The Wiert Corner – irregular stream of stuff

Jeroen W. Pluimers on .NET, C#, Delphi, databases, and personal interests

  • My badges

  • Twitter Updates

  • My Flickr Stream

  • Pages

  • All categories

  • Enter your email address to subscribe to this blog and receive notifications of new posts by email.

    Join 1,619 other followers

Archive for July 27th, 2015

security – How do I view the contents of a PFX file on Windows? – Super User

Posted by jpluimers on 2015/07/27

Dumping any kind of certificate file gives you access to more details than the Windows UI usually shows you.

This is especially handy when checking out errors or issues (which can be very difficult to track down).

For binary PFX files, the certutil and openssl commands come in very handy:

Some options to view PFX file details:Open a command prompt and type: certutil -dump Install OpenSSL and use the commands to view the details, such as: openssl pkcs12 -info -in unverified.

OpenSSL is a separate download (from my OpenSSL category of articles, see Some command-line tips for OpenSSL and file format pfx, p12, cer, crt, key, etc. conversion of certificates, keys) to get it.

CertUtil now ships with Windows by default (it wasn’t in the Windows XP era, I’m not sure about Windows Server 2003).

Here is the CertUtil help for dumping certificate information;

Dump certificate file information CertUtil [Options] [-dump] [File] Options: [-f] [-silent] [-split] [-p Password] [-t Timeout]

Note:

  • the [-v] option is not listed, but does work; it will give a more verbose dump.
  • [-dump] also works other certificate file extensions like .p7b files.

Here is the OpenSSL help for dumping pkcs12 information:

openssl pkcs12 [-export] [-chain] [-inkey filename] [-certfile filename] [-name name] [-caname name] [-in filename] [-out filename] [-noout] [-nomacver] [-nocerts] [-clcerts] [-cacerts] [-nokeys] [-info] [-des | -des3 | -idea | -aes128 | -aes192 | -aes256 | -camellia128 | -camellia192 | -camellia256 | -nodes] [-noiter] [-maciter | -nomaciter | -nomac] [-twopass] [-descert] [-certpbe cipher] [-keypbe cipher] [-macalg digest] [-keyex] [-keysig] [-password arg] [-passin arg] [-passout arg] [-rand files] [-CAfile file] [-CApath dir] [-CSP name]

DESCRIPTION

The pkcs12 command allows PKCS#12 files sometimes referred to as PFX files to be created and parsed. PKCS#12 files are used by several programs including Netscape, MSIE and MS Outlook.

COMMAND OPTIONS

There are a lot of options the meaning of some depends of whether a PKCS#12 file is being created or parsed. By default a PKCS#12 file is parsed. A PKCS#12 file can be created by using the -export option see below.

PARSING OPTIONS

-in filenameThis specifies filename of the PKCS#12 file to be parsed. Standard input is used by default.

-infooutput additional information about the PKCS#12 file structure, algorithms used and iteration counts.

and the OpenSSL help for dumping pkcs7 information:

openssl pkcs7 [-inform PEM|DER] [-outform PEM|DER] [-in filename] [-out filename] [-print_certs] [-text] [-noout] [-engine id]

DESCRIPTION

The pkcs7 command processes PKCS#7 files in DER or PEM format.

COMMAND OPTIONS

-inform DER|PEM; This specifies the input format. DER format is DER encoded PKCS#7 v1.5 structure.PEM the default is a base64 encoded version of the DER form with header and footer lines.

-print_certs; prints out any certificates or CRLs contained in the file. They are preceded by their subject and issuer names in one line format.

-text; prints out certificates details in full rather than just subject and issuer names.

Notes:

  • do not forget the -inform DER option to specify a binary .p7b file.
  • the -text option gives you more verbose information

via OpenSSL: Documents, pkcs71.

–jeroen

via:

Posted in OpenSSL, PKI, Power User, Security | Leave a Comment »

 
%d bloggers like this: