Open SSL

openssl command to view the “purpose” of a certificate

openssl x509 -in <certificate-file> -text -noout -purpose

Reference: https://www.sslshopper.com/article-most-common-openssl-commands.html

C:\X-Support\Certificates\Client>openssl x509 -in clientCert-nokey.cer -text -noout -purpose
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
             (Negative)3a:bc:d8:8b:3a:d8:23:6f:b8:4d:32:38:ac:40:f4:9d
    Signature Algorithm: sha1WithRSA
        Issuer: CN = ClientRootCA
        Validity
            Not Before: Sep  8 16:16:10 2021 GMT
            Not After : Dec 31 23:59:59 2039 GMT
        Subject: CN = tempClientcert
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                Public-Key: (2048 bit)
                Modulus:
                    00:a8:f1:cc:3e:89:87:ea:21:c6:20:12:a9:d8:a4:
                    b3:80:61:c5:4f:ce:95:a7:b6:0b:dd:d1:60:3e:b0:
                    74:07:c9:22:77:22:99:bc:4f:9c:a6:30:ed:b3:e6:
                    c5:87:77:97:59:82:99:19:21:ad:50:ca:38:56:d3:
                    db:a5:fa:90:f4:8a:60:83:63:96:d5:11:bc:96:7d:
                    69:ec:f8:cd:42:8d:fc:aa:aa:9f:d0:94:bd:85:72:
                    7a:93:fe:1c:fc:a1:10:53:3b:62:58:a9:07:99:47:
                    b8:82:81:ec:b7:97:c0:57:f7:04:2f:19:f7:0a:0a:
                    ba:72:ce:38:2f:81:c7:c0:84:7e:64:76:6c:4f:17:
                    5a:5f:ff:16:c1:37:59:77:3e:c2:54:43:14:dd:00:
                    1e:96:f1:f5:e7:b0:7c:9b:aa:26:ae:b7:4b:1a:06:
                    f9:db:97:53:af:02:8d:ad:5d:97:23:59:64:75:41:
                    d4:23:bf:a3:f7:d5:1f:62:e9:ea:62:5d:be:fd:68:
                    93:19:54:be:d6:27:37:8f:bb:54:3a:ce:13:20:3d:
                    17:4c:04:9a:80:fa:08:4d:4c:b6:c7:54:25:95:a3:
                    d0:4f:63:61:87:8c:48:e2:96:00:3b:34:12:86:0e:
                    b2:f9:50:23:1b:9b:12:0d:ac:51:1a:20:ce:7e:c1:
                    3b:bd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            2.5.29.1:
                0?....r.z#.k...g.=....0.1.0...U....ClientRootCA..........N.......
    Signature Algorithm: sha1WithRSA
         40:71:fb:cc:5e:61:5e:1a:29:04:39:d0:8f:6d:c3:7f:78:1a:
         26:a9:1a:25:8d:f1:cb:ad:0c:20:78:f0:a7:82:cd:54:61:3c:
         70:ba:92:5c:6f:e8:62:97:a6:90:60:45:5a:d7:96:42:42:4a:
         82:2d:c6:85:0e:5b:6c:b3:3b:43:19:f1:29:cf:ac:2b:9c:10:
         a4:7d:29:66:84:3f:36:9a:d3:2a:62:19:42:b8:88:4f:71:c3:
         4a:ee:b4:54:a4:46:97:72:cc:85:8f:9f:98:dd:1c:40:07:40:
         2e:08:fc:d3:e8:17:56:e6:16:37:86:fb:e7:cb:67:65:69:48:
         75:b5:ac:25:38:d4:26:db:5b:5d:62:5b:2e:f4:88:80:98:31:
         23:77:05:ea:bb:b0:b8:a0:8e:06:5f:02:5d:27:62:6b:9d:01:
         d9:38:02:30:24:f4:9f:76:31:51:07:a4:50:4d:f1:a3:7e:c6:
         da:8f:1e:b0:eb:29:5b:8e:b7:2e:f5:9c:e7:f9:2c:43:8d:f6:
         84:2c:42:bd:03:d5:ab:84:82:32:73:97:82:44:64:64:f1:2d:
         d7:4c:8d:99:fb:14:10:70:a3:da:6a:67:7a:d5:4d:04:44:28:
         92:f2:a8:f8:bf:91:05:a5:f4:df:52:7c:b9:0a:dc:f6:5e:48:
         39:61:f6:32
Certificate purposes:
SSL client : Yes
SSL client CA : No
SSL server : Yes
SSL server CA : No
Netscape SSL server : Yes
Netscape SSL server CA : No
S/MIME signing : Yes
S/MIME signing CA : No
S/MIME encryption : Yes
S/MIME encryption CA : No
CRL signing : Yes
CRL signing CA : No
Any Purpose : Yes
Any Purpose CA : Yes
OCSP helper : Yes
OCSP helper CA : No
Time Stamp signing : No
Time Stamp signing CA : No