PMDF System Manager's Guide
Previous Next Contents Index

15.4.1 tls_certdump, the Certificate Dump Utility

The files created by PMDF-TLS are encoded binary files that do not provide any useful information without decoding. The certificate dump tool can be used to see what is inside a PMDF-TLS "PEM" file.

To run the utility, issue the OpenVMS command 


$ MCR PMDF_EXE:TLS_CERTDUMP file-spec
or the UNIX command 


# /pmdf/bin/tls_certdump file-spec
or the NT command 


C:\> tls_certdump file-spec
where file-spec is the name of the file (a PMDF-TLS private key or public key file) to be dumped.

For example, Example 15-1 showed generating a Certificate Request. The OpenVMS command 


$ MCR PMDF_EXE:TLS_CERTDUMP SERVER-CERTREQ.PEM
would cause the following output to be displayed: 


Certificate Request: 
    Data: 
        Version: 0 (0x0) 
        Subject: Email=Joe.Manager@Domain.Com, CN=*.domain.com, C=US, 
                 ST=California, L=West Covina, O=Domains R Us 
        Subject Public Key Info: 
            Public Key Algorithm: rsaEncryption 
            RSA Public Key: (1024 bit) 
                Modulus (1024 bit): 
                    00:c4:58:2e:83:75:a5:91:82:f3:d5:9e:64:02:45: 
                    e1:9e:eb:0f:b0:12:ca:89:4c:8c:10:5c:c1:df:68: 
                    88:b4:e3:98:49:7a:b8:8c:ce:e5:eb:e4:79:4f:ea: 
                    1b:63:22:d0:2a:fe:ff:ba:a5:f2:ac:80:7a:0a:0e: 
                    2a:f1:f2:11:3f:fb:c7:64:cc:a7:11:da:e3:4b:a1: 
                    20:44:49:5a:50:34:2e:50:e2:2b:01:88:2a:be:29: 
                    17:20:2f:9f:92:0f:5d:4b:0d:3e:dd:9e:fc:f6:f1: 
                    c6:26:94:aa:0e:0f:2c:60:5a:5b:35:49:a8:2d:a1: 
                    27:0d:e4:27:5b:64:ea:55:9d 
                Exponent: 65537 (0x10001) 
        Attributes: 
            a0:00 
    Signature Algorithm: md5WithRSAEncryption 
        83:1d:79:40:3a:3e:9f:08:a0:d3:dc:8a:e0:3a:30:e9:4c:77: 
        c9:93:15:46:0a:95:40:90:d6:47:6d:ae:03:fe:ee:01:d0:73: 
        fb:89:89:e9:e2:50:d9:e2:3f:b7:0e:8d:ae:39:d3:b0:65:2f: 
        ca:38:69:8b:e5:da:c9:67:33:57:7f:8f:65:fa:f3:30:7e:f6: 
        00:9f:87:4f:00:62:b2:fe:c4:af:15:2e:02:ac:c8:cf:1f:95: 
        4e:d8:cb:b4:6e:50:07:32:e7:43:12:af:89:9a:ec:bc:c0:63: 
        33:88:e7:80:1a:74:66:04:0f:4f:80:02:55:92:05:87:bf:86: 
        86:47

While most of the data isn't useful to the casual observer, you can identify the "Subject": this refers to the site that is using the certificate; the CN value is the common name you entered during the generation of the Certificate Request. If the file being dumped is a certificate, you'll also see the "Issuer:" which is the identity of the Certificate Authority that signed the certificate request.

Previous Next Contents Index