I've an OpenSSL certificate in .cer format, most probably generated with openssl ecparam
command and having ciphers one from
TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
or
TLS_DH_RSA_WITH_AES_256_GCM_SHA384
or
TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384
,
because only these three ciphers are listed in my server.
How can I identify using openssl
command which curve is being used in my certificate?
You can use the openssl x509
command with -text
output. The curve name is part of the subject public key info.
$ openssl x509 -in stackoverflow-com.cer-text
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
04:0f:a0:c7:81:0b:66:11:f4:69:fd:c8:ce:2e:2b:a6:43:7d
Signature Algorithm: ecdsa-with-SHA384
Issuer: C=US, O=Let's Encrypt, CN=E6
Validity
Not Before: Sep 6 18:59:06 2024 GMT
Not After : Dec 5 18:59:05 2024 GMT
Subject: CN=stackoverflow.com
Subject Public Key Info:
Public Key Algorithm: id-ecPublicKey
Public-Key: (256 bit)
pub:
04:1b:87:f7:7e:8a:18:f6:1e:15:18:31:b1:d3:9a:
f3:11:06:0d:51:3c:d7:25:ab:5c:d5:79:dd:51:97:
2a:11:a6:f8:4d:5a:84:08:a1:dc:27:a3:59:ce:31:
e0:b8:b6:aa:79:5a:f9:06:11:75:e4:f1:3c:13:3b:
5f:ac:99:29:b1
ASN1 OID: prime256v1
NIST CURVE: P-256 <<<---- curve name
[...]