Your browser does not allow this site to store cookies and other data. Some functionality on this site may not work without them. See Privacy Policy for details on how we would use cookies.

SSH

ssh-certview-g3

ssh-certview-g3 — certificate viewer

Synopsis

ssh-certview-g3
[options...] file
[options...] file ...

Description

The ssh-certview-g3 program is a simple command-line application, capable of decoding and showing X.509 certificates, CRLs, and certification requests. The command output is written to the standard output.

Options

The following options are available:

-h

Displays a short help.

-verbose

Gives more diagnostic output.

-quiet

Gives no diagnostic output.

-auto

The next input file type is auto-detected (default).

-cert

The next input file is a certificate.

-certpair

The next input file is a cross-certificate pair.

-crmf

The next input file is a CRMF certification request.

-req

The next input file is a PKCS #10 certification request.

-crl

The next input file is a CRL.

-prv

The next input file is a private key.

-pkcs12

The next input file is a PKCS#12 package.

-ssh2

The next input file is an SSH2 public key.

-spkac

The next input file is a Netscape-generated SPKAC request.

-noverify

Does not check the validity of the signature on the input certificate.

-autoenc

Determines PEM/DER automatically (default).

-pem

Assumes that the input file is in PEM (ASCII base-64) format. This option allows both actual PEM (with headers and footers), and plain base-64 (without headers and footers). An example of PEM header and footer is shown below:

-----BEGIN CERTIFICATE-----
encoded data
-----END CERTIFICATE-----
-der

Assumes that the input file is in DER format.

-hexl

Assumes that the input file is in Hexl format. (Hexl is a common Unix tool for outputting binary files in a certain hexadecimal representation.)

-skip number

Skips number bytes from the beginning of input before trying to decode. This is useful if the file contains some garbage before the actual contents.

-ldap

Prints names in LDAP order.

-utf8

Prints names in UTF-8.

-latin1

Prints names in ISO-8859-1.

-base10

Outputs big numbers in base-10 (default).

-base16

Outputs big numbers in base-16.

-base64

Outputs big numbers in base-64.

-width number

Sets output width (number characters).

Example

For example, using a certificate downloaded from pki.ssh.com, when the following command is given:

$ ssh-certview-g3 -width 70 ca-certificate.cer

The following output is produced:

Certificate =
  SubjectName = <C=FI, O=SSH Communications Security Corp, CN=Secure
    Shell Test CA>
  IssuerName = <C=FI, O=SSH Communications Security Corp, CN=Secure
    Shell Test CA>
  SerialNumber= 34679408
  SignatureAlgorithm = rsa-pkcs1-sha1
  Certificate seems to be self-signed.
      * Signature verification success.
  Validity =
    NotBefore = 2003 Dec  3rd, 08:04:27 GMT
    NotAfter  = 2005 Dec  2nd, 08:04:27 GMT
  PublicKeyInfo =
    PublicKey =
      Algorithm name (SSH) : if-modn{sign{rsa-pkcs1-md5}}
      Modulus n  (1024 bits) :
        9635680922805930263476549641957998756341022541202937865240553
        9374740946079473767424224071470837728840839320521621518323377
        3593102350415987252300817926769968881159896955490274368606664
        0759644131690750532665266218696466060377799358036735475902257
        6086098562919363963470926690162744258451983124575595926849551
        903
      Exponent e (  17 bits) :
        65537
  Extensions =
    Available = authority key identifier, subject key identifier, key
      usage(critical), basic constraints(critical), authority
      information access
    KeyUsage = DigitalSignature KeyEncipherment KeyCertSign CRLSign
        [CRITICAL]
    BasicConstraints =
      PathLength = 0
      cA         = TRUE
        [CRITICAL]
    AuthorityKeyID =
      KeyID =
        eb:f0:4d:b5:b2:4c:be:47:35:53:a8:37:d2:8d:c8:b2:f1:19:71:79
    SubjectKeyID =
      KeyId =
        eb:f0:4d:b5:b2:4c:be:47:35:53:a8:37:d2:8d:c8:b2:f1:19:71:79
    AuthorityInfoAccess =
      AccessMethod = 1.3.6.1.5.5.7.48.1
      AccessLocation =
        Following names detected =
          URI (uniform resource indicator)
        Viewing specific name types =
          URI = http://pki.ssh.com:8090/ocsp-1/
  Fingerprints =
    MD5 = c7:af:e5:3d:f6:ea:ce:da:07:93:d0:06:8d:c0:0a:f8
    SHA-1 =
    27:d7:19:47:7c:08:3e:1a:27:4b:68:8e:18:83:e8:f9:23:e8:29:85

===AUTO_SCHEMA_MARKUP===