| | |
| ||
| ||
     |
ssh-certview-g3 — certificate viewer
The ssh-certview-g3 program (ssh-certview-g3.exe on Windows) is a simple command-line application, capable of decoding and showing X.509 certificates, CRLs, and certification requests. The command output is written to the standard output.
The following options are available:
-hDisplays a short help.
-verboseGives more diagnostic output.
-quietGives no diagnostic output.
-autoThe next input file type is auto-detected (default).
-certThe next input file is a certificate.
-certpairThe next input file is a cross-certificate pair.
-crmfThe next input file is a CRMF certification request.
-reqThe next input file is a PKCS #10 certification request.
-crlThe next input file is a CRL.
-prvThe next input file is a private key.
-pkcs12The next input file is a PKCS#12 package.
-ssh2The next input file is an SSH2 public key.
-spkacThe next input file is a Netscape-generated SPKAC request.
-noverifyDoes not check the validity of the signature on the input certificate.
-autoencDetermines PEM/DER automatically (default).
-pemAssumes that the input file is in PEM (ASCII base-64) format. This option allows both actual PEM (with headers and footers), and plain base-64 (without headers and footers). An example of PEM header and footer is shown below:
-----BEGIN CERTIFICATE----- encoded data -----END CERTIFICATE-----
-derAssumes that the input file is in DER format.
-hexlAssumes that the input file is in Hexl format. (Hexl is a common Unix tool for outputting binary files in a certain hexadecimal representation.)
-skip numberSkips number bytes from the beginning of input before trying to
decode. This is useful if the file contains some garbage before the
actual contents.
-ldapPrints names in LDAP order.
-utf8Prints names in UTF-8.
-latin1Prints names in ISO-8859-1.
-base10Outputs big numbers in base-10 (default).
-base16Outputs big numbers in base-16.
-base64Outputs big numbers in base-64.
-width numberSets output width (number characters).
For example, using a certificate downloaded from pki.ssh.com,
when the following command is given:
$ ssh-certview-g3 -width 70 ca-certificate.cer
The following output is produced:
Certificate =
SubjectName = <C=FI, O=SSH Communications Security Corp, CN=Secure
Shell Test CA>
IssuerName = <C=FI, O=SSH Communications Security Corp, CN=Secure
Shell Test CA>
SerialNumber= 34679408
SignatureAlgorithm = rsa-pkcs1-sha1
Certificate seems to be self-signed.
* Signature verification success.
Validity =
NotBefore = 2003 Dec 3rd, 08:04:27 GMT
NotAfter = 2005 Dec 2nd, 08:04:27 GMT
PublicKeyInfo =
PublicKey =
Algorithm name (SSH) : if-modn{sign{rsa-pkcs1-md5}}
Modulus n (1024 bits) :
9635680922805930263476549641957998756341022541202937865240553
9374740946079473767424224071470837728840839320521621518323377
3593102350415987252300817926769968881159896955490274368606664
0759644131690750532665266218696466060377799358036735475902257
6086098562919363963470926690162744258451983124575595926849551
903
Exponent e ( 17 bits) :
65537
Extensions =
Available = authority key identifier, subject key identifier, key
usage(critical), basic constraints(critical), authority
information access
KeyUsage = DigitalSignature KeyEncipherment KeyCertSign CRLSign
[CRITICAL]
BasicConstraints =
PathLength = 0
cA = TRUE
[CRITICAL]
AuthorityKeyID =
KeyID =
eb:f0:4d:b5:b2:4c:be:47:35:53:a8:37:d2:8d:c8:b2:f1:19:71:79
SubjectKeyID =
KeyId =
eb:f0:4d:b5:b2:4c:be:47:35:53:a8:37:d2:8d:c8:b2:f1:19:71:79
AuthorityInfoAccess =
AccessMethod = 1.3.6.1.5.5.7.48.1
AccessLocation =
Following names detected =
URI (uniform resource indicator)
Viewing specific name types =
URI = http://pki.ssh.com:8090/ocsp-1/
Fingerprints =
MD5 = c7:af:e5:3d:f6:ea:ce:da:07:93:d0:06:8d:c0:0a:f8
SHA-1 =
27:d7:19:47:7c:08:3e:1a:27:4b:68:8e:18:83:e8:f9:23:e8:29:85
| |
Copyright 
2008 SSH Communications Security Corp.
This software is protected by international copyright laws. All rights reserved.
Contact Information