How to view the contents of a .pem certificate?

Question

I am using Java keytool. I have exported a self-signed .pem certificate from my keystore. Is there a command to view the certificate details directly from the .pem file (not of the certificate in the keystore)?

Portecle is also very useful for that: http://portecle.sourceforge.net/ — endo64, Dec 28 '18 at 07:30

score 504 · Answer 1 · edited Jul 04 '19 at 11:37

504

An alternative to using keytool, you can use the command

openssl x509 -in certificate.pem -text

This should work for any x509 .pem file provided you have openssl installed.

edited Jul 04 '19 at 11:37

Cristian Ciupitu

20,270
7
50
76

answered Feb 12 '16 at 12:16

StampyCode

7,218
3
28
44

7

Actually, `keytool` errored out with `java.lang.Exception: Failed to parse input` for some pems, but this worked for all of them – Csaba Toth Apr 13 '18 at 18:23
If you want the aliases only: `openssl x509 -in file.pem -text | grep -A 1 'Alternative Name'` – qräbnö Jul 11 '18 at 10:27
10

In my case I had to change "x509" with "rsa" so I guess it depends on the .pem contents. I used `file` command to know that it was "rsa" and not "x509" (e.g. `file xyz.pem`). – MegaTux May 22 '19 at 19:40
11

@megatux a PEM file can contain a few different types of data `x509` is the format for certificates, `rsa` is the format for a public/private key pair. – alfwatt Jun 07 '19 at 22:46
1

A rookie approach is to open the pem file using Firefox – GMaster Aug 19 '20 at 17:27
8

For shorter text-output try: `openssl x509 -in certificate.pem -text -noout` - This will omit the last ~ 40 lines of text from the output ( BEGIN CERTIFICATE ... END CERTIFICATE stuff) – knb Oct 22 '20 at 12:28
2

to get only the subject: `openssl x509 -noout -subject -in file.pem` – Oct 23 '20 at 07:23

score 242 · Accepted Answer · edited Jul 04 '19 at 11:33

242

Use the -printcert command like this:

keytool -printcert -file certificate.pem

edited Jul 04 '19 at 11:33

Cristian Ciupitu

20,270
7
50
76

answered Mar 18 '12 at 13:00

Drona

6,886
1
29
35

42

I am getting the error java.lang.Exception: Failed to parse input – maxisme Jun 06 '14 at 00:19
15

@Maximilian it may happen on APNS certificates, which combines private key & certificate into one `.pem`. Separate them into 2 files using text editor and the above command will work. (Hint: copy `-- BEGIN CERTIFICATE --` line to `-- END CERTIFICATE --` line to new file) – Raptor Jan 02 '15 at 04:13
3

needs java (jdk or jre) – Pieter Nov 14 '16 at 01:57
Check the name of your pem file. – tksilicon Feb 16 '20 at 06:03

score 2 · Answer 3 · edited May 11 '23 at 16:38

2

In Windows, no external tools needed, just powershell:

Import cert file to variable $cert

$fpath = "path-to-file"
$cert = New-Object Security.Cryptography.X509Certificates.X509Certificate2([string]$fpath)

To view all content of certificate, type

$cert | select *

Should work for other cert extensions as well.

edited May 11 '23 at 16:38

Paul Verest

60,022
51
208
332

answered Apr 19 '23 at 11:42

PJ K

21
1

Screenshot would be nice. Is it console or GUI output? – Paul Verest May 11 '23 at 16:38
@PaulVerest Console output. – PoolloverNathan Jun 05 '23 at 22:30

How to view the contents of a .pem certificate?

3 Answers3

Linked