View the Certificate Details

About this task

Use this procedure for the following tasks:

  • Displaying the digital certificate for given certificate type or list all the certificate details from the local store for given certificate type.

  • Displaying the CA details for a given trustpoint CA name or listing all the CA details from the local store if the CA name is not specified.

  • Displaying the configured key details for given key name.

  • Displaying the configured subject details.

Procedure

  1. Enter Privileged EXEC mode:

    enable

  2. Display the digital certificate for given certificate type:

    show certificate cert-type [default-tls-certificate] [online-ca-cert] | [online-subject-cert] | [offline-ca-cert] | [offline-subject-cert] | [intermediate-ca-cert WORD<1-80>] | [root-ca-cert WORD<1-80>]]

  3. Display the certificate authority details:

    show certificate ca WORD<1–45>

  4. Display the name and public key of all the key-pairs:

    show certificate key-name

  5. Display the details of the configured subject:

    show certificate subject

Examples

Display the CA certificate details:

Switch:1>enable
Switch:1>show certificate ca
CA table entry
Name                      :   caica2
CommonName                :   caica2
KeyName                   :   rsa_2048
CaUrl                     :   http://192.51.100.9:8080/ejbca/publicweb/apply/scep/test/pkiclient.exe
UsePost                   :   0
SubjectCertValidityDays   :   365
Action                    :   no-op
LastActionStatus          :   success
LastActionFailureReason   :
CA-Auth Sha256Fingerprint :

Display the name and public key of all the key-pairs:

Switch:1>show certificate key-name

Key Name: rsa_2048
Public Key Value: 00000000000000010000000102000000000301000100000100bcb8339f794b7ce8a90a7f3a238f07e176a48337512173153ba5f6a2b33700db07957c4a1a7e6adb918ed046c2235e074fff4fcf15aa2e66c670ad14cee5d88a9023d666798943d58ab793578438291532a700037d9b5cf97ce1321c63e16462bbb7c0f8fafa1e386d651caf6b6a8b4e707d1f7c247900d21f711acf1eba9e293aff7de0dbc30b9733d26179827676044ea04b77412142dc6cd8fe9fc4ebc5173a6d7c82cbf52090046efec0efb0356282208c94b5b954c9fca38d3e39e0778474cb423a1c8d9feb4e64a1600a43d7d7d7b1db48dfa7b536772855b081c8d63aecd3f94832fa558565b8e9bf1f1b67121aa7d4a381ff2c3dde78d65c271b83a9
Display the details of the configured subject:
Switch:1>show certificate subject
Common Name         : tlsenduser1
Email Address       : tlsenduser1@mocana.com
Organizational Unit : Engineering
Organization        : Mocana
Locality            : San Francisco
Province            : California
Country             : US

Display the Root CA certificate:

Switch:1>show certificate cert-type root-ca-cert 

CERT STORE table entry
Certificate Type                :   Root CA Certificate
CommonName                      :   ca
VersionNumber                   :   X.509 v3
SerialNumber                    :   3f418444a5b29cbd
IssuerName                      :   CN:ca, EM:, OU:, O:, L:, P:, C:
ValidityPeriodNotBefore         :   10/26/16 12:37:22
ValidityPeriodNotAfter          :   10/26/18 12:37:22
CertificateSignatureAlgorithm   :   sha256withRSAEncryption
CertificateSignature            :   856f7e66ce1bcbc3853dc22f969aff9bbb357d8d4e34274098e7c3c0b78cf0aba04b6d64ec22b4bee122243342283348fb011edd25b44bf7b77d6cfb10eb662d97fafe6ce727622dfc205358513ceaef2a04bc1d46b1372092ae34c222a69237388f62c1efd8d0386102a69aa495a3070994620f2896c157c273185e8b6cc405083973b38418d7efd9c992905df6e160c4bf3b916ec046c5291f9b2f280a178d5ac14ca6ee4ffc47059e522bbdafcc5560c55612fbe3f6bcca603cec1ba0f24202ef6120c0f31259f6b5a80726ddf7f8b72359eac638b4a6289096db0cdc23839d75ebe79dd3b5b7a365d1534a48f349dd3139d1e05e225711f07631ef5a2fbc
Subject                         :   CN:ca, EM:, OU:, O:, L:, P:, C:
SubjectPublicKeyAlgorithm       :   rsaEncryption
SubjectPublicKey                :   00000000000000010000000102000000000301000100000100a0457dd22f1ff11a2c4f01f5fedcda5b26d88a167f056b2c915e690b3a2c1e30373a8e14e5f23586aaa9e68544bf8b5931f0dff6057936c3e8f48d2430ce9bdf2c00d30da314f4d3a88d7e112593429005b7095f8e4aec18fda5d1697d35882eab98796ae0fe20994edc5a5b1379521a65d9e168e6bfe6d842139a294c94aac122e51d7a5438ad8bf00f5098857a557a4f69f4b21bd08c9213d3458a7fb7c644c7fcb4806fb4f683941f7701cb131ffc2444aac314be88fb717c135bc7416390de4925d833e889362caefbaf1079656206acc5cfe424edc30e2cd7853223c505e3fefd28cc35c94c14742a912baee7f4197f680a91b69d496ea67b87cbd0c399
HasBasicConstraint              :   1
HasKeyUsage                     :   1
IsCa                            :   1
KeyUsage                        :   103 digitalSignature  nonRepudiation  keyEncipherment  keyCertSign  cRLSign 
ExtendedKeyUsage                :   TLS Web Server Authentication, OCSP Signing, 
CDPUrl                          :   
OCSPUrl                         :   http://192.51.100.9:8080/ejbca/publicweb/status/ocsp
CertificateFileName             :   /intflash/.cert/.rootCACertStore/root_ca_cert_ca.der

Display the Intermediate CA certificate:

Switch:1> show certificate cert-type intermediate-ca-cert

CERT STORE table entry
Certificate Type                :   Intermediate CA Certificate
CommonName                      :   newsubca
VersionNumber                   :   X.509 v3
SerialNumber                    :   59f0b1a73c93b194
IssuerName                      :   CN:ca, EM:, OU:, O:, L:, P:, C:
ValidityPeriodNotBefore         :   10/27/16 09:49:59
ValidityPeriodNotAfter          :   10/26/18 12:37:22
CertificateSignatureAlgorithm   :   sha256withRSAEncryption
CertificateSignature            :   65c2bed6f0333d6bbc5aea24d682061cfebefeb4bea8f74b3687cb72d700aabcf38af039dbff1e3d818627c5a27bfb4310c5fdd8db7eaea7bfb06275bc86f1e479ed0ca5ec7a828b44f862e294ea4bd39a3a38b2ec5c87f2fb5baf98a856f380d9ec9f022ba5b05c328556233b7dc5d1359edc08966a194311eb76965ce509439a224c5c0004688cfdf154a855a80fd385538e00f5644792f9e496def7e293b2a20a60c782cc9bfcddc448e15024a0a49caa2bbefc82fa71cbda495915910a4363e5d7d95303d44a14e95932b1797ecc252e7ffa4d7cb8d270c693cebbf3e632f1accbe6920460496d1f873d35b92c5430cb870d84d61d0556eea94a003e6785
Subject                         :   CN:newsubca, EM:, OU:, O:, L:, P:, C:
SubjectPublicKeyAlgorithm       :   rsaEncryption
SubjectPublicKey                :   00000000000000010000000102000000000301000100000100a0457dd22f1ff11a2c4f01f5fedcda5b26d88a167f056b2c915e690b3a2c1e30373a8e14e5f23586aaa9e68544bf8b5931f0dff6057936c3e8f48d2430ce9bdf2c00d30da314f4d3a88d7e112593429005b7095f8e4aec18fda5d1697d35882eab98796ae0fe20994edc5a5b1379521a65d9e168e6bfe6d842139a294c94aac122e51d7a5438ad8bf00f5098857a557a4f69f4b21bd08c9213d3458a7fb7c644c7fcb4806fb4f683941f7701cb131ffc2444aac314be88fb717c135bc7416390de4925d833e889362caefbaf1079656206acc5cfe424edc30e2cd7853223c505e3fefd28cc35c94c14742a912baee7f4197f680a91b69d496ea67b87cbd0c399
HasBasicConstraint              :   1
HasKeyUsage                     :   1
IsCa                            :   1
KeyUsage                        :   119 digitalSignature  nonRepudiation  keyEncipherment  keyAgreement  keyCertSign  cRLSign 
ExtendedKeyUsage                :   TLS Web Server Authentication, OCSP Signing, 
CDPUrl                          :   http://192.51.100.9:8080/ejbca/publicweb/webdist/certdist?cmd=crl&issuer=CN=ca
OCSPUrl                         :   
CertificateFileName             :   /intflash/.cert/.caCertStore/ca_cert_newsubca.der

Display the offline CA certificate:

Switch:1>show certificate cert-type offline-ca-cert      

CERT table entry
Certificate Type                :   Offline CA Certificate
VersionNumber                   :   X.509 v3
SerialNumber                    :   59f0b1a73c93b194
IssuerName                      :   CN:ca, EM:, OU:, O:, L:, P:, C:
ValidityPeriodNotBefore         :   10/27/16 09:49:59
ValidityPeriodNotAfter          :   10/26/18 12:37:22
CertificateSignatureAlgorithm   :   sha256withRSAEncryption
CertificateSignature            :   65c2bed6f0333d6bbc5aea24d682061cfebefeb4bea8f74b3687cb72d700aabcf38af039dbff1e3d818627c5a27bfb4310c5fdd8db7eaea7bfb06275bc86f1e479ed0ca5ec7a828b44f862e294ea4bd39a3a38b2ec5c87f2fb5baf98a856f380d9ec9f022ba5b05c328556233b7dc5d1359edc08966a194311eb76965ce509439a224c5c0004688cfdf154a855a80fd385538e00f5644792f9e496def7e293b2a20a60c782cc9bfcddc448e15024a0a49caa2bbefc82fa71cbda495915910a4363e5d7d95303d44a14e95932b1797ecc252e7ffa4d7cb8d270c693cebbf3e632f1accbe6920460496d1f873d35b92c5430cb870d84d61d0556eea94a003e6785
Subject                         :   CN:newsubca, EM:, OU:, O:, L:, P:, C:
SubjectPublicKeyAlgorithm       :   rsaEncryption
SubjectPublicKey                :   00000000000000010000000102000000000301000100000100a0457dd22f1ff11a2c4f01f5fedcda5b26d88a167f056b2c915e690b3a2c1e30373a8e14e5f23586aaa9e68544bf8b5931f0dff6057936c3e8f48d2430ce9bdf2c00d30da314f4d3a88d7e112593429005b7095f8e4aec18fda5d1697d35882eab98796ae0fe20994edc5a5b1379521a65d9e168e6bfe6d842139a294c94aac122e51d7a5438ad8bf00f5098857a557a4f69f4b21bd08c9213d3458a7fb7c644c7fcb4806fb4f683941f7701cb131ffc2444aac314be88fb717c135bc7416390de4925d833e889362caefbaf1079656206acc5cfe424edc30e2cd7853223c505e3fefd28cc35c94c14742a912baee7f4197f680a91b69d496ea67b87cbd0c399
HasBasicConstraint              :   1
HasKeyUsage                     :   1
IsCa                            :   1
KeyUsage                        :   119 digitalSignature  nonRepudiation  keyEncipherment  keyAgreement  keyCertSign  cRLSign 
ExtendedKeyUsage                :   TLS Web Server Authentication, OCSP Signing, 
CDPUrl                          :   http://192.51.100.9:8080/ejbca/publicweb/webdist/certdist?cmd=crl&issuer=CN=ca

Display the offline subject certificate:

Switch:1>show certificate cert-type offline-subject-cert  
CERT table entry
Certificate Type                :   Offline Subject Certificate
VersionNumber                   :   X.509 v3
SerialNumber                    :   33f18af2c9ef62f5
IssuerName                      :   CN:newsubca, EM:, OU:, O:, L:, P:, C:
ValidityPeriodNotBefore         :   11/03/16 11:40:28
ValidityPeriodNotAfter          :   10/26/18 12:37:22
CertificateSignatureAlgorithm   :   sha256withRSAEncryption
CertificateSignature            :   2fd70da6d5a8f272f0f1cfc237eccb419eabd3c2fc8ca3c147c8f4b04efe2ecd8060f83f1ce420c37285e8a4a704249983e5b4545a9d0e7e684a03502d0d180ced5d2dd6747c8ab0f58b6f46ac56c6ff696dad6a93bd2c6249b32e74070499f6f94b0814ae7c14f1893ab1f2ce764340007eb06338bba5935ac5729e20e680c593f77dfa9aac96ea5ec1a884e28db4e68bfbea116beffdb91cb09ab9fc6ac2aaee0064a2ef241412b6ebe21564623b28eaba14ff7f2a07691c7703c50bc63b25dd18d21f0f08e63a33ca75cd49cfe93a9b6ff540d439008ac8e83a2393e94bf4b2e5fa1c3e3d8df1df538651f4936f9db117fd6adf0960eaf116a92c5bff7c06
Subject                         :   CN:newsub1, EM:test@mocana.com, OU:Engineering, O:Mocana, L:San Francisco, P:California, C:US
SubjectPublicKeyAlgorithm       :   rsaEncryption
SubjectPublicKey                :   00000000000000010000000102000000000301000100000100d35e399359ee6c24837a0394dff783c039bf4c6fe02000e31fecfa0a67b36fd390b3a1c29229af4ed24972186fc4991655479db597967b3bdda95c00bd1c07ca660ccf80aca1bccbe8cbe2db31a5cd5868433eb9ac85ab7b54438c4e0b2da260a13eef4900929514ee8bee184df40f11c0c766a0e6ca89424f2f3753039e8e20e3809d20fa59d319ccaecee4a32a4ab1da9bf7f566241dd76c11eb762ad320dafbcba73e658d0faa5ea1caf75f1e4889038a58b3e48e9e541bcb4f818eb9b3e84a57bc6714e789067226953d740c6ef38d67d5ec891598f62248a337a1176bd3edef8adec606bbae9781b88d32c8867629ddbc9f532338cf4ca53918dd98c609
HasBasicConstraint              :   1
HasKeyUsage                     :   1
IsCa                            :   0
KeyUsage                        :   15 digitalSignature  nonRepudiation  keyEncipherment  dataEncipherment 
ExtendedKeyUsage                :   TLS Web Server Authentication, OCSP Signing, 
CDPUrl                          :   http://192.51.100.9:8080/ejbca/publicweb/webdist/certdist?cmd=crl=&=CN=newsubca
OCSPUrl                         :   http://192.51.100.9:8080/ejbca/publicweb/status/ocsp
Status                          :   offline-certificate
Installed                       :   1

Display the online CA certificate:

Switch:1>show certificate cert-type online-ca-cert 

CERT table entry
Certificate Type                :   Online CA Certificate
VersionNumber                   :   X.509 v3
SerialNumber                    :   59f0b1a73c93b194
IssuerName                      :   CN:ca, EM:, OU:, O:, L:, P:, C:
ValidityPeriodNotBefore         :   10/27/16 09:49:59
ValidityPeriodNotAfter          :   10/26/18 12:37:22
CertificateSignatureAlgorithm   :   sha256withRSAEncryption
CertificateSignature            :   65c2bed6f0333d6bbc5aea24d682061cfebefeb4bea8f74b3687cb72d700aabcf38af039dbff1e3d818627c5a27bfb4310c5fdd8db7eaea7bfb06275bc86f1e479ed0ca5ec7a828b44f862e294ea4bd39a3a38b2ec5c87f2fb5baf98a856f380d9ec9f022ba5b05c328556233b7dc5d1359edc08966a194311eb76965ce509439a224c5c0004688cfdf154a855a80fd385538e00f5644792f9e496def7e293b2a20a60c782cc9bfcddc448e15024a0a49caa2bbefc82fa71cbda495915910a4363e5d7d95303d44a14e95932b1797ecc252e7ffa4d7cb8d270c693cebbf3e632f1accbe6920460496d1f873d35b92c5430cb870d84d61d0556eea94a003e6785
Subject                         :   CN:newsubca, EM:, OU:, O:, L:, P:, C:
SubjectPublicKeyAlgorithm       :   rsaEncryption
SubjectPublicKey                :   00000000000000010000000102000000000301000100000100a0457dd22f1ff11a2c4f01f5fedcda5b26d88a167f056b2c915e690b3a2c1e30373a8e14e5f23586aaa9e68544bf8b5931f0dff6057936c3e8f48d2430ce9bdf2c00d30da314f4d3a88d7e112593429005b7095f8e4aec18fda5d1697d35882eab98796ae0fe20994edc5a5b1379521a65d9e168e6bfe6d842139a294c94aac122e51d7a5438ad8bf00f5098857a557a4f69f4b21bd08c9213d3458a7fb7c644c7fcb4806fb4f683941f7701cb131ffc2444aac314be88fb717c135bc7416390de4925d833e889362caefbaf1079656206acc5cfe424edc30e2cd7853223c505e3fefd28cc35c94c14742a912baee7f4197f680a91b69d496ea67b87cbd0c399
HasBasicConstraint              :   1
HasKeyUsage                     :   1
IsCa                            :   1
KeyUsage                        :   119 digitalSignature  nonRepudiation  keyEncipherment  keyAgreement  keyCertSign  cRLSign 
ExtendedKeyUsage                :   TLS Web Server Authentication, OCSP Signing, 
CDPUrl                          :   http://192.51.100.9:8080/ejbca/publicweb/webdist/certdist?cmd=crl=&=CN=ca
OCSPUrl                         :

