Skip to content

Instantly share code, notes, and snippets.

@bblfish

bblfish/keygen generated certificate

Created September 4, 2015 17:07
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save bblfish/c8398467f3297f6e80ee to your computer and use it in GitHub Desktop.
Save bblfish/c8398467f3297f6e80ee to your computer and use it in GitHub Desktop.
Download ZIP
Raw
keygen generated certificate
$ openssl pkcs12 -clcerts -nokeys -in ~/Certificates.p12 | openssl x509
Enter Import Password:
MAC verified OK
-----BEGIN CERTIFICATE-----
MIIDITCCAgmgAwIBAgIGAUwZZ+oFMA0GCSqGSIb3DQEBBQUAMB0xDjAMBgNVBAMM
BVdlYklEMQswCQYDVQQKDAJ7fTAeFw0xNTAzMTQxNzM5NDJaFw0xOTAzMTMxNzQ5
NDJaMBwxGjAYBgNVBC4TEWhlbnJ5QGJibGZpc2gubmV0MIIBIDALBgkqhkiG9w0B
AQEDggEPADCCAQoCggEBANq50elB9vhaCGMWnQ22Mo0dShWnHf/j1PTQh1KlL7FF
TXNY5KXs81AeOSS8AlLzAEsLshoNa2TKBT8PvLWlTsk+vi3JuR5MQyuCeITEzCrY
oQK0bSogF79F2dTIilZNQgI0SEobLkRtu0zUOOecJGbOMQ8yd3OnedJO17YKBaYY
uYR1e5RtZ7p58uBk5q7Ti9ZVnOf8lQJyCCPVbbHANAmTZ9fbJ7a9r9qMxINHEz9K
FGdfZ1+0hM4y32bBGjY4+oTVvmmxpvI4EV3vmw95uyXAy35KOUWaCCmx/TXA0dvd
YPnGediUFe1+pB6wL7wBb8DnksuWmMn024Qs2tW19ckCAwEAAaNqMGgwNQYDVR0R
AQH/BCswKYYnaHR0cDovL2JibGZpc2gubmV0L3Blb3BsZS9oZW5yeS9jYXJkI21l
MA4GA1UdDwEB/wQEAwIC7DAMBgNVHRMBAf8EAjAAMBEGCWCGSAGG+EIBAQQEAwIF
oDANBgkqhkiG9w0BAQUFAAOCAQEAAyU4R3Y0utoLQOp1Y5hrsAu2EYXHscSRzFyZ
pbUBJG8fjAM5gAPnUFmfsEhu5xa4t5JvMc3MumBACJ48OF0ZlP0svm2EV9Tqf1Sn
aXOqN6S4gSEMZdzx9qNA0RjPBKTWi5ofQ8JnSg6NALfoSeO31fkAD5gysgleysBE
N9zfO1fgwlqKeQ1VekpzSiRkJ+UWeNTJNV74Z5zpQb3GJWsb1wPBr2TQ4wrqWKS8
OqSPUY0zWO26rz23dSgyM3ZlgFau7EPbnn5LdPWIB58t6HTxidGvUjQHUvNUL2D9
3pb2AGcujxAj5q+Vv6Y8YQ2MJEfPUkUPlu7KOmmCaTsghwZcWA==
-----END CERTIFICATE-----
@bblfish
Copy link
Author

bblfish commented Sep 4, 2015

seen from the OSX keychain viewere

Note at the bottom is an MD5 Fingerprint. Is that actually in the certificate?

