- Tired of guess all the cmd switches for [openssl|certutil|...] to decode certificates ?
- 100% pure go, minimal imports, use as app or api (see api.go), compatible with tlsinfo, dnsinfo
go install paepcke.de/certinfo/cmd/certinfo@latest
github.com/paepckehh/certinfo/releases
certinfo cert.pem
X509 Cert Subject : [CN=ISRG Root X1,O=Internet Security Research Group,C=US]
X509 Cert Status : [VALID] [for the next 4554 days]
X509 Cert Signature Algo : [VALID] [SHA256-RSA]
X509 Cert Public Key : [VALID] [RSA] [4096] [e:65537]
X509 Cert KeyPin [base64] : [C5+lpZ7tcVwmwQIMcRtPbsQtWLABXhQzejna0wHFr8M=]
X509 Cert Key Usage : [CRITICAL] [Certificate Signing] [CRL Signing]
X509 CA Authority : [YES]
X509 CA SelfSigned : [VALID] [RootCA]
X509 CA Allows SubCAs : [YES] [ALERT] [PathLen:NotDefined]
X509 Issuer Signature By : [CN=ISRG Root X1,O=Internet Security Research Group,C=US]
X509 Issuer Signature State : [VALID] [trusted via system trust store]
VERBOSE=true certinfo certs.txt
[...]
NO_COLOR=true certinfo certs.txt | grep ...
[...]
PINONLY=true certinfo certs.txt
[...]
cat /etc/ssl/* | certinfo
[...]
PEMONLY=true cat /etc/ssl/* | certinfo > truststore.pem
[..]
HTML=true certinfo certs.txt
[...]
[] optional SCT log verification (online/leaky)
pkg.go.dev/paepcke.de/certinfo
Yes, Please! PRs Welcome!