View the Certificate Details
About this task
-
Displaying the digital certificate for given certificate type or list all the certificate details from the local store for given certificate type.
-
Displaying the CA details for a given trustpoint CA name or listing all the CA details from the local store if the CA name is not specified.
-
Displaying the configured key details for given key name.
-
Displaying the configured subject details.
Procedure
Examples
Display the CA certificate details:
Switch:1>enable Switch:1>show certificate ca CA table entry Name : caica2 CommonName : caica2 KeyName : rsa_2048 CaUrl : http://192.51.100.9:8080/ejbca/publicweb/apply/scep/test/pkiclient.exe UsePost : 0 SubjectCertValidityDays : 365 Action : no-op LastActionStatus : success LastActionFailureReason : CA-Auth Sha256Fingerprint :
Display the name and public key of all the key-pairs:
Switch:1>show certificate key-name Key Name: rsa_2048 Public Key Value: 00000000000000010000000102000000000301000100000100bcb8339f794b7ce8a90a7f3a238f07e176a48337512173153ba5f6a2b33700db07957c4a1a7e6adb918ed046c2235e074fff4fcf15aa2e66c670ad14cee5d88a9023d666798943d58ab793578438291532a700037d9b5cf97ce1321c63e16462bbb7c0f8fafa1e386d651caf6b6a8b4e707d1f7c247900d21f711acf1eba9e293aff7de0dbc30b9733d26179827676044ea04b77412142dc6cd8fe9fc4ebc5173a6d7c82cbf52090046efec0efb0356282208c94b5b954c9fca38d3e39e0778474cb423a1c8d9feb4e64a1600a43d7d7d7b1db48dfa7b536772855b081c8d63aecd3f94832fa558565b8e9bf1f1b67121aa7d4a381ff2c3dde78d65c271b83a9
Switch:1>show certificate subject Common Name : tlsenduser1 Email Address : tlsenduser1@mocana.com Organizational Unit : Engineering Organization : Mocana Locality : San Francisco Province : California Country : US
Display the Root CA certificate:
Switch:1>show certificate cert-type root-ca-cert CERT STORE table entry Certificate Type : Root CA Certificate CommonName : ca VersionNumber : X.509 v3 SerialNumber : 3f418444a5b29cbd IssuerName : CN:ca, EM:, OU:, O:, L:, P:, C: ValidityPeriodNotBefore : 10/26/16 12:37:22 ValidityPeriodNotAfter : 10/26/18 12:37:22 CertificateSignatureAlgorithm : sha256withRSAEncryption CertificateSignature : 856f7e66ce1bcbc3853dc22f969aff9bbb357d8d4e34274098e7c3c0b78cf0aba04b6d64ec22b4bee122243342283348fb011edd25b44bf7b77d6cfb10eb662d97fafe6ce727622dfc205358513ceaef2a04bc1d46b1372092ae34c222a69237388f62c1efd8d0386102a69aa495a3070994620f2896c157c273185e8b6cc405083973b38418d7efd9c992905df6e160c4bf3b916ec046c5291f9b2f280a178d5ac14ca6ee4ffc47059e522bbdafcc5560c55612fbe3f6bcca603cec1ba0f24202ef6120c0f31259f6b5a80726ddf7f8b72359eac638b4a6289096db0cdc23839d75ebe79dd3b5b7a365d1534a48f349dd3139d1e05e225711f07631ef5a2fbc Subject : CN:ca, EM:, OU:, O:, L:, P:, C: SubjectPublicKeyAlgorithm : rsaEncryption SubjectPublicKey : 