certinfo.py
Display information in a certificate file using the certinfo.py
script in FairCom Certificate Manager
Display information in a certificate file using the certinfo.py script in FairCom certificate manager
Displays certificate and private key information in a PEM file.
Easy
Run the Python script certinfo.py
without command-line arguments, and it will prompt you for the following information:
File name of the file containing PEM or PKCS12 data.
Optional password of an encrypted private key in the file.
Welcome to FairCom's Certificate Information Program Enter the location of the file to inspect (or 'x' to exit): __________ Key #: 1 Modulus hash: 969db60634c9a482bd3e9095f210cd5a5df76c530f9b1ed1e5ef2a85 Private key bits: 4096 Certificate #: 2 Modulus hash: 969db60634c9a482bd3e9095f210cd5a5df76c530f9b1ed1e5ef2a85 Public key bits: 4096 Subject: C: US CN: adamh-dt-2019 L: Sandy O: FairCom ST: Utah Issuer: C: US CN: FairCom Private Certificate Authority L: Sandy O: FairCom ST: Utah Serial Number: 20231004152528002138000000001 Valid From (UTC): 2023-09-05 16:11:47 Valid Until (UTC): 2024-10-05 02:11:47 Public key algorithm: sha256 TLS Version.v3 Extension information: Extension name: Subject Alternative Name Critical: False DNSName: MyPC DNSName: mypc.example.com IPAddress: 10.250.250.42 IPAddress: 127.0.0.1 DNSName: localhost Extension name: Basic Constraints Critical: True CA: False Extension name: Key Usage Critical: True Digital signature: True Key encipherment: True Extension name: Extended Key Usage Critical: True Extended key uses: Server auth Press ENTER to exit
Advanced
Run the Python script certinfo.py
with command-line parameters:
python certinfo.py "/certificates/myCertificate.pem"
Command-line options
usage: certinfo.py [-h] Welcome to FairCom's Certificate Information Program This program optionally takes one parameter: the full path to the file to inspect. For example: python certinfo.py /certificates/myCertificate.pem
This script shows information about keys and certificates. Because it is common for multiple keys and certificates to be included inside a single file, this script attempts to find every block of cryptographic data, parse that block, and display information about it.
You can also use the OpenSSL CLI to inspect certificates:
openssl x509 -noout -text -in ca.crt
The openSSL command displays additional information that you might find useful:
Version: 3 (0x2)
This line shows that the certificate is TLS version 1.3.
Subject: C=US, ST=Missouri, L=Columbia, O=Example, OU=IT, CN=Example Private Certificate Authority
This line shows the information you entered at the prompts.
Public Key Algorithm: rsaEncryption
This line shows that the key was created using the RSA algorithm.
Public-Key: (4096 bit)
This line shows that the key was created using 4096 bits of entropy.
X509v3 extensions: X509v3 Basic Constraints: critical CA:TRUE, pathlen:0 X509v3 Key Usage: critical Certificate Sign, CRL Sign
These lines show that the key pair was created to be a CA key pair and that the roles it is meant for are signing certificates and signing Certificate Revocation Lists (CRLs).