@@ -14,7 +14,7 @@ go get github.com/nxadm/certmin
1414## Help page
1515```
1616$ ./certmin
17- certmin, 0.4.2 . A minimalist certificate utility.
17+ certmin, 0.4.3 . A minimalist certificate utility.
1818See https://github.com/nxadm/certmin for more information.
1919
2020Usage:
@@ -69,93 +69,103 @@ $ ./certmin skim t/chain.crt
6969
7070certificate location t/chain.crt:
7171
72- Subject: CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB
73- Issuer: CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB
74- Serial number: 1
75- Version: 3
76- Public key algorithm: RSA
77- Signature algorithm: SHA1-RSA
78- CRL locations: http://crl.comodoca.com/AAACertificateServices.crl, http://crl.comodo.net/AAACertificateServices.crl
79- Not before: 2004-01-01 00:00:00 +0000 UTC
80- Not after: 2028-12-31 23:59:59 +0000 UTC
81-
82- Subject: CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US
83- Issuer: CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB
84- Serial number: 76359301477803385872276235234032301461
85- Version: 3
86- Is CA: true
87- Public key algorithm: RSA
88- Signature algorithm: SHA384-RSA
89- OCSP servers: http://ocsp.comodoca.com
90- CRL locations: http://crl.comodoca.com/AAACertificateServices.crl
91- Not before: 2019-03-12 00:00:00 +0000 UTC
92- Not after: 2028-12-31 23:59:59 +0000 UTC
93-
94- Subject: CN=GEANT OV RSA CA 4,O=GEANT Vereniging,C=NL
95- Issuer: CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US
96- Serial number: 290123421899608141648701916708796095456
97- Version: 3
98- Is CA: true
99- Public key algorithm: RSA
100- Signature algorithm: SHA384-RSA
101- OCSP servers: http://ocsp.usertrust.com
102- CRL locations: http://crl.usertrust.com/USERTrustRSACertificationAuthority.crl
103- Not before: 2020-02-18 00:00:00 +0000 UTC
104- Not after: 2033-05-01 23:59:59 +0000 UTC
105-
72+ Subject: CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB
73+ Issuer: CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB
74+ Serial number: 1
75+ Version: 3
76+ Is CA: true
77+ Public key algorithm: RSA
78+ Signature algorithm: SHA1-RSA
79+ CRL locations: http://crl.comodoca.com/AAACertificateServices.crl, http://crl.comodo.net/AAACertificateServices.crl
80+ Not before: 2004-01-01 00:00:00 +0000 UTC
81+ Not after: 2028-12-31 23:59:59 +0000 UTC
82+
83+ Subject: CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US
84+ Issuer: CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB
85+ Serial number: 76359301477803385872276235234032301461
86+ Version: 3
87+ Is CA: true
88+ Public key algorithm: RSA
89+ Signature algorithm: SHA384-RSA
90+ OCSP servers: http://ocsp.comodoca.com
91+ CRL locations: http://crl.comodoca.com/AAACertificateServices.crl
92+ Not before: 2019-03-12 00:00:00 +0000 UTC
93+ Not after: 2028-12-31 23:59:59 +0000 UTC
94+
95+ Subject: CN=GEANT OV RSA CA 4,O=GEANT Vereniging,C=NL
96+ Issuer: CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US
97+ Issuer Certificate URLs: http://crt.usertrust.com/USERTrustRSAAddTrustCA.crt
98+ Serial number: 290123421899608141648701916708796095456
99+ Version: 3
100+ Is CA: true
101+ MaxPathLen is 0: true
102+ Public key algorithm: RSA
103+ Signature algorithm: SHA384-RSA
104+ OCSP servers: http://ocsp.usertrust.com
105+ CRL locations: http://crl.usertrust.com/USERTrustRSACertificationAuthority.crl
106+ Not before: 2020-02-18 00:00:00 +0000 UTC
107+ Not after: 2033-05-01 23:59:59 +0000 UTC
106108---
109+
107110```
108111
109112### Skim remote certificate information
110113
111114```
112115$ ./certmin skim github.com --remote-chain
113- Certificate location github.com:
114- Subject: CN=github.com,O=GitHub\, Inc.,L=San Francisco,ST=California,C=US
115- Issuer: CN=DigiCert SHA2 High Assurance Server CA,OU=www.digicert.com,O=DigiCert Inc,C=US
