Re: [Fed-Talk] How to examine certificate from command line?
Re: [Fed-Talk] How to examine certificate from command line?
- Subject: Re: [Fed-Talk] How to examine certificate from command line?
- From: John Oliver <email@hidden>
- Date: Mon, 19 Nov 2012 11:22:48 -0800
- Thread-topic: How to examine certificate from command line?
How can I find-certificates by SHA1 hash instead of the common name?
There are too many duplicate or ambiguous names in SystemRootCertificates
seems like the hash is the way to go unless there's a better identifier
for unique certs.
On 11/19/12 9:37 AM, "Miller, Timothy J." <email@hidden> wrote:
>You could always view it in the GUI from Keychain Access.
>
>Otherwise, export it and use openssl:
>
>$ security find-certificate -p | openssl x509 -text
>
>-- T
>
>>-----Original Message-----
>>From: fed-talk-bounces+tmiller=email@hidden
>>[mailto:fed-talk-
>>bounces+tmiller=email@hidden] On Behalf Of John Oliver
>>Sent: Monday, November 19, 2012 11:34 AM
>>To: email@hidden
>>Subject: [Fed-Talk] How to examine certificate from command line?
>>
>>In OS X (10.7.5 specifically), how would one examine the contents of a
>>certificate from the command line? The 'security' command will list
>>them, but
>>if it includes the contents, it sure isn't human-readable...
>>
>>
>>
>>
>>keychain: "/System/Library/Keychains/SystemRootCertificates.keychain"
>>
>>class: 0x80001000
>>
>>attributes:
>>
>> "alis"<blob>="Wells Fargo Root Certificate Authority"
>>
>> "cenc"<uint32>=0x00000003
>>
>> "ctyp"<uint32>=0x00000001
>>
>> "hpky"<blob>=0x14AF18F7BDE6E76BE35AFAEA51EFFED45A7139C0
>>"\024\257\030\367\275\346\347k\343Z\372\352Q\357\376\324Zq9\300"
>>
>>
>>"issu"<blob>=0x308182310B300906035504061302555331143012060355040A130
>>B57454C4C5320464152474F312C302A060355040B132357454C4C5320464152474
>>F2043455254494649434154494F4E20415554484F52495459312F302D0603550403
>>132657454C4C5320464152474F20524F4F542043455254494649434154452041555
>>4484F52495459
>>"0\201\2021\0130\011\006\003U\004\006\023\002US1\0240\022\006\003U\00
>>4\012\023\013WELLS FARGO1,0*\006\003U\004\013\023#WELLS FARGO
>>CERTIFICATION AUTHORITY1/0-\006\003U\004\003\023&WELLS FARGO ROOT
>>CERTIFICATE AUTHORITY"
>>
>> "labl"<blob>="Wells Fargo Root Certificate Authority"
>>
>> "skid"<blob>=<NULL>
>>
>> "snbr"<blob>=0x39E4979E "9\344\227\236"
>>
>>
>>"subj"<blob>=0x308182310B300906035504061302555331143012060355040A13
>>0B57454C4C5320464152474F312C302A060355040B132357454C4C532046415247
>>4F2043455254494649434154494F4E20415554484F52495459312F302D060355040
>>3132657454C4C5320464152474F20524F4F54204345525449464943415445204155
>>54484F52495459
>>"0\201\2021\0130\011\006\003U\004\006\023\002US1\0240\022\006\003U\00
>>4\012\023\013WELLS FARGO1,0*\006\003U\004\013\023#WELLS FARGO
>>CERTIFICATION AUTHORITY1/0-\006\003U\004\003\023&WELLS FARGO ROOT
>>CERTIFICATE AUTHORITY"
>>
>>
>>
>>
>>--
>>
>> John Oliver | SAIC
>>
>> Defense & Maritime Solutions
>>
>> Surveillance and Reconnaissance Solutions Division
>>
>> SPAWAR Systems Center - Pacific | Code 53223
>>
>> Sr. Systems Administrator
>>
>> Bldg 600 | Room 428N
>>
>> Office: (619) 553-9567
>>
>> Mobile: (571) 481-0198
>>
>> email@hidden
>>
>> email@hidden
>>
>> DCO: email@hidden
>
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Fed-talk mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden