ssh-certview(1) ssh-certview(1)
NAME
ssh-certview - certificate viewer
SYNOPSIS
ssh-certview [options ] file [options ] file ...
DESCRIPTION
The ssh-certview program is a simple command-line applica-
tion, capable of decoding and showing X.509 certificates,
CRLs, and certification requests. The command output is
written to the standard output.
OPTIONS
-h Displays short help.
-verbose
Gives more diagnostic output.
-quiet Gives no diagnostic output.
-auto The next input file type is auto-detected
(default).
-cert The next input file is a certificate.
-crmf The next input file is a CRMF certification
request.
-req The next input file is a PKCS #10 certification
request.
-crl The next input file is a CRL.
-prv The next input file is a private key.
-ssh2 The next input file is an SSH2 public key.
-spkac The next input file is a Netscape-generated SPKAC
request.
SSH Certificate Viewer April 8, 2004 1
ssh-certview(1) ssh-certview(1)
-noverify
Does not check the validity of the signature on
the input certificate.
-autoenc
Determines PEM/DER automatically (default).
-pem Assumes that the input file is in PEM (ASCII
base-64) format. This option allows both actual
PEM (with headers and footers), and plain base-64
(without headers and footers). An example of PEM
header and footer is shown below:
-----BEGIN CERTIFICATE-----
encoded data
-----END CERTIFICATE-----
-der Assumes that the input file is in DER format.
-hexl Assumes that the input file is in hexl format.
-skip n Skips n bytes from the beginning of input before
trying to decode. This is useful if the file con-
tains some garbage before the actual contents.
-ldap Prints names in LDAP order.
-utf8 Prints names in UTF-8.
-latin1 Prints names in ISO-8859-1.
-base10 Outputs big numbers in base-10 (default).
-base16 Outputs big numbers in base-16.
-base64 Outputs big numbers in base-64.
-width w
Sets output width (w characters).
SSH Certificate Viewer April 8, 2004 2
ssh-certview(1) ssh-certview(1)
EXAMPLE
For example, using a CA certificate downloaded from
pki.ssh.com, when the following command is given:
$ ssh-certview -width 70 ca-certificate.cer
The following output is produced:
Certificate =
SubjectName = <C=FI, O=SSH Communications Security Corp, CN=Secure
Shell Test CA>
IssuerName = <C=FI, O=SSH Communications Security Corp, CN=Secure
Shell Test CA>
SerialNumber= 34679408
SignatureAlgorithm = rsa-pkcs1-sha1
Certificate seems to be self-signed.
* Signature verification success.
Validity =
NotBefore = 2003 Dec 3rd, 08:04:27 GMT
NotAfter = 2005 Dec 2nd, 08:04:27 GMT
PublicKeyInfo =
PublicKey =
Algorithm name (SSH) : if-modn{sign{rsa-pkcs1-md5}}
Modulus n (1024 bits) :
9635680922805930263476549641957998756341022541202937865240553
9374740946079473767424224071470837728840839320521621518323377
3593102350415987252300817926769968881159896955490274368606664
0759644131690750532665266218696466060377799358036735475902257
6086098562919363963470926690162744258451983124575595926849551
903
Exponent e ( 17 bits) :
65537
Extensions =
Available = authority key identifier, subject key identifier, key
usage(critical), basic constraints(critical), authority
information access
KeyUsage = DigitalSignature KeyEncipherment KeyCertSign CRLSign
[CRITICAL]
BasicConstraints =
PathLength = 0
cA = TRUE
[CRITICAL]
AuthorityKeyID =
KeyID =
eb:f0:4d:b5:b2:4c:be:47:35:53:a8:37:d2:8d:c8:b2:f1:19:71:79
SubjectKeyID =
KeyId =
eb:f0:4d:b5:b2:4c:be:47:35:53:a8:37:d2:8d:c8:b2:f1:19:71:79
AuthorityInfoAccess =
AccessMethod = 1.3.6.1.5.5.7.48.1
AccessLocation =
SSH Certificate Viewer April 8, 2004 3
ssh-certview(1) ssh-certview(1)
Following names detected =
URI (uniform resource indicator)
Viewing specific name types =
URI = http://pki.ssh.com:8090/ocsp-1/
Fingerprints =
MD5 = c7:af:e5:3d:f6:ea:ce:da:07:93:d0:06:8d:c0:0a:f8
SHA-1 =
27:d7:19:47:7c:08:3e:1a:27:4b:68:8e:18:83:e8:f9:23:e8:29:85
AUTHORS
SSH Communications Security Corp.
For more information, see http://www.ssh.com.
SSH Certificate Viewer April 8, 2004 4