00000000000000010000000102000000000301000100000100a0457dd22f1ff11a2c4f01f5fedcda5b26d88a167f056b2c915e690b3a2c1e30373a8e14e5f23586aaa9e68544bf8b5931f0dff6057936c3e8f48d2430ce9bdf2c00d30da314f4d3a88d7e112593429005b7095f8e4aec18fda5d1697d35882eab98796ae0fe20994edc5a5b1379521a65d9e168e6bfe6d842139a294c94aac122e51d7a5438ad8bf00f5098857a557a4f69f4b21bd08c9213d3458a7fb7c644c7fcb4806fb4f683941f7701cb131ffc2444aac314be88fb717c135bc7416390de4925d833e889362caefbaf1079656206acc5cfe424edc30e2cd7853223c505e3fefd28cc35c94c14742a912baee7f4197f680a91b69d496ea67b87cbd0c399 HasBasicConstraint : 1 HasKeyUsage : 1 IsCa : 1 KeyUsage : 103 digitalSignature nonRepudiation keyEncipherment keyCertSign cRLSign ExtendedKeyUsage : TLS Web Server Authentication, OCSP Signing, CDPUrl : OCSPUrl : http://192.51.100.9:8080/ejbca/publicweb/status/ocsp CertificateFileName : /intflash/.cert/.rootCACertStore/root_ca_cert_ca.der
Display the Intermediate CA certificate:
Switch:1> show certificate cert-type intermediate-ca-cert CERT STORE table entry Certificate Type : Intermediate CA Certificate CommonName : newsubca VersionNumber : X.509 v3 SerialNumber : 59f0b1a73c93b194 IssuerName : CN:ca, EM:, OU:, O:, L:, P:, C: ValidityPeriodNotBefore : 10/27/16 09:49:59 ValidityPeriodNotAfter : 10/26/18 12:37:22 CertificateSignatureAlgorithm : sha256withRSAEncryption CertificateSignature : 65c2bed6f0333d6bbc5aea24d682061cfebefeb4bea8f74b3687cb72d700aabcf38af039dbff1e3d818627c5a27bfb4310c5fdd8db7eaea7bfb06275bc86f1e479ed0ca5ec7a828b44f862e294ea4bd39a3a38b2ec5c87f2fb5baf98a856f380d9ec9f022ba5b05c328556233b7dc5d1359edc08966a194311eb76965ce509439a224c5c0004688cfdf154a855a80fd385538e00f5644792f9e496def7e293b2a20a60c782cc9bfcddc448e15024a0a49caa2bbefc82fa71cbda495915910a4363e5d7d95303d44a14e95932b1797ecc252e7ffa4d7cb8d270c693cebbf3e632f1accbe6920460496d1f873d35b92c5430cb870d84d61d0556eea94a003e6785 Subject : CN:newsubca, EM:, OU:, O:, L:, P:, C: SubjectPublicKeyAlgorithm : rsaEncryption SubjectPublicKey : 00000000000000010000000102000000000301000100000100a0457dd22f1ff11a2c4f01f5fedcda5b26d88a167f056b2c915e690b3a2c1e30373a8e14e5f23586aaa9e68544bf8b5931f0dff6057936c3e8f48d2430ce9bdf2c00d30da314f4d3a88d7e112593429005b7095f8e4aec18fda5d1697d35882eab98796ae0fe20994edc5a5b1379521a65d9e168e6bfe6d842139a294c94aac122e51d7a5438ad8bf00f5098857a557a4f69f4b21bd08c9213d3458a7fb7c644c7fcb4806fb4f683941f7701cb131ffc2444aac314be88fb717c135bc7416390de4925d833e889362caefbaf1079656206acc5cfe424edc30e2cd7853223c505e3fefd28cc35c94c14742a912baee7f4197f680a91b69d496ea67b87cbd0c399 HasBasicConstraint : 1 HasKeyUsage : 1 IsCa : 1 KeyUsage : 119 digitalSignature nonRepudiation keyEncipherment keyAgreement keyCertSign cRLSign ExtendedKeyUsage : TLS Web Server Authentication, OCSP Signing, CDPUrl : http://192.51.100.9:8080/ejbca/publicweb/webdist/certdist?cmd=crl&issuer=CN=ca OCSPUrl : CertificateFileName : /intflash/.cert/.caCertStore/ca_cert_newsubca.der
Display the offline CA certificate:
