Skip to main content

Display information in a certificate file using the script in FairCom Certificate Manager


Display information in a certificate file using the script in FairCom certificate manager

Displays certificate and private key information in a PEM file.


Run the Python script without command-line arguments, and it will prompt you for the following information:

Welcome to FairCom's Certificate Information Program

Enter the location of the file to inspect (or 'x' to exit): __________

If the file contains a password-protected RSA key, enter that password:__________

Key #: 1
  Modulus hash: 969db60634c9a482bd3e9095f210cd5a5df76c530f9b1ed1e5ef2a85
  Private key bits: 4096

Certificate #: 2
  Modulus hash: 969db60634c9a482bd3e9095f210cd5a5df76c530f9b1ed1e5ef2a85
  Public key bits: 4096
    C: US
    CN: adamh-dt-2019
    L: Sandy
    O: FairCom
    ST: Utah
    C: US
    CN: FairCom Private Certificate Authority
    L: Sandy
    O: FairCom
    ST: Utah
  Serial Number: 20231004152528002138000000001
  Valid From (UTC): 2023-09-05 16:11:47
  Valid Until (UTC): 2024-10-05 02:11:47
  Public key algorithm: sha256
  TLS Version.v3
  Extension information:
    Extension name: Subject Alternative Name
      Critical: False
      DNSName: MyPC
      DNSName: localhost
    Extension name: Basic Constraints
      Critical: True
      CA: False
    Extension name: Key Usage
      Critical: True
      Digital signature: True
      Key encipherment: True
    Extension name: Extended Key Usage
      Critical: True
      Extended key uses:
        Server auth

Press ENTER to exit


Run the Python script with command-line parameters:

python --filePath "/certificates/myCertificate.pem"

Command-line options

usage: [-h]

Welcome to FairCom's Certificate Information Program

This program optionally takes one parameter: the full path to the certificate file to inspect. 
For example:
  python /certificates/myCertificate.pem
  • This script shows information about keys and certificates. Because it is common for multiple keys and certificates to be included inside a single file, this script attempts to find every block of cryptographic data, parse that block, and display information about it.

  • You can also use the OpenSSL CLI to inspect certificates:

    openssl x509 -noout -text -in ca.crt
    • The openSSL command displays additional information that you might find useful:

      • Version: 3 (0x2)

        This line shows that the certificate is TLS version 1.3.

      • Subject: C=US, ST=Missouri, L=Columbia, O=Example, OU=IT, CN=Example Private Certificate Authority

        This line shows the information you entered at the prompts.

      • Public Key Algorithm: rsaEncryption

        This line shows that the key was created using the RSA algorithm.

      • Public-Key: (4096 bit)

        This line shows that the key was created using 4096 bits of entropy.

      • X509v3 extensions:
                    X509v3 Basic Constraints: critical
                        CA:TRUE, pathlen:0
                    X509v3 Key Usage: critical
                        Certificate Sign, CRL Sign

        These lines show that the key pair was created to be a CA key pair and that the roles it is meant for are signing certificates and signing Certificate Revocation Lists (CRLs).