certinfo.py

Display information in a certificate file using the `certinfo.py` script in FairCom Certificate Manager

Abstract

Display information in a certificate file using the certinfo.py script in FairCom certificate manager

Displays certificate and private key information in a PEM file.

Easy

Run the Python script certinfo.py without command-line arguments, and it will prompt you for the following information:

File name of the PEM file.
Optional password of an encrypted private key in the file.

Welcome to FairCom's Certificate Information Program

Enter the location of the file to inspect (or 'x' to exit): __________

If the file contains a password-protected RSA key, enter that password:__________

Key #: 1
  Modulus hash: 969db60634c9a482bd3e9095f210cd5a5df76c530f9b1ed1e5ef2a85
  Private key bits: 4096

Certificate #: 2
  Modulus hash: 969db60634c9a482bd3e9095f210cd5a5df76c530f9b1ed1e5ef2a85
  Public key bits: 4096
  Subject:
    C: US
    CN: adamh-dt-2019
    L: Sandy
    O: FairCom
    ST: Utah
  Issuer:
    C: US
    CN: FairCom Private Certificate Authority
    L: Sandy
    O: FairCom
    ST: Utah
  Serial Number: 20231004152528002138000000001
  Valid From (UTC): 2023-09-05 16:11:47
  Valid Until (UTC): 2024-10-05 02:11:47
  Public key algorithm: sha256
  TLS Version.v3
  Extension information:
    Extension name: Subject Alternative Name
      Critical: False
      DNSName: MyPC
      DNSName: mypc.example.com
      IPAddress: 10.250.250.42
      IPAddress: 127.0.0.1
      DNSName: localhost
    Extension name: Basic Constraints
      Critical: True
      CA: False
    Extension name: Key Usage
      Critical: True
      Digital signature: True
      Key encipherment: True
    Extension name: Extended Key Usage
      Critical: True
      Extended key uses:
        Server auth

Press ENTER to exit

Advanced

Run the Python script certinfo.py with command-line parameters:

python certinfo.py --filePath "/certificates/myCertificate.pem"

Command-line options

usage: certinfo.py [-h]

Welcome to FairCom's Certificate Information Program

This program optionally takes one parameter: the full path to the certificate file to inspect. 
For example:
  python certinfo.py /certificates/myCertificate.pem

More information

This script shows information about keys and certificates. Because it is common for multiple keys and certificates to be included inside a single file, this script attempts to find every block of cryptographic data, parse that block, and display information about it.
You can also use the OpenSSL CLI to inspect certificates:
```
openssl x509 -noout -text -in ca.crt
```
- The openSSL command displays additional information that you might find useful:
  - Version: 3 (0x2)
    This line shows that the certificate is TLS version 1.3.
  - Subject: C=US, ST=Missouri, L=Columbia, O=Example, OU=IT, CN=Example Private Certificate Authority
    This line shows the information you entered at the prompts.
  - Public Key Algorithm: rsaEncryption
    This line shows that the key was created using the RSA algorithm.
  - Public-Key: (4096 bit)
    This line shows that the key was created using 4096 bits of entropy.
  - X509v3 extensions: X509v3 Basic Constraints: critical CA:TRUE, pathlen:0 X509v3 Key Usage: critical Certificate Sign, CRL Sign
    These lines show that the key pair was created to be a CA key pair and that the roles it is meant for are signing certificates and signing Certificate Revocation Lists (CRLs).