Switch:1>show certificate cert-type offline-ca-cert CERT table entry Certificate Type : Offline CA Certificate VersionNumber : X.509 v3 SerialNumber : 59f0b1a73c93b194 IssuerName : CN:ca, EM:, OU:, O:, L:, P:, C: ValidityPeriodNotBefore : 10/27/16 09:49:59 ValidityPeriodNotAfter : 10/26/18 12:37:22 CertificateSignatureAlgorithm : sha256withRSAEncryption CertificateSignature : 65c2bed6f0333d6bbc5aea24d682061cfebefeb4bea8f74b3687cb72d700aabcf38af039dbff1e3d818627c5a27bfb4310c5fdd8db7eaea7bfb06275bc86f1e479ed0ca5ec7a828b44f862e294ea4bd39a3a38b2ec5c87f2fb5baf98a856f380d9ec9f022ba5b05c328556233b7dc5d1359edc08966a194311eb76965ce509439a224c5c0004688cfdf154a855a80fd385538e00f5644792f9e496def7e293b2a20a60c782cc9bfcddc448e15024a0a49caa2bbefc82fa71cbda495915910a4363e5d7d95303d44a14e95932b1797ecc252e7ffa4d7cb8d270c693cebbf3e632f1accbe6920460496d1f873d35b92c5430cb870d84d61d0556eea94a003e6785 Subject : CN:newsubca, EM:, OU:, O:, L:, P:, C: SubjectPublicKeyAlgorithm : rsaEncryption SubjectPublicKey : 00000000000000010000000102000000000301000100000100a0457dd22f1ff11a2c4f01f5fedcda5b26d88a167f056b2c915e690b3a2c1e30373a8e14e5f23586aaa9e68544bf8b5931f0dff6057936c3e8f48d2430ce9bdf2c00d30da314f4d3a88d7e112593429005b7095f8e4aec18fda5d1697d35882eab98796ae0fe20994edc5a5b1379521a65d9e168e6bfe6d842139a294c94aac122e51d7a5438ad8bf00f5098857a557a4f69f4b21bd08c9213d3458a7fb7c644c7fcb4806fb4f683941f7701cb131ffc2444aac314be88fb717c135bc7416390de4925d833e889362caefbaf1079656206acc5cfe424edc30e2cd7853223c505e3fefd28cc35c94c14742a912baee7f4197f680a91b69d496ea67b87cbd0c399 HasBasicConstraint : 1 HasKeyUsage : 1 IsCa : 1 KeyUsage : 119 digitalSignature nonRepudiation keyEncipherment keyAgreement keyCertSign cRLSign ExtendedKeyUsage : TLS Web Server Authentication, OCSP Signing, CDPUrl : http://192.51.100.9:8080/ejbca/publicweb/webdist/certdist?cmd=crl&issuer=CN=ca
Display the offline subject certificate:
Switch:1>show certificate cert-type offline-subject-cert CERT table entry Certificate Type : Offline Subject Certificate VersionNumber : X.509 v3 SerialNumber : 33f18af2c9ef62f5 IssuerName : CN:newsubca, EM:, OU:, O:, L:, P:, C: ValidityPeriodNotBefore : 11/03/16 11:40:28 ValidityPeriodNotAfter : 10/26/18 12:37:22 CertificateSignatureAlgorithm : sha256withRSAEncryption CertificateSignature : 2fd70da6d5a8f272f0f1cfc237eccb419eabd3c2fc8ca3c147c8f4b04efe2ecd8060f83f1ce420c37285e8a4a704249983e5b4545a9d0e7e684a03502d0d180ced5d2dd6747c8ab0f58b6f46ac56c6ff696dad6a93bd2c6249b32e74070499f6f94b0814ae7c14f1893ab1f2ce764340007eb06338bba5935ac5729e20e680c593f77dfa9aac96ea5ec1a884e28db4e68bfbea116beffdb91cb09ab9fc6ac2aaee0064a2ef241412b6ebe21564623b28eaba14ff7f2a07691c7703c50bc63b25dd18d21f0f08e63a33ca75cd49cfe93a9b6ff540d439008ac8e83a2393e94bf4b2e5fa1c3e3d8df1df538651f4936f9db117fd6adf0960eaf116a92c5bff7c06 Subject : CN:newsub1, EM:test@mocana.com, OU:Engineering, O:Mocana, L:San Francisco, P:California, C:US SubjectPublicKeyAlgorithm : rsaEncryption SubjectPublicKey : 