|
|
ipsec_certview(8)
Contents
|
ipsec_certview - Displays the contents of IPsec certificate
files
/usr/sbin/ipsec_certview [options] file [[options] file]
...
Specifies a file that contains an X.509 public key certificate
or certificate request. Specifies a file that
contains an X.509 certificate revocation list. Specifies
a file that contains a private key. Specifies a file
whose contents are in HEXL format. The default format is
binary (DER) encoding. Specifies a file whose contents
are in PEM format. The default format is binary (DER)
encoding. Prints X.500-style names in the order that
would be used when fetching the certificate from an LDAP
server. Displays large numbers (for example, key values)
in base 16 notation. Sets the output line width to n
characters. Displays a summary of the command options and
exit.
The ipsec_certview command displays the contents of files
containing public-key certificate information. This command
and other related certificate commands provided in
this IPsec implementation are intended for testing purposes
only. They are not intended to provide a complete
public-key certificate infrastructure.
Each input file is read, and a formatted display of the
certificate data is written to standard output. Information
displayed includes certificate subject name, issuer,
validity dates, key information, and extensions. The
type of certificate-related file is specified by the
-cert, -crl, and -prv options. If no file type is specified,
the utility will attempt to figure out the file type
from the file contents.
If both the file type and encoding format are omitted, the
utility assumes binary encoding and tries to guess the
file type. This might fail and produce spurious error
messages, particularly if the file is actually PEM
encoded.
The viewing of private key files associated with Digital
Signature Authority (DSA) certificates is not currently
supported.
The following displays a PEM-encoded certificate file: #
ipsec_certview -pem -base16 test-root.pem SSH X.509 v3
certificate and v2 crl viewer demo Copyright (c) 1998-2000
SSH Communications Security, Ltd. All rights reserved.
Reading file 'test-root.pem' for automatic. Trying to
decode the object...
assuming it is a certificate ... success.
Certificate =
SerialNumber = 0x84c
SubjectName =
IssuerName =
Certificate seems to be self-signed.
* Signature verification success.
Validity =
NotBefore = 2000 Jan 1st, 19:30:00 GMT
NotAfter = 2001 Jan 1st, 12:00:00 GMT
PublicKeyInfo =
Algorithm name (X.509) : dsaEncryption
SSH library default names
base type = dl-modp
signature algorithm = dsa-nist-sha1
Modulus p ( 768 bits) :
0x81a4c0494153974b5d8a6fcf24d7813b7ac6768b26a8b4d1cf53cc1067b5b57a0890644
edfaf2271b4afeca4d378f824624a001360846a16eba0fb1ade3b2f89273a5c9ca853b272
34e1db63ff4cc73a005855d897e46ecd4d8eb461f15125e5
Group order q ( 160 bits) :
0xe8747149d5276cdb992e1823810f246cb11626dd
Generator g ( 765 bits) :
0x1d1f76b7d98408345399d4330a333074f6ebb42042e67ee7abafc3ad3f58f2ef22b3b2e
08608b48bfc5ee732e1f54cc42ef2916ffb9fcc53f9bc36735918411bf5058a5fd1295c28
b085a9839197b23bd23db652dc14a240b772aef38f8f8ff5
Public key y ( 761 bits) :
0x18ee49d8d0f9ad1dd338cee2b993d59ab86a6ef661243f1458ce53e3b1eba7a9ca67890
30a2a1a08588d4b3cbaa19064dce04f5daaa7c747a5c3fe6e00d9f9ae284d2dd3a51e58ec
397d93b1b48b8e4dd2087ac893245d76fa0716037734b8a
Extensions =
Available = key usage, basic constraints(critical)
KeyUsage = DigitalSignature KeyCertSign
BasicConstraints =
PathLength = 0
cA = TRUE
[CRITICAL]
Finished successfully.
Commands: ipsec_certmake(8), ipsec_convert(8), ipsec_keypaircheck(8), ipsec_keytool(8)
ipsec_certview(8)
[ Back ] | 