问题
I want to read the Key usage field in a certificate .is there an API is available in openssl ?
回答1:
You can try using the following command in openssl.
openssl x509 -in <certificate to check> -purpose -noout -text
This would print out the list of certificate purpose and the certificate itself.
回答2:
The previous solutions you need to find inside the result file/output the string "Key Usage". I got the following solution which brings exactly the String inside the Key Usage X509 certificate.
openssl s_client -showcerts -connect SERVER_HERE:443 </dev/null 2>/dev/null|openssl x509 -text |grep v "$(grep -E -A1 "Key Usage")"
The above command get the certificate, parse to text and find the string "Key Usage" and present the next line on the result which represents the value for this particular field on X509.
//Cheers
回答3:
Here's a way to retrieve key usage of SSL certificate in python using pyOpenssl
Get key Usage using pyOpenssl
回答4:
7 years later...
Newer versions of openssl let you query certificate extensions using -ext flag.
Print key usage:
$> openssl x509 -noout -ext keyUsage < test.crt
X509v3 Key Usage: critical
Digital Signature, Key Encipherment
Print extended key usage:
$> openssl x509 -noout -ext extendedKeyUsage < test.crt
X509v3 Extended Key Usage:
TLS Web Server Authentication, TLS Web Client Authentication
Note that if you want to print multiple extensions at once, you need to separate than by comma instead of using -ext flag multiple times:
$> openssl x509 -noout \
-ext keyUsage,extendedKeyUsage < test.crt
来源:https://stackoverflow.com/questions/9991147/how-to-read-the-keyusage-of-a-x509-v3-certificate