ipsec_certview(8)ipsec_certview(8)NAMEipsec_certview - Displays the contents of IPsec certificate files
SYNOPSIS
/usr/sbin/ipsec_certview [options] file [[options] file] ...
OPTIONS
Specifies a file that contains an X.509 public key certificate or cer‐
tificate request. Specifies a file that contains an X.509 certificate
revocation list. Specifies a file that contains a private key. Speci‐
fies a file whose contents are in HEXL format. The default format is
binary (DER) encoding. Specifies a file whose contents are in PEM for‐
mat. The default format is binary (DER) encoding. Prints X.500-style
names in the order that would be used when fetching the certificate
from an LDAP server. Displays large numbers (for example, key values)
in base 16 notation. Sets the output line width to n characters. Dis‐
plays a summary of the command options and exit.
DESCRIPTION
The ipsec_certview command displays the contents of files containing
public-key certificate information. This command and other related
certificate commands provided in this IPsec implementation are intended
for testing purposes only. They are not intended to provide a complete
public-key certificate infrastructure.
Each input file is read, and a formatted display of the certificate
data is written to standard output. Information displayed includes
certificate subject name, issuer, validity dates, key information, and
extensions. The type of certificate-related file is specified by the
-cert, -crl, and -prv options. If no file type is specified, the util‐
ity will attempt to figure out the file type from the file contents.
If both the file type and encoding format are omitted, the utility
assumes binary encoding and tries to guess the file type. This might
fail and produce spurious error messages, particularly if the file is
actually PEM encoded.
RESTRICTIONS
The viewing of private key files associated with Digital Signature
Authority (DSA) certificates is not currently supported.
EXAMPLES
The following displays a PEM-encoded certificate file: # ipsec_certview-pem -base16 test-root.pem SSH X.509 v3 certificate and v2 crl viewer
demo Copyright (c) 1998-2000 SSH Communications Security, Ltd. All
rights reserved. Reading file 'test-root.pem' for automatic. Trying
to decode the object...
assuming it is a certificate ... success.
Certificate =
SerialNumber = 0x84c
SubjectName =
IssuerName =
Certificate seems to be self-signed.
* Signature verification success.
Validity =
NotBefore = 2000 Jan 1st, 19:30:00 GMT
NotAfter = 2001 Jan 1st, 12:00:00 GMT
PublicKeyInfo =
Algorithm name (X.509) : dsaEncryption
SSH library default names
base type = dl-modp
signature algorithm = dsa-nist-sha1
Modulus p ( 768 bits) :
0x81a4c0494153974b5d8a6fcf24d7813b7ac6768b26a8b4d1cf53cc1067b5b57a0890644
edfaf2271b4afeca4d378f824624a001360846a16eba0fb1ade3b2f89273a5c9ca853b272
34e1db63ff4cc73a005855d897e46ecd4d8eb461f15125e5
Group order q ( 160 bits) :
0xe8747149d5276cdb992e1823810f246cb11626dd
Generator g ( 765 bits) :
0x1d1f76b7d98408345399d4330a333074f6ebb42042e67ee7abafc3ad3f58f2ef22b3b2e
08608b48bfc5ee732e1f54cc42ef2916ffb9fcc53f9bc36735918411bf5058a5fd1295c28
b085a9839197b23bd23db652dc14a240b772aef38f8f8ff5
Public key y ( 761 bits) :
0x18ee49d8d0f9ad1dd338cee2b993d59ab86a6ef661243f1458ce53e3b1eba7a9ca67890
30a2a1a08588d4b3cbaa19064dce04f5daaa7c747a5c3fe6e00d9f9ae284d2dd3a51e58ec
397d93b1b48b8e4dd2087ac893245d76fa0716037734b8a
Extensions =
Available = key usage, basic constraints(critical)
KeyUsage = DigitalSignature KeyCertSign
BasicConstraints =
PathLength = 0
cA = TRUE
[CRITICAL]
Finished successfully.
SEE ALSO
Commands: ipsec_certmake(8), ipsec_convert(8), ipsec_keypaircheck(8),
ipsec_keytool(8)ipsec_certview(8)