X.509
Jump to navigation
Jump to search
↑ https://prefetch.net/blog/2019/12/10/converting-x509-certificates-to-json-objects/
wikipedia:X.509 standard format for Public key certificate used in TLS.
Tools: openssl
, keytool
, certinfo
(Cloudflare) https://github.com/cloudflare/cfssl/blob/master/certinfo/certinfo.go[1]
Examples[edit]
openssl x509 -inform pem -noout -text
openssl x509 -noout -text -in /path/to/your/cert.pem
openssl x509 -noout -dates
keytool -printcert -file certificate.pem
openssl s_client -showcerts -connect YOUR_DOMAIN.COM:443 </dev/null 2>/dev/null | openssl x509 -outform PEM > MY_CERTFILE.pem
Errors[edit]
Error response from daemon: Get https://URL/: x509: certificate signed by unknown authority
Security[edit]
- ASN.1 and x509 parsers in the kernel have historically been quite problematic (CVE-2008-1673, CVE-2016-2053),
Activities[edit]
- Read GitLab: S/MIME X509 verification of commits https://gitlab.com/gitlab-org/gitlab/issues/29782
- How to check certification expiration date from command line:
openssl x509 -dates
- Create new x509 certificate:
openssl req -x509 -newkey
Related terms[edit]
- Vault
- Kubernetes cert-manager
E1207 14:22:57.502748 1 scraper.go:140] "Failed to scrape node" err="Get \"https://172.30.2.2:10250/metrics/resource\": x509: cannot validate certificate for 172.30.2.2 because it doesn't contain any IP SANs" node="node01"
- Subject Alternative Name (SAN)
/etc/ssl/certs/
- SSL certificate problem: unable to get local issuer certificate
See also[edit]
openssl x509
[-inform | -text | -dates | -subject
|--help
]- X.509, ASN.1,
openssl x509
,.pem, der
, PFX, PKCS, SAN,openssl x509, CSR
- Certificate, CSR (PKCS10),
/etc/letsencrypt/csr/
,openssl req
, X.509, [.pem
,.cer
,.csr
], Kubernetes CertificateSigningRequest
Advertising: