openssl相关命令

栏目: 服务器 · 发布时间: 5年前

内容简介:显示证书信息提取证书
openssl s_client -connect awen.me:443 -state

显示证书信息

openssl相关命令

➜  Downloads openssl s_client -connect awen.me:443 -state
CONNECTED(00000003)
SSL_connect:before/connect initialization
SSL_connect:SSLv2/v3 write client hello A
SSL_connect:SSLv3 read server hello A
depth=2 O = Digital Signature Trust Co., CN = DST Root CA X3
verify return:1
depth=1 C = US, O = Let's Encrypt, CN = Let's Encrypt Authority X3
verify return:1
depth=0 CN = awen.me
verify return:1
SSL_connect:SSLv3 read server certificate A
SSL_connect:SSLv3 read server key exchange A
SSL_connect:SSLv3 read server done A
SSL_connect:SSLv3 write client key exchange A
SSL_connect:SSLv3 write change cipher spec A
SSL_connect:SSLv3 write finished A
SSL_connect:SSLv3 flush data
SSL_connect:SSLv3 read server session ticket A
SSL_connect:SSLv3 read finished A
---
Certificate chain
 0 s:/CN=awen.me
   i:/C=US/O=Let's Encrypt/CN=Let's Encrypt Authority X3
 1 s:/C=US/O=Let's Encrypt/CN=Let's Encrypt Authority X3
   i:/O=Digital Signature Trust Co./CN=DST Root CA X3
---
Server certificate
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISA3pwr8utOg9I8/XTJ+8wdJTOMA0GCSqGSIb3DQEBCwUA
MEoxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MSMwIQYDVQQD
ExpMZXQncyBFbmNyeXB0IEF1dGhvcml0eSBYMzAeFw0xNzEwMTEwMDAzMzhaFw0x
ODAxMDkwMDAzMzhaMBIxEDAOBgNVBAMTB2F3ZW4ubWUwggEiMA0GCSqGSIb3DQEB
AQUAA4IBDwAwggEKAoIBAQCtCuIWnpHvn6Lm7twgUlkzy1v6j1tQ/yDxWyd8gvOk
GJhLTlAepXdkLQsEw2QRpGxoOvsO28K9MH4B1baLGyl5TbNnZAFIUOrkDBMvaPFU
FYXK2yqtdSfky9AD3LkSjRcDMspqm9tIqjBYyu78lomZR/AgcVePYPwYfONzaE8J
4NvCLneFI+fzifNuqpkUt18wpWBp/oVC1/ln74ShVmYczg9IqTX8vw58MWlBemIL
OI40ExXDnOHa7ZdxFl1lKPtVjfQjR3bS84Dsj7XBqDYLe3tJNed0+kTJIgQFhshH
kcpDpMPW78rDz/e1akA2o0Ry/WzAnf9dOJDfjvd7FsC1AgMBAAGjggIiMIICHjAO
BgNVHQ8BAf8EBAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMAwG
A1UdEwEB/wQCMAAwHQYDVR0OBBYEFO1HBP+QqfO+dhvj5nr6vAr/mlOHMB8GA1Ud
IwQYMBaAFKhKamMEfd265tE5t6ZFZe/zqOyhMG8GCCsGAQUFBwEBBGMwYTAuBggr
BgEFBQcwAYYiaHR0cDovL29jc3AuaW50LXgzLmxldHNlbmNyeXB0Lm9yZzAvBggr
BgEFBQcwAoYjaHR0cDovL2NlcnQuaW50LXgzLmxldHNlbmNyeXB0Lm9yZy8wLQYD
VR0RBCYwJIIHYXdlbi5tZYIMZmlsZS5hd2VuLm1lggt3d3cuYXdlbi5tZTCB/gYD
VR0gBIH2MIHzMAgGBmeBDAECATCB5gYLKwYBBAGC3xMBAQEwgdYwJgYIKwYBBQUH
AgEWGmh0dHA6Ly9jcHMubGV0c2VuY3J5cHQub3JnMIGrBggrBgEFBQcCAjCBngyB
m1RoaXMgQ2VydGlmaWNhdGUgbWF5IG9ubHkgYmUgcmVsaWVkIHVwb24gYnkgUmVs
eWluZyBQYXJ0aWVzIGFuZCBvbmx5IGluIGFjY29yZGFuY2Ugd2l0aCB0aGUgQ2Vy
dGlmaWNhdGUgUG9saWN5IGZvdW5kIGF0IGh0dHBzOi8vbGV0c2VuY3J5cHQub3Jn
L3JlcG9zaXRvcnkvMA0GCSqGSIb3DQEBCwUAA4IBAQAM74q3r2wOgyAfcg1atlgz
MChtVGaKTllk4tdS8OJKzhIFBR77NG7gHd1lzs/yQr4l3WYv4T2T5+Ayp4c95fvb
uWqMsrD3sL30MBhqCeXdccJlckWUfsejmUOEAzyqtscAtrIw3ksQLOmlibf326TJ
sIMV+oHsg9arSHUj2Z4hzMDxbH2jl+6J3HlszPmufUS2HRRMD9KGJFUECsmPnD+w
dUeBLOlcuNwcClH0KCHgqJcO+ZDGTk/hvbYNRGnpfVbJ/06MGEhKd+uKwurPy5sp
+mTOh22TTsN0wqc177L0CGy7E9NMr/erhOuaiEOhgHEI5atyueZmlfHz/Xkv49yV
-----END CERTIFICATE-----
subject=/CN=awen.me
issuer=/C=US/O=Let's Encrypt/CN=Let's Encrypt Authority X3
---
No client certificate CA names sent
Peer signing digest: SHA512
Server Temp Key: ECDH, P-256, 256 bits
---
SSL handshake has read 3148 bytes and written 433 bytes
---
New, TLSv1/SSLv3, Cipher is ECDHE-RSA-AES128-GCM-SHA256
Server public key is 2048 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
SSL-Session:
    Protocol  : TLSv1.2
    Cipher    : ECDHE-RSA-AES128-GCM-SHA256
    Session-ID: 07B2204FD14B558C10FD7B46FB671AA2773A7879E4D54EB6B87969AC0715817C
    Session-ID-ctx:
    Master-Key: A4CDEE832FED5CF7BC3EDBAF26F6656D50013C5B3D0F9180328E01055A4975ECF5DEB30EB7CBCD793743A5E5798CDF50
    Key-Arg   : None
    PSK identity: None
    PSK identity hint: None
    SRP username: None
    TLS session ticket lifetime hint: 86400 (seconds)
    TLS session ticket:
    0000 - 04 b2 d5 29 64 26 3a 7e-6b 73 f7 51 59 05 2c ef   ...)d&:~ks.QY.,.
    0010 - 6e 16 8c cd 04 bd b7 31-89 54 f0 93 36 98 92 ea   n......1.T..6...
    0020 - 89 5e 00 96 d4 04 09 4b-a6 a6 3b b0 73 24 45 40   .^.....K..;.s$E@
    0030 - a7 db c5 20 cd a0 72 c8-08 1b f9 a7 66 c6 64 a4   ... ..r.....f.d.
    0040 - 05 42 c8 69 e9 19 1a 33-46 63 b1 6b 6b 82 56 01   .B.i...3Fc.kk.V.
    0050 - 21 22 60 32 fd a3 af 58-77 8f f1 39 2b 44 f2 52   !"`2...Xw..9+D.R
    0060 - 6f 7e 93 80 19 8d a4 36-91 b3 c2 01 38 d3 6a 95   o~.....6....8.j.
    0070 - fc 22 d5 77 9d 67 2a 84-7f 35 85 c7 a1 7d e8 13   .".w.g*..5...}..
    0080 - 8e 38 96 c4 2c a6 35 02-92 1c 05 07 ef 4c 4d 80   .8..,.5......LM.
    0090 - fa cb 1b 3a 5b 15 f5 f0-46 ce 45 60 65 40 82 9f   ...:[...F.E`e@..
    00a0 - f3 62 36 9c 00 ab c0 9f-db 77 b0 36 f0 24 b7 74   .b6......w.6.$.t

