ssh-certview-g3 — certificate viewer
The ssh-certview-g3
program
(ssh-certview-g3.exe
on Windows)
is a simple command-line application, capable of decoding and showing
X.509 certificates, CRLs, and certification requests. The command output
is written to the standard output.
The following options are available:
-h
Displays a short help.
-verbose
Gives more diagnostic output.
-quiet
Gives no diagnostic output.
-auto
The next input file type is auto-detected (default).
-cert
The next input file is a certificate.
-certpair
The next input file is a cross-certificate pair.
-crmf
The next input file is a CRMF certification request.
-req
The next input file is a PKCS #10 certification request.
-crl
The next input file is a CRL.
-prv
The next input file is a private key.
-pkcs12
The next input file is a PKCS#12 package.
-ssh2
The next input file is an SSH2 public key.
-spkac
The next input file is a Netscape-generated SPKAC request.
-noverify
Does not check the validity of the signature on the input certificate.
-autoenc
Determines PEM/DER automatically (default).
-pem
Assumes that the input file is in PEM (ASCII base-64) format. This option allows both actual PEM (with headers and footers), and plain base-64 (without headers and footers). An example of PEM header and footer is shown below:
-----BEGIN CERTIFICATE----- encoded data -----END CERTIFICATE-----
-der
Assumes that the input file is in DER format.
-hexl
Assumes that the input file is in Hexl format. (Hexl is a common Unix tool for outputting binary files in a certain hexadecimal representation.)
-skip
number
Skips number
bytes from the beginning of input before trying to
decode. This is useful if the file contains some garbage before the
actual contents.
-ldap
Prints names in LDAP order.
-utf8
Prints names in UTF-8.
-latin1
Prints names in ISO-8859-1.
-base10
Outputs big numbers in base-10 (default).
-base16
Outputs big numbers in base-16.
-base64
Outputs big numbers in base-64.
-width
number
Sets output width (number
characters).
For example, using a certificate downloaded from pki.ssh.com
,
when the following command is given:
$ ssh-certview-g3 -width 70 ca-certificate.cer
The following output is produced:
Certificate = SubjectName = <C=FI, O=SSH Communications Security Corp, CN=Secure Shell Test CA> IssuerName = <C=FI, O=SSH Communications Security Corp, CN=Secure Shell Test CA> SerialNumber= 34679408 SignatureAlgorithm = rsa-pkcs1-sha1 Certificate seems to be self-signed. * Signature verification success. Validity = NotBefore = 2003 Dec 3rd, 08:04:27 GMT NotAfter = 2005 Dec 2nd, 08:04:27 GMT PublicKeyInfo = PublicKey = Algorithm name (SSH) : if-modn{sign{rsa-pkcs1-md5}} Modulus n (1024 bits) : 9635680922805930263476549641957998756341022541202937865240553 9374740946079473767424224071470837728840839320521621518323377 3593102350415987252300817926769968881159896955490274368606664 0759644131690750532665266218696466060377799358036735475902257 6086098562919363963470926690162744258451983124575595926849551 903 Exponent e ( 17 bits) : 65537 Extensions = Available = authority key identifier, subject key identifier, key usage(critical), basic constraints(critical), authority information access KeyUsage = DigitalSignature KeyEncipherment KeyCertSign CRLSign [CRITICAL] BasicConstraints = PathLength = 0 cA = TRUE [CRITICAL] AuthorityKeyID = KeyID = eb:f0:4d:b5:b2:4c:be:47:35:53:a8:37:d2:8d:c8:b2:f1:19:71:79 SubjectKeyID = KeyId = eb:f0:4d:b5:b2:4c:be:47:35:53:a8:37:d2:8d:c8:b2:f1:19:71:79 AuthorityInfoAccess = AccessMethod = 1.3.6.1.5.5.7.48.1 AccessLocation = Following names detected = URI (uniform resource indicator) Viewing specific name types = URI = http://pki.ssh.com:8090/ocsp-1/ Fingerprints = MD5 = c7:af:e5:3d:f6:ea:ce:da:07:93:d0:06:8d:c0:0a:f8 SHA-1 = 27:d7:19:47:7c:08:3e:1a:27:4b:68:8e:18:83:e8:f9:23:e8:29:85