Check bit length of ssl certificates for both, RSA and elliptic curves

Question

We're using a script based on acme.sh to generate our SSL certificates. acme.sh also supports elliptic curves. I wonder, how to check the keylength for both, RSA and elliptic curve certificates. I need to know the keylength (e.g. 256 for ec or 2048 for RSA) to determine if a certificate needs to be replaced.

openssl rsa -in privatekey.pem -text -noout | grep "Private-Key"

works for RSA but not for elliptic curves.

openssl ec -in privatekey.pem -text -noout | grep "Private-Key"

Works for elliptic curves, but I then need to distinguish between rsa and ec. There should be an easier way to get the bit length?

score 1 · Accepted Answer · answered Aug 31 '22 at 09:28

1

Simply read the certificate with:

openssl x509 -noout -text -in unknown.pem | grep 'Public-Key'

Which returns: Public-Key: (2048 bit) or Public-Key: (256 bit)

answered Aug 31 '22 at 09:28

garethTheRed

4,539
14
22

Check bit length of ssl certificates for both, RSA and elliptic curves

1 Answers1