show certificate cert-type

Display the digital certificate for given certificate type or lists all the certificate details from the local store for given certificate type.

Syntax

show certificate cert-type default-tls-certificate
show certificate cert-type intermediate-ca-cert WORD<1-80>
show certificate cert-type offline-ca-cert
show certificate cert-type offline-subject-cert
show certificate cert-type online-ca-cert
show certificate cert-type online-subject-cert
show certificate cert-type root-ca-cert WORD<1-80>

Command Parameters

default-tls-certificate: Displays the default TLS certificate (self-signed).
intermediate-ca-cert WORD<1-80>: Specifies the intermediate certificate obtained offline from Certificate Authority.
offline-ca-cert: Specifies Certificate Authority certificate obtained offline from Certificate Authority
offline-subject-cert: Specifies subject certificate obtained offline from Certificate Authority.
online-ca-cert: Specifies Certificate Authority Certificate obtained online from Certificate Authority.
online-subject-cert: Specifies subject certificate obtained online from Certificate Authority.
root-ca-cert WORD<1-80>: Specifies root certificate obtained offline from Root Certificate Authority.

Default

None

Command Mode

User EXEC

Command Output

The show certificate cert-type command displays the following information:


Output field	Description
Certificate Type	Indicates the type of certificate. Self-signed certificate Root Certificate Offline subject certificate Online subject certificate Intermediate CA certificate Offline CA certificate Online CA certificate
VersionNumber	Indicates the certificate version number for the subject as issued by the Certificate Authority.
SerialNumber	Indicates the certificate serial number for the subject as issued by the Certificate Authority.
IssuerName	Indicates the certificate issuer name for the subject as issued by the Certificate Authority.
ValidityPeriodNotBefore	Indicates the certificate validation period start date for the subject as issued by the Certificate Authority.
ValidityPeriodNotAfter	Indicates the certificate validation period last date for the subject as issued by the Certificate Authority.
CertificateSignatureAlgorithm	Indicates the algorithm used for the issuer's signature on the certificate for the subject as issued by the Certificate Authority.
CertificateSignature	Indicates the issuer's signature on the certificate for the subject as issued by the Certificate Authority.
Subject	Indicates the details of the subject on its certificate as issued by Certificate Authority.
SubjectPublicKeyAlgorithm	Indicates the algorithm used to generate the subject's public key for the certificate issued by the Certificate Authority.
SubjectPublicKey	Indicates the public key of the subject used for Certificate Signing Request.
HasBasicConstraint	Indicates whether certificate contains basic certificate constraint.
HasKeyUsage	Indicates whether certificate contains basic key usage constraint.
IsCa	Indicates if the certificate is a CA certificate or not.
KeyUsage	Indicates the purpose of the key used in the certificate. It is represented in the form of bits as follows: bit 0 - digitalSignature bit 1 - nonRepudiation bit 2 - keyEncipherment bit 3 - dataEncipherment bit 4 - keyAgreement bit 5 - keyCertSign bit 6 - cRLSign bit 7 - encipherOnly bit 8 - decipherOnly
ExtendedKeyUsage	Indicates the purpose for which the key is used in addition to or in place of the basic purposes indicated in the key-usage field of the certificate.
CDPUrl	Indicates the CDP URL present in the Digital Certificate Extensions field.
OCSPUrl	Indicates the OCSP URL present in the Digital Certificate AIA field.
Status	Indicates the certificate status.
Installed	Indicates if the certificate is installed.

Example

The following example displays the offline subject certificate:

Switch:1>show certificate cert-type offline-subject-cert
CERT table entry
Certificate Type                :   Offline Subject Certificate
VersionNumber                   :   X.509 v3
SerialNumber                    :   5de44b25394462b8
IssuerName                      :   CN:subCa1, EM:, OU:, O:, L:, P:, C:
ValidityPeriodNotBefore         :   07/05/2021 12:24:45
ValidityPeriodNotAfter          :   07/05/2022 12:24:45
CertificateSignatureAlgorithm   :   sha256withRSAEncryption
CertificateSignature            :   34f5037b30b0332e15f504316be86afcc41ad0b93699bc8de1b5cbe97a8cc834593837032ab492e0c5eee9a1fe8db
99e8ea7aeb41fdce86818e0c08b1ed9e79a43247383e88fd3ef504a28b1ee525be60cba78291be16f57fb5417433ec9dce601c9b4e77986c5db9430ce6cece48b
3dc143d042614404bdc3c2df16f68bb1b0609e593636a2806b285cb8fa7e470b442b50e4d3c4a663ac99d5d3b429a9b4966ea5ce16da6b7d7c5607832cc6acaea
e578419ba52e11cbe30d2cbb53a05de58e374657fc5983a92c699ba6896160c9f32e6625bd6f71003259773e71d7c89df3ddc0a8603c1a8c8f6e248002f2bd217
1a6e922abf2e8134b311d1897319bbb7
Subject                         :   CN:s15, EM:demo, OU:demo, O:demo, L:demo, P:demo, C:RO
SubjectPublicKeyAlgorithm       :   rsaEncryption
SubjectPublicKey                :   00000000000000020000000100000000300d06092a864886f70d0101010500000000000000010d020000000003010
00100000100c150b1851644aaaef08060f3b3a7a0618758b84184867ffd80b3e02ec30676171fe36e99f5450656fc6e6db672b6239f760c97c3e49639cea5d503
c0e478bf7a4d213d5698d09d63622ccb279addbaa34135c81d70660489b55b6babca594f17d8ed250cf917325df0f73a10896157e6e3a24a584bc713b2e6493d0
59c8efd53bbbf5db0aa95b43c1668ba1053d0fe0e5c44dc889bd35bf11730e5827cb2068048ab97e9f0757514f47332337376eed83a7cb95a53462639f5a47f02
6b0172cfa3ddffee7269e737a32d8f2e5590a9ee07d3f329af4e4f2a73ed9de599916bc25e6ac51e482cbbb71f736ec0e396fc314e5eed3c438efff68d1a31bdb
ed24d55
HasBasicConstraint              :   1
HasKeyUsage                     :   1
IsCa                            :   0
KeyUsage                        :   15 digitalSignature  nonRepudiation  keyEncipherment  dataEncipherment
ExtendedKeyUsage                :   TLS Web Client Authentication, OCSP Signing, TLS Web Server Authentication,
CDPUrl                          :   http://192.51.100.9:8080/ejbca/publicweb/webdist/certdist?cmd=crl&issuer=CN=subCa1
OCSPUrl                         :   http://192.51.100.9:8080/ejbca/publicweb/status/ocsp

Revocation Status               :   unknown
Status                          :   offline-certificate
Installed                       :   1

CertificateFileName             :   self_cert_s15.der