ipsec_certview(8)ipsec_certview(8)NAMEipsec_certview - Displays the contents of IPsec certificate files
/usr/sbin/ipsec_certview [options] file [[options] file] ...
Specifies a file that contains an X.509 public key certificate or cer‐
tificate request. Specifies a file that contains an X.509 certificate
revocation list. Specifies a file that contains a private key. Speci‐
fies a file whose contents are in HEXL format. The default format is
binary (DER) encoding. Specifies a file whose contents are in PEM for‐
mat. The default format is binary (DER) encoding. Prints X.500-style
names in the order that would be used when fetching the certificate
from an LDAP server. Displays large numbers (for example, key values)
in base 16 notation. Sets the output line width to n characters. Dis‐
plays a summary of the command options and exit.
The ipsec_certview command displays the contents of files containing
public-key certificate information. This command and other related
certificate commands provided in this IPsec implementation are intended
for testing purposes only. They are not intended to provide a complete
public-key certificate infrastructure.
Each input file is read, and a formatted display of the certificate
data is written to standard output. Information displayed includes
certificate subject name, issuer, validity dates, key information, and
extensions. The type of certificate-related file is specified by the
-cert, -crl, and -prv options. If no file type is specified, the util‐
ity will attempt to figure out the file type from the file contents.
If both the file type and encoding format are omitted, the utility
assumes binary encoding and tries to guess the file type. This might
fail and produce spurious error messages, particularly if the file is
actually PEM encoded.
The viewing of private key files associated with Digital Signature
Authority (DSA) certificates is not currently supported.
The following displays a PEM-encoded certificate file: # ipsec_certview-pem -base16 test-root.pem SSH X.509 v3 certificate and v2 crl viewer
demo Copyright (c) 1998-2000 SSH Communications Security, Ltd. All
rights reserved. Reading file 'test-root.pem' for automatic. Trying
to decode the object...
assuming it is a certificate ... success.
SerialNumber = 0x84c
Certificate seems to be self-signed.
* Signature verification success.
NotBefore = 2000 Jan 1st, 19:30:00 GMT
NotAfter = 2001 Jan 1st, 12:00:00 GMT
Algorithm name (X.509) : dsaEncryption
SSH library default names
base type = dl-modp
signature algorithm = dsa-nist-sha1
Modulus p ( 768 bits) :
Group order q ( 160 bits) :
Generator g ( 765 bits) :
Public key y ( 761 bits) :
Available = key usage, basic constraints(critical)
KeyUsage = DigitalSignature KeyCertSign
PathLength = 0
cA = TRUE
Commands: ipsec_certmake(8), ipsec_convert(8), ipsec_keypaircheck(8),