HackTricksTLS & Certificates
Tip
Learn & practice AWS Hacking:
HackTricks Training AWS Red Team Expert (ARTE)
Learn & practice GCP Hacking:HackTricks Training GCP Red Team Expert (GRTE)
Learn & practice Az Hacking:HackTricks Training Azure Red Team Expert (AzRTE)
Support HackTricks
- Check the subscription plans!
- Join the 💬 Discord group or the telegram group or follow us on Twitter 🐦 @hacktricks_live.
- Share hacking tricks by submitting PRs to the HackTricks and HackTricks Cloud github repos.
This area is about X.509 parsing, formats, conversions, and common mistakes.
X.509: parsing, formats & common mistakes
Quick parsing
openssl x509 -in cert.pem -noout -text
openssl asn1parse -in cert.pem
Useful fields to inspect:
- Subject / Issuer / SAN
- Key Usage / EKU
- Basic Constraints (is it a CA?)
- Validity window (NotBefore/NotAfter)
- Signature algorithm (MD5? SHA1?)
Formats & conversion
- PEM (Base64 with BEGIN/END headers)
- DER (binary)
- PKCS#7 (
.p7b) (cert chain, no private key) - PKCS#12 (
.pfx/.p12) (cert + private key + chain)
Conversions:
openssl x509 -in cert.cer -outform PEM -out cert.pem
openssl x509 -in cert.pem -outform der -out cert.der
openssl pkcs12 -in file.pfx -out out.pem
Common offensive angles
- Trusting user-provided roots / missing chain validation
- Weak signature algorithms (legacy)
- Name constraints / SAN parsing bugs (implementation-specific)
- Confused deputy issues with client-certificate authentication misbinding
CT logs
Tip
Learn & practice AWS Hacking:
Learn & practice GCP Hacking:
Learn & practice Az Hacking:Support HackTricks
- Check the subscription plans!
- Join the 💬 Discord group or the telegram group or follow us on Twitter 🐦 @hacktricks_live.
- Share hacking tricks by submitting PRs to the HackTricks and HackTricks Cloud github repos.