step certificate inspect prints the details of a certificate
or CSR in a human readable format. Output from the inspect command is printed to
STDERR instead of STDOUT. This is an intentional barrier to accidental
misuse: scripts should never rely on the contents of an unvalidated certificate.
For scripting purposes, use step certificate verify.
If crt-file contains multiple certificates (i.e., it is a certificate "bundle")
the first certificate in the bundle will be output. Pass the --bundle option to
print all certificates in the order in which they appear in the bundle.
Path to a certificate or certificate signing request (CSR) to inspect. A hyphen ("-") indicates STDIN as crt-file.
The output format for printing the introspection details.
format is a string and must be one of:
text: Print output in unstructured text suitable for a human to read.
json: Print output in JSON format.
pem: Print output in PEM format.
Root certificate(s) that will be used to verify the
authenticity of the remote server.
roots is a case-sensitive string and may be one of:
file: Relative or full path to a file. All certificates in the file will be used for path validation.
list of files: Comma-separated list of relative or full file paths. Every PEM encoded certificate from each file will be used for path validation.
directory: Relative or full path to a directory. Every PEM encoded certificate from each file in the directory will be used for path validation.
TLS Server Name Indication that should be sent to request a specific certificate from the server.
Print all certificates in the order in which they appear in the bundle.
If the output format is 'json' then output a list of certificates, even if
the bundle only contains one certificate. This flag will result in an error
if the input bundle includes any PEM that does not have type CERTIFICATE.
Print the certificate or CSR details in shorter and more friendly format.
Use an insecure client to retrieve a remote peer certificate. Useful for
debugging invalid certificates remotely.
This command returns 0 on success and >0 if any error occurs.
Inspect a local certificate (default to text format):
$ step certificate inspect ./certificate.crt
Inspect a local certificate bundle (default to text format):