How do I view the details of a digital certificate .cer file?

Question

I am using Windows and have been given a .cer file. How can I view the details of it?

Almost [official help](https://support.ssl.com/Knowledgebase/Article/View/19/0/der-vs-crt-vs-cer-vs-pem-certificates-and-how-to-convert-them) might help you. — DawnSong, Jul 10 '20 at 06:54

score 333 · Accepted Answer · edited Sep 10 '20 at 09:44

333

OpenSSL will allow you to look at it if it is installed on your system, using the OpenSSL x509 tool.

openssl x509 -in cerfile.cer -noout -text

The format of the .CER file might require that you specify a different encoding format to be explicitly called out.

openssl x509 -inform pem -in cerfile.cer -noout -text

or

openssl x509 -inform der -in cerfile.cer -noout -text

On Windows systems you can right click the .cer file and select Open. That will then let you view most of the meta data.

On Windows you run Windows certificate manager program using certmgr.msc command in the run window. Then you can import your certificates and view details.

edited Sep 10 '20 at 09:44

Ben Butterworth

502
5
12

answered Dec 23 '10 at 09:38

Helvick

19,579
4
37
55

18

I get "4726:error:0906D06C:PEM routines:PEM_read_bio:no start line:pem_lib.c:632:Expecting: TRUSTED CERTIFICATE" when I do this in Linux – yazz.com Dec 23 '10 at 09:51
What you mentioned about Windows works though, but is very hard to read the certificate details in the little window that is displayed – yazz.com Dec 23 '10 at 09:54
1

I've added some clarifications on some OpenSSL options to specify different encoding formats - given your error specifying DER format looks like it would work. – Helvick Dec 23 '10 at 10:31
2

Thanks, "openssl x509 -inform der -in cerfile.cer -noout -text" worked! – yazz.com Dec 23 '10 at 12:25
2

Linux gui version: gcr-viewer. – user3622355 Aug 14 '14 at 04:11
11

when getting `:0906D06C:PEM routines:PEM_read_bio`" error, u will need to use the 3rd command given, with `-inform der` – May 18 '15 at 10:39
A gentle advice, latest solution first, then solutions for older Systems, please. I don't want to try the failed solution any more. Thank you. – DawnSong Aug 20 '19 at 08:52
`-inform DER` is the option I was missing. Thanks! – Heath Borders Aug 11 '21 at 17:17

score 39 · Answer 2 · edited Sep 04 '15 at 15:03

39

If you're using Windows, you can use console util

certutil -dump <file>

edited Sep 04 '15 at 15:03

Community

1

answered Jun 10 '15 at 07:53

lunicon

499
4
3

1

Where is that "certutil" from? The one from nss-utils on my systems doesn't have a "-dump" option. – freiheit Jun 10 '15 at 16:57
7

It's system util. I have Windows 7. https://technet.microsoft.com/en-US/en-en/library/cc732443(v=ws.10).aspx – lunicon Jun 10 '15 at 18:53

score 10 · Answer 3 · answered Dec 14 '17 at 22:35

10

All answers here fail for MacOS. The only thing that works in Sierra and High Sierra is:

openssl x509 -inform der -in cerfile.cer -noout -text

answered Dec 14 '17 at 22:35

Duck

275
2
11

16

Helvick's answer (last updated in 2014) contains this exact line. – mwfearnley May 18 '18 at 16:18
@mwfearnley You are right. However, he put the outdated solution first, the effective solution at last. – DawnSong Aug 20 '19 at 08:54
4

Surely the necessary solution depends on the format of the certificate file, rather than the system it's used on? – mwfearnley Aug 20 '19 at 09:44
2

I am on Mac OS Mojave. "$ openssl x509 -in host.crt.pem -noout -text" works fine without "inform der". – user674669 Oct 28 '19 at 22:16
@user674669 The pem format is base64, which can be viewed with any text editor. – DawnSong Jul 10 '20 at 07:00
This worked for me on Ubuntu xenial and OpenSSL 1.1.0h. The other answers did not – code_monk Oct 05 '20 at 22:27

Krzysztof Gapski · Answer 4 · 2018-09-28T13:02:24.920

You can import and preview it by Powershell:

Get-ChildItem –Path c:\file.cer | Import-Certificate –CertStoreLocation cert:\LocalMachine\My

then view it in Windows certmgr.msc or load directly to Powershell

SET-LOCATION CERT:\LOCALMACHINE\my
GET-CHILDITEM –RECURSE | FORMAT-LIST –PROPERTY *

or by Thumbprint

$cert = (Get-ChildItem –Path cert:\LocalMachine\My\AE53B1272E43C14545A448FB892F7C07A217A761)

Don't forget to IMPORT-MODULE PKI

Or you can also view, export, import, and delete certificates by using Internet Explorer.

To view certificates with Internet Explorer

In Internet Explorer, click Tools, then click Internet Options to display the Internet Options dialog box.
Click the Content tab.
Under Certificates, click Certificates. To view details of any certificate, select the certificate and click View.

`Import-Certificate` is not available for me (Win 7/PS 5) – jpaugh Oct 28 '19 at 22:31 — jpaugh, Oct 28 '19 at 22:31

score 3 · Answer 5 · answered Apr 18 '20 at 23:29

I know this is an old question, but I saw no one provided a workable solution for windows 7 using only powershell. That didn't require the extra hassle of importing it into the certificate store,other tom foolery like using IE or certutil. I happened to have the same issue today, and this is the solution I came up with:

$cert = New-Object System.Security.Cryptography.X509Certificates.X509Certificate

$cert.Import("D:\mycert.cer")

$cert.GetEffectiveDateString() $cert.GetSerialNumber() $cert | get-member etc..

One thing the x509CErtificate class does not contain is the ability to read CRLs. In order to do that you have to use something like Mono since it has a class that will read them

score 1 · Answer 6 · answered Jun 04 '20 at 22:06

I found openssl quite limiting (cannot parse content of chain/bundle, output is quite noisy for my needs, ...), I have created certinfo project on github, which can parse chain/bundle, accepts multiple files as argument and can get cert info from host as well if the argument is in the form of host:port.

How do I view the details of a digital certificate .cer file?

6 Answers6

Linked