'how to read the keyusage of a X509 V3 certificate?
I want to read the Key usage field in a certificate .is there an API is available in openssl ?
Solution 1:[1]
You can try using the following command in openssl.
openssl x509 -in <certificate to check> -purpose -noout -text
This would print out the list of certificate purpose and the certificate itself.
Solution 2:[2]
7 years later...
Newer versions of openssl let you query certificate extensions using -ext flag. See docs for available options.
Print key usage:
$> openssl x509 -noout -ext keyUsage < test.crt
X509v3 Key Usage: critical
Digital Signature, Key Encipherment
Print extended key usage:
$> openssl x509 -noout -ext extendedKeyUsage < test.crt
X509v3 Extended Key Usage:
TLS Web Server Authentication, TLS Web Client Authentication
Note that if you want to print multiple extensions at once, you need to separate than by comma instead of using -ext flag multiple times:
$> openssl x509 -noout \
-ext keyUsage,extendedKeyUsage < test.crt
Solution 3:[3]
The previous solutions you need to find inside the result file/output the string "Key Usage". I got the following solution which brings exactly the String inside the Key Usage X509 certificate.
openssl s_client -showcerts -connect SERVER_HERE:443 </dev/null 2>/dev/null|openssl x509 -text |grep v "$(grep -E -A1 "Key Usage")"
The above command get the certificate, parse to text and find the string "Key Usage" and present the next line on the result which represents the value for this particular field on X509.
//Cheers
Sources
This article follows the attribution requirements of Stack Overflow and is licensed under CC BY-SA 3.0.
Source: Stack Overflow
| Solution | Source |
|---|---|
| Solution 1 | Lancer-Matrix |
| Solution 2 | |
| Solution 3 | Rafael Gorski |