The files created by PMDF-TLS are encoded binary files that do not provide any useful information without decoding. The certificate dump tool can be used to see what is inside a PMDF-TLS "PEM" file.
To run the utility, issue the OpenVMS command
$ MCR PMDF_EXE:TLS_CERTDUMP file-specor the UNIX command
# tls_certdump file-specor the NT command
C:\> tls_certdump file-specwhere
file-spec is the name of the file (a
PMDF-TLS private key or public key file) to be dumped.
For example, Example 15-1 showed generating a Certificate Request. The OpenVMS command
$ MCR PMDF_EXE:TLS_CERTDUMP SERVER-CERTREQ.PEMwould cause the following output to be displayed:
Certificate Request:
Data:
Version: 0 (0x0)
Subject: Email=Joe.Manager@Domain.Com, CN=*.domain.com, C=US,
ST=California, L=West Covina, O=Domains R Us
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public Key: (1024 bit)
Modulus (1024 bit):
00:c4:58:2e:83:75:a5:91:82:f3:d5:9e:64:02:45:
e1:9e:eb:0f:b0:12:ca:89:4c:8c:10:5c:c1:df:68:
88:b4:e3:98:49:7a:b8:8c:ce:e5:eb:e4:79:4f:ea:
1b:63:22:d0:2a:fe:ff:ba:a5:f2:ac:80:7a:0a:0e:
2a:f1:f2:11:3f:fb:c7:64:cc:a7:11:da:e3:4b:a1:
20:44:49:5a:50:34:2e:50:e2:2b:01:88:2a:be:29:
17:20:2f:9f:92:0f:5d:4b:0d:3e:dd:9e:fc:f6:f1:
c6:26:94:aa:0e:0f:2c:60:5a:5b:35:49:a8:2d:a1:
27:0d:e4:27:5b:64:ea:55:9d
Exponent: 65537 (0x10001)
Attributes:
a0:00
Signature Algorithm: md5WithRSAEncryption
83:1d:79:40:3a:3e:9f:08:a0:d3:dc:8a:e0:3a:30:e9:4c:77:
c9:93:15:46:0a:95:40:90:d6:47:6d:ae:03:fe:ee:01:d0:73:
fb:89:89:e9:e2:50:d9:e2:3f:b7:0e:8d:ae:39:d3:b0:65:2f:
ca:38:69:8b:e5:da:c9:67:33:57:7f:8f:65:fa:f3:30:7e:f6:
00:9f:87:4f:00:62:b2:fe:c4:af:15:2e:02:ac:c8:cf:1f:95:
4e:d8:cb:b4:6e:50:07:32:e7:43:12:af:89:9a:ec:bc:c0:63:
33:88:e7:80:1a:74:66:04:0f:4f:80:02:55:92:05:87:bf:86:
86:47
While most of the data isn't useful to the casual observer, you can identify the "Subject": this refers to the site that is using the certificate; the CN value is the common name you entered during the generation of the Certificate Request. If the file being dumped is a certificate, you'll also see the "Issuer:" which is the identity of the Certificate Authority that signed the certificate request.