00000000000000010000000102000000000301000100000100d35e399359ee6c24837a0394dff783c039bf4c6fe02000e31fecfa0a67b36fd390b3a1c29229af4ed24972186fc4991655479db597967b3bdda95c00bd1c07ca660ccf80aca1bccbe8cbe2db31a5cd5868433eb9ac85ab7b54438c4e0b2da260a13eef4900929514ee8bee184df40f11c0c766a0e6ca89424f2f3753039e8e20e3809d20fa59d319ccaecee4a32a4ab1da9bf7f566241dd76c11eb762ad320dafbcba73e658d0faa5ea1caf75f1e4889038a58b3e48e9e541bcb4f818eb9b3e84a57bc6714e789067226953d740c6ef38d67d5ec891598f62248a337a1176bd3edef8adec606bbae9781b88d32c8867629ddbc9f532338cf4ca53918dd98c609 HasBasicConstraint : 1 HasKeyUsage : 1 IsCa : 0 KeyUsage : 15 digitalSignature nonRepudiation keyEncipherment dataEncipherment ExtendedKeyUsage : TLS Web Server Authentication, OCSP Signing, CDPUrl : http://192.51.100.9:8080/ejbca/publicweb/webdist/certdist?cmd=crl=&=CN=newsubca OCSPUrl : http://192.51.100.9:8080/ejbca/publicweb/status/ocsp Status : offline-certificate Installed : 1
Display the online CA certificate:
Switch:1>show certificate cert-type online-ca-cert CERT table entry Certificate Type : Online CA Certificate VersionNumber : X.509 v3 SerialNumber : 59f0b1a73c93b194 IssuerName : CN:ca, EM:, OU:, O:, L:, P:, C: ValidityPeriodNotBefore : 10/27/16 09:49:59 ValidityPeriodNotAfter : 10/26/18 12:37:22 CertificateSignatureAlgorithm : sha256withRSAEncryption CertificateSignature : 65c2bed6f0333d6bbc5aea24d682061cfebefeb4bea8f74b3687cb72d700aabcf38af039dbff1e3d818627c5a27bfb4310c5fdd8db7eaea7bfb06275bc86f1e479ed0ca5ec7a828b44f862e294ea4bd39a3a38b2ec5c87f2fb5baf98a856f380d9ec9f022ba5b05c328556233b7dc5d1359edc08966a194311eb76965ce509439a224c5c0004688cfdf154a855a80fd385538e00f5644792f9e496def7e293b2a20a60c782cc9bfcddc448e15024a0a49caa2bbefc82fa71cbda495915910a4363e5d7d95303d44a14e95932b1797ecc252e7ffa4d7cb8d270c693cebbf3e632f1accbe6920460496d1f873d35b92c5430cb870d84d61d0556eea94a003e6785 Subject : CN:newsubca, EM:, OU:, O:, L:, P:, C: SubjectPublicKeyAlgorithm : rsaEncryption SubjectPublicKey : 00000000000000010000000102000000000301000100000100a0457dd22f1ff11a2c4f01f5fedcda5b26d88a167f056b2c915e690b3a2c1e30373a8e14e5f23586aaa9e68544bf8b5931f0dff6057936c3e8f48d2430ce9bdf2c00d30da314f4d3a88d7e112593429005b7095f8e4aec18fda5d1697d35882eab98796ae0fe20994edc5a5b1379521a65d9e168e6bfe6d842139a294c94aac122e51d7a5438ad8bf00f5098857a557a4f69f4b21bd08c9213d3458a7fb7c644c7fcb4806fb4f683941f7701cb131ffc2444aac314be88fb717c135bc7416390de4925d833e889362caefbaf1079656206acc5cfe424edc30e2cd7853223c505e3fefd28cc35c94c14742a912baee7f4197f680a91b69d496ea67b87cbd0c399 HasBasicConstraint : 1 HasKeyUsage : 1 IsCa : 1 KeyUsage : 119 digitalSignature nonRepudiation keyEncipherment keyAgreement keyCertSign cRLSign ExtendedKeyUsage : TLS Web Server Authentication, OCSP Signing, CDPUrl : http://192.51.100.9:8080/ejbca/publicweb/webdist/certdist?cmd=crl=&=CN=ca OCSPUrl :
Display the online subject certificate:
