Previous | Contents | Index |
The files created by PMDF-TLS are encoded binary files that do not provide any useful information without decoding. The certificate dump tool can be used to see what is inside a PMDF-TLS "PEM" file.
To run the utility, issue the OpenVMS command
$ MCR PMDF_EXE:TLS_CERTDUMP file-spec |
# /pmdf/bin/tls_certdump file-spec |
C:\> tls_certdump file-spec |
file-spec
is the name of the file (a PMDF-TLS private key or public key file) to
be dumped.
For example, Example 15-1 showed generating a Certificate Request. The OpenVMS command
$ MCR PMDF_EXE:TLS_CERTDUMP SERVER-CERTREQ.PEM |
Certificate Request: Data: Version: 0 (0x0) Subject: Email=Joe.Manager@Domain.Com, CN=*.domain.com, C=US, ST=California, L=West Covina, O=Domains R Us Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public Key: (1024 bit) Modulus (1024 bit): 00:c4:58:2e:83:75:a5:91:82:f3:d5:9e:64:02:45: e1:9e:eb:0f:b0:12:ca:89:4c:8c:10:5c:c1:df:68: 88:b4:e3:98:49:7a:b8:8c:ce:e5:eb:e4:79:4f:ea: 1b:63:22:d0:2a:fe:ff:ba:a5:f2:ac:80:7a:0a:0e: 2a:f1:f2:11:3f:fb:c7:64:cc:a7:11:da:e3:4b:a1: 20:44:49:5a:50:34:2e:50:e2:2b:01:88:2a:be:29: 17:20:2f:9f:92:0f:5d:4b:0d:3e:dd:9e:fc:f6:f1: c6:26:94:aa:0e:0f:2c:60:5a:5b:35:49:a8:2d:a1: 27:0d:e4:27:5b:64:ea:55:9d Exponent: 65537 (0x10001) Attributes: a0:00 Signature Algorithm: md5WithRSAEncryption 83:1d:79:40:3a:3e:9f:08:a0:d3:dc:8a:e0:3a:30:e9:4c:77: c9:93:15:46:0a:95:40:90:d6:47:6d:ae:03:fe:ee:01:d0:73: fb:89:89:e9:e2:50:d9:e2:3f:b7:0e:8d:ae:39:d3:b0:65:2f: ca:38:69:8b:e5:da:c9:67:33:57:7f:8f:65:fa:f3:30:7e:f6: 00:9f:87:4f:00:62:b2:fe:c4:af:15:2e:02:ac:c8:cf:1f:95: 4e:d8:cb:b4:6e:50:07:32:e7:43:12:af:89:9a:ec:bc:c0:63: 33:88:e7:80:1a:74:66:04:0f:4f:80:02:55:92:05:87:bf:86: 86:47 |
While most of the data isn't useful to the casual observer, you can identify the "Subject": this refers to the site that is using the certificate; the CN value is the common name you entered during the generation of the Certificate Request. If the file being dumped is a certificate, you'll also see the "Issuer:" which is the identity of the Certificate Authority that signed the certificate request.
Previous | Next | Contents | Index |