Display the online subject certificate:

Switch:1>show certificate cert-type online-subject-cert 

CERT table entry
Certificate Type                :   Online Subject Certificate
VersionNumber                   :   X.509 v3
SerialNumber                    :   18684a25b80768f9
IssuerName                      :   CN:ca, EM:, OU:, O:, L:, P:, C:
ValidityPeriodNotBefore         :   11/07/16 12:36:43
ValidityPeriodNotAfter          :   10/26/18 12:37:22
CertificateSignatureAlgorithm   :   sha256withRSAEncryption
CertificateSignature            :   6efc5c0fe4f054e9800b029a08b4d2b2f205692379a74818c6c57baba49a2efce1f622397d3b31aa81d55e2fb222610116e975900887d0e80d48718e080413c8d661a73503481a810f1559c97335a16bb53d1b08024fa6d568b156788670cf9d5cb34bdb10b1a8eb936869d4a2d2eeb96241865d685b018d0e094fea7b5a28f3e8d03c15e1bafe2ba7ce18aaaddc22b6928e597756067758412d283c187123fbedf55c252fabd22ee85cbe558aed6070db3aa8db117f923d6509d543895c7510843c77b2b438de10e8bea2b76375e27641a6e6aaffd2003b58802a5c3d1b91e5f5f2d5a68fea4a82c95745b954cc93924aa451458db1707594c871d14511e6cd
Subject                         :   CN:192.51.100.9, EM:test@mocana.com, OU:Engineering, O:Mocana, L:San Francisco, P:California, C:US
SubjectPublicKeyAlgorithm       :   rsaEncryption
SubjectPublicKey                :   00000000000000010000000102000000000301000100000100928124a0e780954494d384b15276bb6fc6b9a88bb200bae0f7e8b9ce5fbea7387eff897e571362028b4678a491cbc9e74a2f985807c8ca48c5300cd17f349d98055f1a6868cd24956efa80ffd9013ce448ab58f31ce6fa0aae1faf9b6b2347d046af754cac7deb75c55eea7c582824d3f4fff9632d7044b532657777824105c1fd62584276be63c940effe5e307de1fe38fc50727cfdb6799f3575e13451901ee16dbfcf7d18b6a78574f7230a90021b5b977571358871925239725044604e74edc4ee236243682bdb30541cc8369580177179c92bec6891473827dcecb3046cadd78530a3b7cb3aad5126a95daaae919f9355a232ad1611b897ac22a08b7ff7
HasBasicConstraint              :   1
HasKeyUsage                     :   1
IsCa                            :   0
KeyUsage                        :   117 digitalSignature  keyEncipherment  keyAgreement  keyCertSign  cRLSign 
ExtendedKeyUsage                :   TLS Web Server Authentication, OCSP Signing, 
CDPUrl                          :   http://192.51.100.9:8080/ejbca/publicweb/webdist/certdist?cmd=crl=&=CN=ca
OCSPUrl                         :   http://192.51.100.9:8080/ejbca/publicweb/status/ocsp
Status                          :   active
Installed                       :   1

Variable Definitions

The following table defines parameters for the show certificate command.

Variable

Value

cert-type default-tls-certificate

Displays the default TLS certificate (self-signed).

cert-type online-ca-cert

Specifies Certificate Authority's Certificate obtained online from Certificate Authority.

cert-type online-subject-cert

Specifies subject certificate obtained online from Certificate Authority.

cert-type offline-ca-cert

Specifies Certificate Authority's certificate obtained offline from Certificate Authority.

cert-type offline-subject-cert

Specifies subject certificate obtained offline from Certificate Authority.

cert-type intermediate-ca-cert [WORD<1-80>]

Specifies the intermediate certificate obtained offline from Certificate Authority.

cert-type root-ca-cert [WORD<1-80>]

Specifies root certificate obtained offline from Root Certificate Authority.

ca [WORD<1–45>]

Specifies name of the Certificate Authority.

If the name is not specified, the command displays the CA details of all configured CA.
9036843-01 Rev AD