Amazon-ECDSA-256-M04.cer: CN=Amazon ECDSA 256 M04,O=Amazon,C=US (Intermediate Certificate, Expiring 2030-08-23) detail info and audit record

 

Page content

CA Certificate Information and Audit Record

This certificate is intermediate certificate used for the issuance of other certificates.

Download certificate through curl:

curl -sSL "https://www.amazontrust.com/repository/Amazon-ECDSA-256-M04.cer" --output cert.crt

Download certificate through wget:

wget -q "https://www.amazontrust.com/repository/Amazon-ECDSA-256-M04.cer" --output-document=cert.crt

CA Certificate Detail Information

Use openssl x509 to decode DER certificate to get detail information:

openssl x509 -in cert.crt -inform der -text -noout

Use openssl x509 to decode PEM certificate to get detail information:

openssl x509 -in cert.crt -inform pem -text -noout

Decoded detail certificate information:

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            07:73:12:72:b7:52:ac:8a:dc:cb:0a:30:27:f7:df:ec:18:42:4a
    Signature Algorithm: ecdsa-with-SHA256
        Issuer: C=US, O=Amazon, CN=Amazon Root CA 3
        Validity
            Not Before: Aug 23 22:34:28 2022 GMT
            Not After : Aug 23 22:34:28 2030 GMT
        Subject: C=US, O=Amazon, CN=Amazon ECDSA 256 M04
        Subject Public Key Info:
            Public Key Algorithm: id-ecPublicKey
                Public-Key: (256 bit)
                pub: 
                    04:83:8e:e0:bd:fc:a8:52:b7:a0:33:b4:a6:0d:e9:
                    e7:ae:28:6b:cd:d0:02:a9:87:33:b2:37:2e:cf:28:
                    b7:fe:56:07:b2:06:4d:07:3d:68:32:df:d9:76:d3:
                    36:c6:07:b0:49:a6:64:8e:6c:13:b8:e5:3f:7c:20:
                    8e:a9:e2:b1:b5
                ASN1 OID: prime256v1
                NIST CURVE: P-256
        X509v3 extensions:
            X509v3 Basic Constraints: critical
                CA:TRUE, pathlen:0
            X509v3 Key Usage: critical
                Digital Signature, Certificate Sign, CRL Sign
            X509v3 Extended Key Usage: 
                TLS Web Server Authentication, TLS Web Client Authentication
            X509v3 Subject Key Identifier: 
                20:76:A0:E1:59:26:ED:45:B4:02:72:19:C2:4D:AE:77:37:B4:1B:49
            X509v3 Authority Key Identifier: 
                keyid:AB:B6:DB:D7:06:9E:37:AC:30:86:07:91:70:C7:9C:C4:19:B1:78:C0

            Authority Information Access: 
                OCSP - URI:http://ocsp.rootca3.amazontrust.com
                CA Issuers - URI:http://crt.rootca3.amazontrust.com/rootca3.cer

            X509v3 CRL Distribution Points: 

                Full Name:
                  URI:http://crl.rootca3.amazontrust.com/rootca3.crl

            X509v3 Certificate Policies: 
                Policy: 2.23.140.1.2.1

    Signature Algorithm: ecdsa-with-SHA256
         30:44:02:20:5c:57:06:32:e6:e5:b9:72:a5:6b:d3:0e:9e:4a:
         3d:9d:99:7c:86:f9:2e:b5:28:c1:4d:a2:93:43:b6:91:1e:97:
         02:20:26:e0:34:37:ac:02:b5:23:2d:12:a3:f2:2c:d5:61:61:
         d3:be:b1:a3:5e:ca:8d:3b:a2:da:74:51:08:1e:c0:ad

CA Certificate in PEM Format

Use openssl x509 to convert certificate from DER format to PEM format:

openssl x509 -in cert.crt -inform der

Converted PEM format certificate:

-----BEGIN CERTIFICATE-----
MIIC0jCCAnmgAwIBAgITB3MScrdSrIrcywowJ/ff7BhCSjAKBggqhkjOPQQDAjA5
MQswCQYDVQQGEwJVUzEPMA0GA1UEChMGQW1hem9uMRkwFwYDVQQDExBBbWF6b24g
Um9vdCBDQSAzMB4XDTIyMDgyMzIyMzQyOFoXDTMwMDgyMzIyMzQyOFowPTELMAkG
A1UEBhMCVVMxDzANBgNVBAoTBkFtYXpvbjEdMBsGA1UEAxMUQW1hem9uIEVDRFNB
IDI1NiBNMDQwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAASDjuC9/KhSt6AztKYN
6eeuKGvN0AKphzOyNy7PKLf+VgeyBk0HPWgy39l20zbGB7BJpmSObBO45T98II6p
4rG1o4IBWjCCAVYwEgYDVR0TAQH/BAgwBgEB/wIBADAOBgNVHQ8BAf8EBAMCAYYw
HQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMB0GA1UdDgQWBBQgdqDhWSbt
RbQCchnCTa53N7QbSTAfBgNVHSMEGDAWgBSrttvXBp43rDCGB5Fwx5zEGbF4wDB7
BggrBgEFBQcBAQRvMG0wLwYIKwYBBQUHMAGGI2h0dHA6Ly9vY3NwLnJvb3RjYTMu
YW1hem9udHJ1c3QuY29tMDoGCCsGAQUFBzAChi5odHRwOi8vY3J0LnJvb3RjYTMu
YW1hem9udHJ1c3QuY29tL3Jvb3RjYTMuY2VyMD8GA1UdHwQ4MDYwNKAyoDCGLmh0
dHA6Ly9jcmwucm9vdGNhMy5hbWF6b250cnVzdC5jb20vcm9vdGNhMy5jcmwwEwYD
VR0gBAwwCjAIBgZngQwBAgEwCgYIKoZIzj0EAwIDRwAwRAIgXFcGMubluXKla9MO
nko9nZl8hvkutSjBTaKTQ7aRHpcCICbgNDesArUjLRKj8izVYWHTvrGjXsqNO6La
dFEIHsCt
-----END CERTIFICATE-----

Decode PEM Certificate online

Download PEM Certificate

Also see Top 1 Millions Domains CA Certificate List


Page version: e13a7e3f2 2023-05-06