116- DNS names: github.com, www.github.com
117- Serial number: 7101927171473588541993819712332065657
118- Version: 3
119- Public key algorithm: RSA
120- Signature algorithm: SHA256-RSA
121- OCSP servers: http://ocsp.digicert.com
122- CRL locations: http://crl3.digicert.com/sha2-ha-server-g6.crl, http://crl4.digicert.com/sha2-ha-server-g6.crl
123- Not before: 2020-05-05 00:00:00 +0000 UTC
124- Not after: 2022-05-10 12:00:00 +0000 UTC
125-
126- Subject: CN=DigiCert SHA2 High Assurance Server CA,OU=www.digicert.com,O=DigiCert Inc,C=US
127- Issuer: CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US
128- Serial number: 6489877074546166222510380951761917343
129- Version: 3
130- Is CA: true
131- Public key algorithm: RSA
132- Signature algorithm: SHA256-RSA
133- OCSP servers: http://ocsp.digicert.com
134- CRL locations: http://crl4.digicert.com/DigiCertHighAssuranceEVRootCA.crl
135- Not before: 2013-10-22 12:00:00 +0000 UTC
136- Not after: 2028-10-22 12:00:00 +0000 UTC
137116
117+ certificate location github.com:
118+
119+ Subject: CN=github.com,O=GitHub\, Inc.,L=San Francisco,ST=California,C=US
120+ Issuer: CN=DigiCert SHA2 High Assurance Server CA,OU=www.digicert.com,O=DigiCert Inc,C=US
121+ Issuer Certificate URLs: http://cacerts.digicert.com/DigiCertSHA2HighAssuranceServerCA.crt
122+ DNS names: github.com, www.github.com
123+ Serial number: 7101927171473588541993819712332065657
124+ Version: 3
125+ Public key algorithm: RSA
126+ Signature algorithm: SHA256-RSA
127+ OCSP servers: http://ocsp.digicert.com
128+ CRL locations: http://crl3.digicert.com/sha2-ha-server-g6.crl, http://crl4.digicert.com/sha2-ha-server-g6.crl
129+ Not before: 2020-05-05 00:00:00 +0000 UTC
130+ Not after: 2022-05-10 12:00:00 +0000 UTC
131+
132+ Subject: CN=DigiCert SHA2 High Assurance Server CA,OU=www.digicert.com,O=DigiCert Inc,C=US
133+ Issuer: CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US
134+ Serial number: 6489877074546166222510380951761917343
135+ Version: 3
136+ Is CA: true
137+ MaxPathLen is 0: true
138+ Public key algorithm: RSA
139+ Signature algorithm: SHA256-RSA
140+ OCSP servers: http://ocsp.digicert.com
141+ CRL locations: http://crl4.digicert.com/DigiCertHighAssuranceEVRootCA.crl
142+ Not before: 2013-10-22 12:00:00 +0000 UTC
143+ Not after: 2028-10-22 12:00:00 +0000 UTC
138144---
145+
139146```
140147
141148### Skim remote certificate information using a URI scheme
142149
143150```
144151$ ./certmin skim smtps://smtp.gmail.com
145- Certificate location smtps://smtp.gmail.com:
146- Subject: CN=smtp.gmail.com,O=Google LLC,L=Mountain View,ST=California,C=US
147- Issuer: CN=GTS CA 1O1,O=Google Trust Services,C=US
148- DNS names: smtp.gmail.com
149- Serial number: 257235496908235390426179598999401729070
150- Version: 3
151- Public key algorithm: ECDSA
152- Signature algorithm: SHA256-RSA
153- OCSP servers: http://ocsp.pki.goog/gts1o1core
154- CRL locations: http://crl.pki.goog/GTS1O1core.crl
155- Not before: 2020-12-15 14:48:07 +0000 UTC
156- Not after: 2021-03-09 14:48:06 +0000 UTC
157152
153+ certificate location smtps://smtp.gmail.com:
154+
155+ Subject: CN=smtp.gmail.com,O=Google LLC,L=Mountain View,ST=California,C=US
156+ Issuer: CN=GTS CA 1O1,O=Google Trust Services,C=US
157+ Issuer Certificate URLs: http://pki.goog/gsr2/GTS1O1.crt
158+ DNS names: smtp.gmail.com
159+ Serial number: 257235496908235390426179598999401729070
160+ Version: 3
161+ Public key algorithm: ECDSA
162+ Signature algorithm: SHA256-RSA
163+ OCSP servers: http://ocsp.pki.goog/gts1o1core
164+ CRL locations: http://crl.pki.goog/GTS1O1core.crl
165+ Not before: 2020-12-15 14:48:07 +0000 UTC
166+ Not after: 2021-03-09 14:48:06 +0000 UTC
158167---
168+
159169```
160170
161171### Verify that a certificate and a key match
0 commit comments