I'm confronting an issue, I'm trying to see the OIDs of the EKU of a certificate. But when running
openssl x509 -in certificate.crt -text -noout
I get
X509v3 Extended Key Usage:
TLS Web Client Authentication, Microsoft Smartcard Login
instead of
1.3.6.1.4.1.311.20.2.2
Do you know a way of printing it to the screen, I've seen another post but using code and I want it using command line only.
I've tried all the -certopt that might be useful, but I didn't get the result wanted.
After sometime away from the subject, I found that it was OpenSSL that replaces OIDs with aliases
So you just have to decode the certificate manually.
To do that, you can use any ASN.1 parser or x509 decoder,
I recommend CyberChef gchq.github.io/CyberChef
for example if I use the basic OpenSSL tool :
X509v3 extensions:
.....
X509v3 Extended Key Usage:
TLS Web Client Authentication, Microsoft Smartcard Login
.....
And with CyberChef rfc x509 parser :
Extensions
.....
extKeyUsage :
clientAuth, 1.3.6.1.4.1.311.20.2.2
.....
and if you want more detail, you can use the rfc ASN.1 parser.
SEQUENCE
ObjectIdentifier extKeyUsage (2 5 29 37)
OCTETSTRING, encapsulates
SEQUENCE
ObjectIdentifier clientAuth (1 3 6 1 5 5 7 3 2)
ObjectIdentifier (1 3 6 1 4 1 311 20 2 2)