openssl x509 -in cert.pem -noout -subject -nameopt RFC2253. Display the certificate subject name in oneline form on a terminal supporting UTF8: openssl x509 -in cert.pem -noout -subject -nameopt oneline,-esc_msb. Display the certificate SHA1 fingerprint: openssl x509 -sha1 -in cert.pem -noout -fingerprint. Convert a certificate from PEM to DER ...

Sep 12, 2014 · openssl x509 -text -noout -in domain.crt Verify a Certificate was Signed by a CA. Use this command to verify that a certificate (domain.crt) was signed by a specific CA certificate (ca.crt): openssl verify -verbose -CAFile ca.crt domain.crt Private Keys. This section covers OpenSSL commands that are specific to creating and verifying private keys. OpenSSL has many utilities/functions, this is just one of them. The -x509 means self-sign the certificate. This means the private key that matches the public key in the certificate will be used to sign it. The -out flag indicates the name of the certificate file. In this case certificateAuthorityCertificate.pem.