X509 Command
X509 Command
This command is used for parsing and printing out certificates.
Arguments:
- [-in] X509 file input
- [-inform] pem or der format for input (defaults to pem)
- [-out] file to output to
- [-outform] pem or der format for output (defaults to pem)
- [-req] input file is a CSR file
- [-signkey] a key for signing
- [-*] supported digests for signing (e.g., -sha256)
- [-extfile] config file
- [-extensions] section of the config file to use
- [-noout] no output
- [-subject] print out the subject name
- [-issuer] print out the issuer name
- [-serial] print out the serial number in hex
- [-dates] print out the valid dates of cert
- [-email] print out the subject name's email address
- [-fingerprint] print out the hash of the certificate in DER form
- [-purpose] print out the certificate's purpose
- [-hash] print out the hash of the certificate subject name
- [-text] print human readable text of X509
- [-modulus] print out the RSA key modulus
- [-pubkey] print out the public key
Example:
wolfssl x509 -in ./certs/server-cert.pem -text
wolfssl x509 -inform pem -in certs/ca-cert.pem -outform der -out certs/ca-cert-converted.der
Typical Workflow: View Certificate Details
After creating a certificate (see REQ Command or CA Command), view its details:
wolfssl x509 -in server.pem -text -noout
View specific information:
wolfssl x509 -in server.pem -subject -issuer -dates -noout