
 

Related Articles

The following articles may provide more information or related information to this article:

 

Privacy Policy Terms of Use Legal About
© 2024 Delphix Corp