@bblfish
Copy link
Author

bblfish commented Sep 4, 2015

with OpenSSL one does not get the MD5 as one should not

$ openssl pkcs12 -clcerts -nokeys -in ~/Certificates.p12  | openssl x509 -noout -text
Enter Import Password:
MAC verified OK
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:4c:19:67:ea:05
        Signature Algorithm: sha1WithRSAEncryption
        Issuer: CN=WebID, O={}
        Validity
            Not Before: Mar 14 17:39:42 2015 GMT
            Not After : Mar 13 17:49:42 2019 GMT
        Subject: dnQualifier=henry@bblfish.net
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
            RSA Public Key: (2048 bit)
                Modulus (2048 bit):
                    00:da:b9:d1:e9:41:f6:f8:5a:08:63:16:9d:0d:b6:
                    32:8d:1d:4a:15:a7:1d:ff:e3:d4:f4:d0:87:52:a5:
                    2f:b1:45:4d:73:58:e4:a5:ec:f3:50:1e:39:24:bc:
                    02:52:f3:00:4b:0b:b2:1a:0d:6b:64:ca:05:3f:0f:
                    bc:b5:a5:4e:c9:3e:be:2d:c9:b9:1e:4c:43:2b:82:
                    78:84:c4:cc:2a:d8:a1:02:b4:6d:2a:20:17:bf:45:
                    d9:d4:c8:8a:56:4d:42:02:34:48:4a:1b:2e:44:6d:
                    bb:4c:d4:38:e7:9c:24:66:ce:31:0f:32:77:73:a7:
                    79:d2:4e:d7:b6:0a:05:a6:18:b9:84:75:7b:94:6d:
                    67:ba:79:f2:e0:64:e6:ae:d3:8b:d6:55:9c:e7:fc:
                    95:02:72:08:23:d5:6d:b1:c0:34:09:93:67:d7:db:
                    27:b6:bd:af:da:8c:c4:83:47:13:3f:4a:14:67:5f:
                    67:5f:b4:84:ce:32:df:66:c1:1a:36:38:fa:84:d5:
                    be:69:b1:a6:f2:38:11:5d:ef:9b:0f:79:bb:25:c0:
                    cb:7e:4a:39:45:9a:08:29:b1:fd:35:c0:d1:db:dd:
                    60:f9:c6:79:d8:94:15:ed:7e:a4:1e:b0:2f:bc:01:
                    6f:c0:e7:92:cb:96:98:c9:f4:db:84:2c:da:d5:b5:
                    f5:c9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Alternative Name: critical
                URI:http://bblfish.net/people/henry/card#me
            X509v3 Key Usage: critical
                Digital Signature, Non Repudiation, Key Encipherment, Key Agreement, Certificate Sign
            X509v3 Basic Constraints: critical
                CA:FALSE
            Netscape Cert Type: 
                SSL Client, S/MIME
    Signature Algorithm: sha1WithRSAEncryption
        03:25:38:47:76:34:ba:da:0b:40:ea:75:63:98:6b:b0:0b:b6:
        11:85:c7:b1:c4:91:cc:5c:99:a5:b5:01:24:6f:1f:8c:03:39:
        80:03:e7:50:59:9f:b0:48:6e:e7:16:b8:b7:92:6f:31:cd:cc:
        ba:60:40:08:9e:3c:38:5d:19:94:fd:2c:be:6d:84:57:d4:ea:
        7f:54:a7:69:73:aa:37:a4:b8:81:21:0c:65:dc:f1:f6:a3:40:
        d1:18:cf:04:a4:d6:8b:9a:1f:43:c2:67:4a:0e:8d:00:b7:e8:
        49:e3:b7:d5:f9:00:0f:98:32:b2:09:5e:ca:c0:44:37:dc:df:
        3b:57:e0:c2:5a:8a:79:0d:55:7a:4a:73:4a:24:64:27:e5:16:
        78:d4:c9:35:5e:f8:67:9c:e9:41:bd:c6:25:6b:1b:d7:03:c1:
        af:64:d0:e3:0a:ea:58:a4:bc:3a:a4:8f:51:8d:33:58:ed:ba:
        af:3d:b7:75:28:32:33:76:65:80:56:ae:ec:43:db:9e:7e:4b:
        74:f5:88:07:9f:2d:e8:74:f1:89:d1:af:52:34:07:52:f3:54:
        2f:60:fd:de:96:f6:00:67:2e:8f:10:23:e6:af:95:bf:a6:3c:
        61:0d:8c:24:47:cf:52:45:0f:96:ee:ca:3a:69:82:69:3b:20:
        87:06:5c:58

It turns out OSX generates the MD5 for convenience. One can get the same result in openssl with

openssl pkcs12 -clcerts -nokeys -in ~/Certificates.p12  | openssl x509 -noout -fingerprint -md5

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment