I want to read the Key usage field in a certificate .is there an API is available in openssl ?
Asked
Active
Viewed 2.4k times
9
-
Check the below link you will get the Answer http://stackoverflow.com/questions/10011730/how-to-get-the-keyusage-value-from-the-x509-certificate – Balamurugan Apr 16 '12 at 11:10
3 Answers
15
You can try using the following command in openssl.
openssl x509 -in <certificate to check> -purpose -noout -text
This would print out the list of certificate purpose and the certificate itself.
Lancer-Matrix
- 153
- 4
-
I need to get that in c code .. thanks for ur comment .I will check the source code for this command – Balamurugan Apr 05 '12 at 02:19
9
7 years later...
Newer versions of openssl let you query certificate extensions using -ext flag. See docs for available options.
Print key usage:
$> openssl x509 -noout -ext keyUsage < test.crt
X509v3 Key Usage: critical
Digital Signature, Key Encipherment
Print extended key usage:
$> openssl x509 -noout -ext extendedKeyUsage < test.crt
X509v3 Extended Key Usage:
TLS Web Server Authentication, TLS Web Client Authentication
Note that if you want to print multiple extensions at once, you need to separate than by comma instead of using -ext flag multiple times:
$> openssl x509 -noout \
-ext keyUsage,extendedKeyUsage < test.crt
Yan Foto
- 10,850
- 6
- 57
- 88
0
The previous solutions you need to find inside the result file/output the string "Key Usage". I got the following solution which brings exactly the String inside the Key Usage X509 certificate.
openssl s_client -showcerts -connect SERVER_HERE:443 </dev/null 2>/dev/null|openssl x509 -text |grep v "$(grep -E -A1 "Key Usage")"
The above command get the certificate, parse to text and find the string "Key Usage" and present the next line on the result which represents the value for this particular field on X509.
//Cheers
Rafael Gorski
- 1,483
- 14
- 22