Switch:1>show certificate cert-type online-subject-cert CERT table entry Certificate Type : Online Subject Certificate VersionNumber : X.509 v3 SerialNumber : 18684a25b80768f9 IssuerName : CN:ca, EM:, OU:, O:, L:, P:, C: ValidityPeriodNotBefore : 11/07/16 12:36:43 ValidityPeriodNotAfter : 10/26/18 12:37:22 CertificateSignatureAlgorithm : sha256withRSAEncryption CertificateSignature : 6efc5c0fe4f054e9800b029a08b4d2b2f205692379a74818c6c57baba49a2efce1f622397d3b31aa81d55e2fb222610116e975900887d0e80d48718e080413c8d661a73503481a810f1559c97335a16bb53d1b08024fa6d568b156788670cf9d5cb34bdb10b1a8eb936869d4a2d2eeb96241865d685b018d0e094fea7b5a28f3e8d03c15e1bafe2ba7ce18aaaddc22b6928e597756067758412d283c187123fbedf55c252fabd22ee85cbe558aed6070db3aa8db117f923d6509d543895c7510843c77b2b438de10e8bea2b76375e27641a6e6aaffd2003b58802a5c3d1b91e5f5f2d5a68fea4a82c95745b954cc93924aa451458db1707594c871d14511e6cd Subject : CN:192.51.100.9, EM:test@mocana.com, OU:Engineering, O:Mocana, L:San Francisco, P:California, C:US SubjectPublicKeyAlgorithm : rsaEncryption SubjectPublicKey : 00000000000000010000000102000000000301000100000100928124a0e780954494d384b15276bb6fc6b9a88bb200bae0f7e8b9ce5fbea7387eff897e571362028b4678a491cbc9e74a2f985807c8ca48c5300cd17f349d98055f1a6868cd24956efa80ffd9013ce448ab58f31ce6fa0aae1faf9b6b2347d046af754cac7deb75c55eea7c582824d3f4fff9632d7044b532657777824105c1fd62584276be63c940effe5e307de1fe38fc50727cfdb6799f3575e13451901ee16dbfcf7d18b6a78574f7230a90021b5b977571358871925239725044604e74edc4ee236243682bdb30541cc8369580177179c92bec6891473827dcecb3046cadd78530a3b7cb3aad5126a95daaae919f9355a232ad1611b897ac22a08b7ff7 HasBasicConstraint : 1 HasKeyUsage : 1 IsCa : 0 KeyUsage : 117 digitalSignature keyEncipherment keyAgreement keyCertSign cRLSign ExtendedKeyUsage : TLS Web Server Authentication, OCSP Signing, CDPUrl : http://192.51.100.9:8080/ejbca/publicweb/webdist/certdist?cmd=crl=&=CN=ca OCSPUrl : http://192.51.100.9:8080/ejbca/publicweb/status/ocsp Status : active Installed : 1
Variable Definitions
The following table defines parameters for the show certificate command.
Variable |
Value |
---|---|
cert-type default-tls-certificate |
Displays the default TLS certificate (self-signed). |
cert-type online-ca-cert |
Specifies Certificate Authority's Certificate obtained online from Certificate Authority. |
cert-type online-subject-cert |
Specifies subject certificate obtained online from Certificate Authority. |
cert-type offline-ca-cert |
Specifies Certificate Authority's certificate obtained offline from Certificate Authority. |
cert-type offline-subject-cert |
Specifies subject certificate obtained offline from Certificate Authority. |
cert-type intermediate-ca-cert [WORD<1-80>] |
Specifies the intermediate certificate obtained offline from Certificate Authority. |
cert-type root-ca-cert [WORD<1-80>] |
Specifies root certificate obtained offline from Root Certificate Authority. |
ca [WORD<1–45>] |
Specifies name of the Certificate Authority. If the name is not specified, the command displays the CA details of all configured CA. |
Job aid
This section describes the fields in the output for the different show certificate commands.
