diff options
author | Paul Yang <yang.yang@baishancloud.com> | 2017-07-27 15:33:14 +0800 |
---|---|---|
committer | Andy Polyakov <appro@openssl.org> | 2017-08-01 10:24:51 +0200 |
commit | c290853878ed2a6988521c01a8f675ed959ab5cc (patch) | |
tree | c47152f260029aa02a8bf5f8fa02cd3be9edcc1a /doc | |
parent | a970b14f8d6f867a894824c60ae5c3e6cca5a89f (diff) |
Add '-ext' option to display extensions in 'x509'
This is to address issue #3932. Support comma-separated string
to specify what extensions to be displayed.
Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Andy Polyakov <appro@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4016)
Remove redundant variable
[to be squashed]
Diffstat (limited to 'doc')
-rw-r--r-- | doc/man1/x509.pod | 15 |
1 files changed, 15 insertions, 0 deletions
diff --git a/doc/man1/x509.pod b/doc/man1/x509.pod index 68fbf81f67..0b7956048c 100644 --- a/doc/man1/x509.pod +++ b/doc/man1/x509.pod @@ -53,6 +53,7 @@ B<openssl> B<x509> [B<-CAserial filename>] [B<-force_pubkey key>] [B<-text>] +[B<-ext extensions>] [B<-certopt option>] [B<-C>] [B<-[digest]>] @@ -157,6 +158,12 @@ Prints out the certificate in text form. Full details are output including the public key, signature algorithms, issuer and subject names, serial number any extensions present and any trust settings. +=item B<-ext extensions> + +Prints out the certificate extensions in text form. Extensions are specified +with a comma separated string, e.g., "subjectAltName,subjectKeyIdentifier". +See the L<x509v3_config(5)> manual page for the extension names. + =item B<-certopt option> Customise the output format used with B<-text>. The B<option> argument @@ -692,6 +699,14 @@ Display the contents of a certificate: openssl x509 -in cert.pem -noout -text +Display the "Subject Alternative Name" extension of a certificate: + + openssl x509 -in cert.pem -noout -ext subjectAltName + +Display the more extensions of a certificate: + + openssl x509 -in cert.pem -noout -ext subjectAltName,nsCertType + Display the certificate serial number: openssl x509 -in cert.pem -noout -serial |