OpenSSL command to parse certificate

OpenSSL command to parse certificate

In this post, we will learn about openSSL command that used to parse pem certificate on Ubuntu operating system.
Save below SSL certificate in a file with name cert.pem

 -----BEGIN CERTIFICATE-----  
 MIIHxzCCBq+gAwIBAgIIVQ0A1nm/F3swDQYJKoZIhvcNAQELBQAwVDELMAkGA1UE  
 BhMCVVMxHjAcBgNVBAoTFUdvb2dsZSBUcnVzdCBTZXJ2aWNlczElMCMGA1UEAxMc  
 R29vZ2xlIEludGVybmV0IEF1dGhvcml0eSBHMzAeFw0xODExMjcxNDAyMDBaFw0x  
 OTAyMTkxNDAyMDBaMGYxCzAJBgNVBAYTAlVTMRMwEQYDVQQIDApDYWxpZm9ybmlh  
 MRYwFAYDVQQHDA1Nb3VudGFpbiBWaWV3MRMwEQYDVQQKDApHb29nbGUgTExDMRUw  
 EwYDVQQDDAwqLmdvb2dsZS5jb20wWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAAQh  
 4dvV+L1osQ7c2x8LgsuHE09NqB4H7nO5MmSul1Bda56d6C7IrqBumitdrYm0ybWR  
 WtTjpYA9cYeH1w/EmBECo4IFVDCCBVAwEwYDVR0lBAwwCgYIKwYBBQUHAwEwDgYD  
 VR0PAQH/BAQDAgeAMIIEGQYDVR0RBIIEEDCCBAyCDCouZ29vZ2xlLmNvbYINKi5h  
 bmRyb2lkLmNvbYIWKi5hcHBlbmdpbmUuZ29vZ2xlLmNvbYISKi5jbG91ZC5nb29n  
 bGUuY29tggYqLmcuY2+CDiouZ2NwLmd2dDIuY29tggoqLmdncGh0LmNughYqLmdv  
 b2dsZS1hbmFseXRpY3MuY29tggsqLmdvb2dsZS5jYYILKi5nb29nbGUuY2yCDiou  
 Z29vZ2xlLmNvLmlugg4qLmdvb2dsZS5jby5qcIIOKi5nb29nbGUuY28udWuCDyou  
 Z29vZ2xlLmNvbS5hcoIPKi5nb29nbGUuY29tLmF1gg8qLmdvb2dsZS5jb20uYnKC  
 DyouZ29vZ2xlLmNvbS5jb4IPKi5nb29nbGUuY29tLm14gg8qLmdvb2dsZS5jb20u  
 dHKCDyouZ29vZ2xlLmNvbS52boILKi5nb29nbGUuZGWCCyouZ29vZ2xlLmVzggsq  
 Lmdvb2dsZS5mcoILKi5nb29nbGUuaHWCCyouZ29vZ2xlLml0ggsqLmdvb2dsZS5u  
 bIILKi5nb29nbGUucGyCCyouZ29vZ2xlLnB0ghIqLmdvb2dsZWFkYXBpcy5jb22C  
 DyouZ29vZ2xlYXBpcy5jboIUKi5nb29nbGVjb21tZXJjZS5jb22CESouZ29vZ2xl  
 dmlkZW8uY29tggwqLmdzdGF0aWMuY26CDSouZ3N0YXRpYy5jb22CEiouZ3N0YXRp  
 Y2NuYXBwcy5jboIKKi5ndnQxLmNvbYIKKi5ndnQyLmNvbYIUKi5tZXRyaWMuZ3N0  
 YXRpYy5jb22CDCoudXJjaGluLmNvbYIQKi51cmwuZ29vZ2xlLmNvbYIWKi55b3V0  
 dWJlLW5vY29va2llLmNvbYINKi55b3V0dWJlLmNvbYIWKi55b3V0dWJlZWR1Y2F0  
 aW9uLmNvbYIRKi55b3V0dWJla2lkcy5jb22CByoueXQuYmWCCyoueXRpbWcuY29t  
 ghphbmRyb2lkLmNsaWVudHMuZ29vZ2xlLmNvbYILYW5kcm9pZC5jb22CG2RldmVs  
 b3Blci5hbmRyb2lkLmdvb2dsZS5jboIcZGV2ZWxvcGVycy5hbmRyb2lkLmdvb2ds  
 ZS5jboIEZy5jb4IIZ2dwaHQuY26CBmdvby5nbIIUZ29vZ2xlLWFuYWx5dGljcy5j  
 b22CCmdvb2dsZS5jb22CEmdvb2dsZWNvbW1lcmNlLmNvbYIYc291cmNlLmFuZHJv  
 aWQuZ29vZ2xlLmNuggp1cmNoaW4uY29tggp3d3cuZ29vLmdsggh5b3V0dS5iZYIL  
 eW91dHViZS5jb22CFHlvdXR1YmVlZHVjYXRpb24uY29tgg95b3V0dWJla2lkcy5j  
 b22CBXl0LmJlMGgGCCsGAQUFBwEBBFwwWjAtBggrBgEFBQcwAoYhaHR0cDovL3Br  
 aS5nb29nL2dzcjIvR1RTR0lBRzMuY3J0MCkGCCsGAQUFBzABhh1odHRwOi8vb2Nz  
 cC5wa2kuZ29vZy9HVFNHSUFHMzAdBgNVHQ4EFgQUbXkS/UoFxQ478CmEhFGuELv9  
 wCwwDAYDVR0TAQH/BAIwADAfBgNVHSMEGDAWgBR3wrhQmmd2drEtwobQg6B+pn66  
 SzAhBgNVHSAEGjAYMAwGCisGAQQB1nkCBQMwCAYGZ4EMAQICMDEGA1UdHwQqMCgw  
 JqAkoCKGIGh0dHA6Ly9jcmwucGtpLmdvb2cvR1RTR0lBRzMuY3JsMA0GCSqGSIb3  
 DQEBCwUAA4IBAQBGWxDUuGST/mFAv1xeJL7IJVyXsjtyIaPyQZaavVq+/eVS9Iek  
 ix6pJQ+AkibFvP2fKq9JxrktFdvsHJMAN9x0R4YXa0GkcUzhkTEHrX+gQ4oeRPmH  
 83aZH3CAz2Mv4siB8n3dIBwxrOAcBje/KlvGDmqF08Yy6twlRt7LwcVA84ebxkXg  
 Igc8VsIzwBRrJDGFTfM4sIm66+KErwWyMqfNnr7KMZTJp9AU/B3I9AT7AbC5aWZ1  
 itOu154IppIV4cXAU5/7wK96kosDGmIbiBnVKUraEfKRUm0pNG8EA6Lv7uDGJOje  
 Wcw8Po0wM93wTFkOW3MiVYGIQ6lg8Pef4Ljy  
 -----END CERTIFICATE-----  

Parse above SSL certificate with below OpenSSL command

 openssl x509 -in gcert.pem -text -noout  

Above command will parse SSL certificate and return below output

 Certificate:  
   Data:  
     Version: 3 (0x2)  
     Serial Number: 6128555589086680955 (0x550d00d679bf177b)  
   Signature Algorithm: sha256WithRSAEncryption  
     Issuer: C=US, O=Google Trust Services, CN=Google Internet Authority G3  
     Validity  
       Not Before: Nov 27 14:02:00 2018 GMT  
       Not After : Feb 19 14:02:00 2019 GMT  
     Subject: C=US, ST=California, L=Mountain View, O=Google LLC, CN=*.google.com  
     Subject Public Key Info:  
       Public Key Algorithm: id-ecPublicKey  
         Public-Key: (256 bit)  
         pub:   
           04:21:e1:db:d5:f8:bd:68:b1:0e:dc:db:1f:0b:82:  
           cb:87:13:4f:4d:a8:1e:07:ee:73:b9:32:64:ae:97:  
           50:5d:6b:9e:9d:e8:2e:c8:ae:a0:6e:9a:2b:5d:ad:  
           89:b4:c9:b5:91:5a:d4:e3:a5:80:3d:71:87:87:d7:  
           0f:c4:98:11:02  
         ASN1 OID: prime256v1  
         NIST CURVE: P-256  
     X509v3 extensions:  
       X509v3 Extended Key Usage:   
         TLS Web Server Authentication  
       X509v3 Key Usage: critical  
         Digital Signature  
       X509v3 Subject Alternative Name:   
         DNS:*.google.com, DNS:*.android.com, DNS:*.appengine.google.com, DNS:*.cloud.google.com, DNS:*.g.co, DNS:*.gcp.gvt2.com, DNS:*.ggpht.cn, DNS:*.google-analytics.com, DNS:*.google.ca, DNS:*.google.cl, DNS:*.google.co.in, DNS:*.google.co.jp, DNS:*.google.co.uk, DNS:*.google.com.ar, DNS:*.google.com.au, DNS:*.google.com.br, DNS:*.google.com.co, DNS:*.google.com.mx, DNS:*.google.com.tr, DNS:*.google.com.vn, DNS:*.google.de, DNS:*.google.es, DNS:*.google.fr, DNS:*.google.hu, DNS:*.google.it, DNS:*.google.nl, DNS:*.google.pl, DNS:*.google.pt, DNS:*.googleadapis.com, DNS:*.googleapis.cn, DNS:*.googlecommerce.com, DNS:*.googlevideo.com, DNS:*.gstatic.cn, DNS:*.gstatic.com, DNS:*.gstaticcnapps.cn, DNS:*.gvt1.com, DNS:*.gvt2.com, DNS:*.metric.gstatic.com, DNS:*.urchin.com, DNS:*.url.google.com, DNS:*.youtube-nocookie.com, DNS:*.youtube.com, DNS:*.youtubeeducation.com, DNS:*.youtubekids.com, DNS:*.yt.be, DNS:*.ytimg.com, DNS:android.clients.google.com, DNS:android.com, DNS:developer.android.google.cn, DNS:developers.android.google.cn, DNS:g.co, DNS:ggpht.cn, DNS:goo.gl, DNS:google-analytics.com, DNS:google.com, DNS:googlecommerce.com, DNS:source.android.google.cn, DNS:urchin.com, DNS:www.goo.gl, DNS:youtu.be, DNS:youtube.com, DNS:youtubeeducation.com, DNS:youtubekids.com, DNS:yt.be  
       Authority Information Access:   
         CA Issuers - URI:http://pki.goog/gsr2/GTSGIAG3.crt  
         OCSP - URI:http://ocsp.pki.goog/GTSGIAG3  
       X509v3 Subject Key Identifier:   
         6D:79:12:FD:4A:05:C5:0E:3B:F0:29:84:84:51:AE:10:BB:FD:C0:2C  
       X509v3 Basic Constraints: critical  
         CA:FALSE  
       X509v3 Authority Key Identifier:   
         keyid:77:C2:B8:50:9A:67:76:76:B1:2D:C2:86:D0:83:A0:7E:A6:7E:BA:4B  
       X509v3 Certificate Policies:   
         Policy: 1.3.6.1.4.1.11129.2.5.3  
         Policy: 2.23.140.1.2.2  
       X509v3 CRL Distribution Points:   
         Full Name:  
          URI:http://crl.pki.goog/GTSGIAG3.crl  
   Signature Algorithm: sha256WithRSAEncryption  
      46:5b:10:d4:b8:64:93:fe:61:40:bf:5c:5e:24:be:c8:25:5c:  
      97:b2:3b:72:21:a3:f2:41:96:9a:bd:5a:be:fd:e5:52:f4:87:  
      a4:8b:1e:a9:25:0f:80:92:26:c5:bc:fd:9f:2a:af:49:c6:b9:  
      2d:15:db:ec:1c:93:00:37:dc:74:47:86:17:6b:41:a4:71:4c:  
      e1:91:31:07:ad:7f:a0:43:8a:1e:44:f9:87:f3:76:99:1f:70:  
      80:cf:63:2f:e2:c8:81:f2:7d:dd:20:1c:31:ac:e0:1c:06:37:  
      bf:2a:5b:c6:0e:6a:85:d3:c6:32:ea:dc:25:46:de:cb:c1:c5:  
      40:f3:87:9b:c6:45:e0:22:07:3c:56:c2:33:c0:14:6b:24:31:  
      85:4d:f3:38:b0:89:ba:eb:e2:84:af:05:b2:32:a7:cd:9e:be:  
      ca:31:94:c9:a7:d0:14:fc:1d:c8:f4:04:fb:01:b0:b9:69:66:  
      75:8a:d3:ae:d7:9e:08:a6:92:15:e1:c5:c0:53:9f:fb:c0:af:  
      7a:92:8b:03:1a:62:1b:88:19:d5:29:4a:da:11:f2:91:52:6d:  
      29:34:6f:04:03:a2:ef:ee:e0:c6:24:e8:de:59:cc:3c:3e:8d:  
      30:33:dd:f0:4c:59:0e:5b:73:22:55:81:88:43:a9:60:f0:f7:  
      9f:e0:b8:f2  

Please write comments if you find anything incorrect, or you want to share more information about the topic discussed above.