The following table describes the fields in the output for the show certificate cert-type command
Parameter |
Description |
---|---|
Certificate Type |
Indicates the type of certificate.
|
VersionNumber |
Indicates the certificate version number for the subject as issued by the Certificate Authority. |
SerialNumber |
Indicates the certificate serial number for the subject as issued by the Certificate Authority. |
IssuerName |
Indicates the certificate issuer name for the subject as issued by the Certificate Authority. |
ValidityPeriodNotBefore |
Indicates the certificate validation period start date for the subject as issued by the Certificate Authority. |
ValidityPeriodNotAfter |
Indicates the certificate validation period last date for the subject as issued by the Certificate Authority. |
CertificateSignatureAlgorithm |
Indicates the algorithm used for the issuer's signature on the certificate for the subject as issued by the Certificate Authority. |
CertificateSignature |
Indicates the issuer's signature on the certificate for the subject as issued by the Certificate Authority. |
Subject |
Indicates the details of the subject on its certificate as issued by Certificate Authority. |
SubjectPublicKeyAlgorithm |
Indicates the algorithm used to generate the subject's public key for the certificate issued by the Certificate Authority. |
SubjectPublicKey |
Indicates the public key of the subject used for Certificate Signing Request. |
HasBasicConstraint |
Indicates whether certificate contains basic certificate constraint. |
HasKeyUsage |
Indicates whether certificate contains basic key usage constraint. |
IsCa |
Indicates if the certificate is a CA certificate or not. |
KeyUsage |
Indicates the purpose of the key used in the certificate. It is represented in the form of bits as follows:
|
ExtendedKeyUsage |
Indicates the purpose for which the key is used in addition to or in place of the basic purposes indicated in the key-usage field of the certificate. |
CDPUrl |
Indicates the CDP URL present in the Digital Certificate Extensions field. |
OCSPUrl |
Indicates the OCSP URL present in the Digital Certificate AIA field. |
Status |
Indicates the certificate status. |
Installed |
Indicates if the certificate is installed. |
The following table describes the fields in the output for the show certificate ca command
Parameter |
Description |
---|---|
Name |
Indicates the user defined name referring to the Certificate Authority issuing the Digital Certificate. |
CommonName |
Indicates the Common Name of the Certificate Authority issuing the Digital Certificate. |
KeyName |
Indicates the generated key pair that was first associated with the CA trustpoint. |
CaUrl |
Indicates the URL of the Certificate Authority issuing the Digital Certificate. |
UsePost |
Indicates if the HTTP request type is URL or POST. Where, TRUE indicates EJBCA and FALSE indicates Win2012 CA. |
SubjectCertValidityDays |
Indicates number of days for which subject certificate is valid. |
Action |
Indicates the various actions that a Certificate Authority can take.
|
LastActionStatus |
Indicates the status of the last action.
|
LastActionFailureReason |
Indicates the reason of failure for the last action performed by the Certificate Authority. |
The following table describes the fields in the output for the show certificate key-name command
Parameter |
Description |
---|---|
Key Name |
Indicates the name of the key-pair generated for the subject. It is an auto generated entity, generated as the combination of key-type and key-size. |
Public Key Value |
Indicates the public key of the subject used to the Certificate Signing Request. |
The following table describes the fields in the output for the show certificate subject command
Parameter |
Description |
---|---|
CommonName |
Indicates the Common Name field of the subject sending the Certificate Signing Request (CSR ) to the Certificate Authority. |
EmailAddress |
Indicates the Email address of the subject sending the CSR to the Certificate Authority. |
OrganizationalUnit |
Indicates the Organizational Unit field of the subject sending the CSR to the Certificate Authority. |
Organization |
Indicates the Organization of the subject sending the CSR to the Certificate Authority. |
Locality |
Indicates the name of the Locality of the subject sending the CSR to the Certificate Authority. |
Province |
Indicates the Province name of the subject sending the CSR to the Certificate Authority. |
Country |
Indicates the name of the country of the subject sending the CSR to the Certificate Authority. |