Certificate Decoder

Decodeur de certificats X.509 (PEM/Base64).

Certificat PEM :

Decoder

Sujet

Common Name (CN)	-
Organisation (O)	-
Unite (OU)	-
Localite (L)	-
Pays (C)	-

Emetteur

Common Name	-
Organisation	-

Validite

Debut	-
Fin	-
Statut	-

Details techniques

Serial Number	-
Signature Algorithm	-
Public Key	-
Version	-

Subject Alternative Names (SAN)

-

Fingerprints

SHA-256	-
SHA-1	-

Commandes OpenSSL

Decoder un certificat

# Afficher les informations
openssl x509 -in cert.pem -text -noout

# Afficher le sujet
openssl x509 -in cert.pem -subject -noout

# Afficher l'emetteur
openssl x509 -in cert.pem -issuer -noout

# Afficher les dates
openssl x509 -in cert.pem -dates -noout

# Afficher le fingerprint SHA-256
openssl x509 -in cert.pem -fingerprint -sha256 -noout

Verifier un certificat

# Verifier la chaine
openssl verify -CAfile ca.pem cert.pem

# Verifier la correspondance cle/cert
openssl x509 -noout -modulus -in cert.pem | openssl md5
openssl rsa -noout -modulus -in key.pem | openssl md5

# Verifier l'expiration
openssl x509 -checkend 86400 -noout -in cert.pem

Extraire depuis un serveur

# Telecharger le certificat
echo | openssl s_client -connect example.com:443 -servername example.com 2>/dev/null | openssl x509 -text

# Afficher la chaine complete
openssl s_client -connect example.com:443 -showcerts

Types de certificats

Type	Description
DV	Domain Validated - Verification domaine uniquement
OV	Organization Validated - Verification organisation
EV	Extended Validation - Verification etendue
Wildcard	Valide pour *.domaine.com
SAN/UCC	Multi-domaines (Subject Alternative Names)