@@ -13,7 +13,7 @@ go get github.com/nxadm/certmin
1313## Help page
1414```
1515$ ./certmin
16- certmin, 0.4.1 . A minimalist certificate utility.
16+ certmin, 0.4.2 . A minimalist certificate utility.
1717See https://github.com/nxadm/certmin for more information.
1818
1919Usage:
@@ -68,34 +68,39 @@ $ ./certmin skim t/chain.crt
6868
6969certificate location t/chain.crt:
7070
71- Subject: CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB
72- Issuer: CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB
73- Serial number: 1
74- Public key algorithm: RSA
75- Signature algorithm: SHA1-RSA
76- CRL locations: http://crl.comodoca.com/AAACertificateServices.crl, http://crl.comodo.net/AAACertificateServices.crl
77- Not before: 2004-01-01 00:00:00 +0000 UTC
78- Not after: 2028-12-31 23:59:59 +0000 UTC
79-
80- Subject: CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US
81- Issuer: CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB
82- Serial number: 76359301477803385872276235234032301461
83- Public key algorithm: RSA
84- Signature algorithm: SHA384-RSA
85- OCSP servers: http://ocsp.comodoca.com
86- CRL locations: http://crl.comodoca.com/AAACertificateServices.crl
87- Not before: 2019-03-12 00:00:00 +0000 UTC
88- Not after: 2028-12-31 23:59:59 +0000 UTC
89-
90- Subject: CN=GEANT OV RSA CA 4,O=GEANT Vereniging,C=NL
91- Issuer: CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US
92- Serial number: 290123421899608141648701916708796095456
93- Public key algorithm: RSA
94- Signature algorithm: SHA384-RSA
95- OCSP servers: http://ocsp.usertrust.com
96- CRL locations: http://crl.usertrust.com/USERTrustRSACertificationAuthority.crl
97- Not before: 2020-02-18 00:00:00 +0000 UTC
98- Not after: 2033-05-01 23:59:59 +0000 UTC
71+ Subject: CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB
72+ Issuer: CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB
73+ Serial number: 1
74+ Version: 3
75+ Public key algorithm: RSA
76+ Signature algorithm: SHA1-RSA
77+ CRL locations: http://crl.comodoca.com/AAACertificateServices.crl, http://crl.comodo.net/AAACertificateServices.crl
78+ Not before: 2004-01-01 00:00:00 +0000 UTC
79+ Not after: 2028-12-31 23:59:59 +0000 UTC
80+
81+ Subject: CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US
82+ Issuer: CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB
83+ Serial number: 76359301477803385872276235234032301461
84+ Version: 3
85+ Is CA: true
86+ Public key algorithm: RSA
87+ Signature algorithm: SHA384-RSA
88+ OCSP servers: http://ocsp.comodoca.com
89+ CRL locations: http://crl.comodoca.com/AAACertificateServices.crl
90+ Not before: 2019-03-12 00:00:00 +0000 UTC
91+ Not after: 2028-12-31 23:59:59 +0000 UTC
92+
93+ Subject: CN=GEANT OV RSA CA 4,O=GEANT Vereniging,C=NL
94+ Issuer: CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US
95+ Serial number: 290123421899608141648701916708796095456
96+ Version: 3
97+ Is CA: true
98+ Public key algorithm: RSA
99+ Signature algorithm: SHA384-RSA
100+ OCSP servers: http://ocsp.usertrust.com
101+ CRL locations: http://crl.usertrust.com/USERTrustRSACertificationAuthority.crl
102+ Not before: 2020-02-18 00:00:00 +0000 UTC
103+ Not after: 2033-05-01 23:59:59 +0000 UTC
99104
100105---
101106```
@@ -105,28 +110,29 @@ Not after: 2033-05-01 23:59:59 +0000 UTC
105110```
106111$ ./certmin skim github.com --remote-chain
107112Certificate location github.com:
108- Subject: CN=github.com,O=GitHub\, Inc.,L=San Francisco,ST=California,C=US
109- Issuer: CN=DigiCert SHA2 High Assurance Server CA,OU=www.digicert.com,O=DigiCert Inc,C=US
110- DNS names: github.com, www.github.com
111- Is CA: false
112- Serial number: 7101927171473588541993819712332065657
113- Public key algorithm: RSA
114- Signature algorithm: SHA256-RSA
115- OCSP servers: http://ocsp.digicert.com
116- CRL locations: http://crl3.digicert.com/sha2-ha-server-g6.crl, http://crl4.digicert.com/sha2-ha-server-g6.crl
117- Not before: 2020-05-05 00:00:00 +0000 UTC
118- Not after: 2022-05-10 12:00:00 +0000 UTC
119-
120- Subject: CN=DigiCert SHA2 High Assurance Server CA,OU=www.digicert.com,O=DigiCert Inc,C=US
121- Issuer: CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US
122- Is CA: true
123- Serial number: 6489877074546166222510380951761917343
124- Public key algorithm: RSA
125- Signature algorithm: SHA256-RSA
126- OCSP servers: http://ocsp.digicert.com
127- CRL locations: http://crl4.digicert.com/DigiCertHighAssuranceEVRootCA.crl
128- Not before: 2013-10-22 12:00:00 +0000 UTC
129- Not after: 2028-10-22 12:00:00 +0000 UTC
113+ Subject: CN=github.com,O=GitHub\, Inc.,L=San Francisco,ST=California,C=US
114+ Issuer: CN=DigiCert SHA2 High Assurance Server CA,OU=www.digicert.com,O=DigiCert Inc,C=US
115+ DNS names: github.com, www.github.com
116+ Serial number: 7101927171473588541993819712332065657
117+ Version: 3
118+ Public key algorithm: RSA
119+ Signature algorithm: SHA256-RSA
120+ OCSP servers: http://ocsp.digicert.com
121+ CRL locations: http://crl3.digicert.com/sha2-ha-server-g6.crl, http://crl4.digicert.com/sha2-ha-server-g6.crl
122+ Not before: 2020-05-05 00:00:00 +0000 UTC
123+ Not after: 2022-05-10 12:00:00 +0000 UTC
124+
125+ Subject: CN=DigiCert SHA2 High Assurance Server CA,OU=www.digicert.com,O=DigiCert Inc,C=US
126+ Issuer: CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US
127+ Serial number: 6489877074546166222510380951761917343
128+ Version: 3
129+ Is CA: true
130+ Public key algorithm: RSA
131+ Signature algorithm: SHA256-RSA
132+ OCSP servers: http://ocsp.digicert.com
133+ CRL locations: http://crl4.digicert.com/DigiCertHighAssuranceEVRootCA.crl
134+ Not before: 2013-10-22 12:00:00 +0000 UTC
135+ Not after: 2028-10-22 12:00:00 +0000 UTC
130136
131137---
132138```
@@ -136,16 +142,17 @@ Not after: 2028-10-22 12:00:00 +0000 UTC
136142```
137143$ ./certmin skim smtps://smtp.gmail.com
138144Certificate location smtps://smtp.gmail.com:
139- Subject: CN=smtp.gmail.com,O=Google LLC,L=Mountain View,ST=California,C=US
140- Issuer: CN=GTS CA 1O1,O=Google Trust Services,C=US
141- DNS names: smtp.gmail.com
142- Serial number: 257235496908235390426179598999401729070
143- Public key algorithm: ECDSA
144- Signature algorithm: SHA256-RSA
145- OCSP servers: http://ocsp.pki.goog/gts1o1core
146- CRL locations: http://crl.pki.goog/GTS1O1core.crl
147- Not before: 2020-12-15 14:48:07 +0000 UTC
148- Not after: 2021-03-09 14:48:06 +0000 UTC
145+ Subject: CN=smtp.gmail.com,O=Google LLC,L=Mountain View,ST=California,C=US
146+ Issuer: CN=GTS CA 1O1,O=Google Trust Services,C=US
147+ DNS names: smtp.gmail.com
148+ Serial number: 257235496908235390426179598999401729070
149+ Version: 3
150+ Public key algorithm: ECDSA
151+ Signature algorithm: SHA256-RSA
152+ OCSP servers: http://ocsp.pki.goog/gts1o1core
153+ CRL locations: http://crl.pki.goog/GTS1O1core.crl
154+ Not before: 2020-12-15 14:48:07 +0000 UTC
155+ Not after: 2021-03-09 14:48:06 +0000 UTC
149156
150157---
151158```
@@ -179,5 +186,4 @@ certificate CN=github.com,O=GitHub\, Inc.,L=San Francisco,ST=California,C=US and
179186$ ./certmin verify-chain github.com:443 --root ~/tmp/chain.crt
180187x509: certificate signed by unknown authority
181188certificate CN=github.com,O=GitHub\, Inc.,L=San Francisco,ST=California,C=US and its chain do not match
182-
183189```
0 commit comments