    Start Time: 1509693221
    Timeout   : 300 (sec)
    Verify return code: 0 (ok)
---
SSL3 alert read:warning:close notify
closed
SSL3 alert write:warning:close notify

提取证书

echo |\openssl s_client -connect awen.me:443 2>&1|\sed -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p' >> awen.pem

得到如下内容

➜  Downloads cat awen.pem
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISA3pwr8utOg9I8/XTJ+8wdJTOMA0GCSqGSIb3DQEBCwUA
MEoxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MSMwIQYDVQQD
ExpMZXQncyBFbmNyeXB0IEF1dGhvcml0eSBYMzAeFw0xNzEwMTEwMDAzMzhaFw0x
ODAxMDkwMDAzMzhaMBIxEDAOBgNVBAMTB2F3ZW4ubWUwggEiMA0GCSqGSIb3DQEB
AQUAA4IBDwAwggEKAoIBAQCtCuIWnpHvn6Lm7twgUlkzy1v6j1tQ/yDxWyd8gvOk
GJhLTlAepXdkLQsEw2QRpGxoOvsO28K9MH4B1baLGyl5TbNnZAFIUOrkDBMvaPFU
FYXK2yqtdSfky9AD3LkSjRcDMspqm9tIqjBYyu78lomZR/AgcVePYPwYfONzaE8J
4NvCLneFI+fzifNuqpkUt18wpWBp/oVC1/ln74ShVmYczg9IqTX8vw58MWlBemIL
OI40ExXDnOHa7ZdxFl1lKPtVjfQjR3bS84Dsj7XBqDYLe3tJNed0+kTJIgQFhshH
kcpDpMPW78rDz/e1akA2o0Ry/WzAnf9dOJDfjvd7FsC1AgMBAAGjggIiMIICHjAO
BgNVHQ8BAf8EBAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMAwG
A1UdEwEB/wQCMAAwHQYDVR0OBBYEFO1HBP+QqfO+dhvj5nr6vAr/mlOHMB8GA1Ud
IwQYMBaAFKhKamMEfd265tE5t6ZFZe/zqOyhMG8GCCsGAQUFBwEBBGMwYTAuBggr
BgEFBQcwAYYiaHR0cDovL29jc3AuaW50LXgzLmxldHNlbmNyeXB0Lm9yZzAvBggr
BgEFBQcwAoYjaHR0cDovL2NlcnQuaW50LXgzLmxldHNlbmNyeXB0Lm9yZy8wLQYD
VR0RBCYwJIIHYXdlbi5tZYIMZmlsZS5hd2VuLm1lggt3d3cuYXdlbi5tZTCB/gYD
VR0gBIH2MIHzMAgGBmeBDAECATCB5gYLKwYBBAGC3xMBAQEwgdYwJgYIKwYBBQUH
AgEWGmh0dHA6Ly9jcHMubGV0c2VuY3J5cHQub3JnMIGrBggrBgEFBQcCAjCBngyB
m1RoaXMgQ2VydGlmaWNhdGUgbWF5IG9ubHkgYmUgcmVsaWVkIHVwb24gYnkgUmVs
eWluZyBQYXJ0aWVzIGFuZCBvbmx5IGluIGFjY29yZGFuY2Ugd2l0aCB0aGUgQ2Vy
dGlmaWNhdGUgUG9saWN5IGZvdW5kIGF0IGh0dHBzOi8vbGV0c2VuY3J5cHQub3Jn
L3JlcG9zaXRvcnkvMA0GCSqGSIb3DQEBCwUAA4IBAQAM74q3r2wOgyAfcg1atlgz
MChtVGaKTllk4tdS8OJKzhIFBR77NG7gHd1lzs/yQr4l3WYv4T2T5+Ayp4c95fvb
uWqMsrD3sL30MBhqCeXdccJlckWUfsejmUOEAzyqtscAtrIw3ksQLOmlibf326TJ
sIMV+oHsg9arSHUj2Z4hzMDxbH2jl+6J3HlszPmufUS2HRRMD9KGJFUECsmPnD+w
dUeBLOlcuNwcClH0KCHgqJcO+ZDGTk/hvbYNRGnpfVbJ/06MGEhKd+uKwurPy5sp
+mTOh22TTsN0wqc177L0CGy7E9NMr/erhOuaiEOhgHEI5atyueZmlfHz/Xkv49yV
-----END CERTIFICATE-----

查看证书信息

➜  Downloads openssl x509 -noout -text -in awen.pem
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            03:7a:70:af:cb:ad:3a:0f:48:f3:f5:d3:27:ef:30:74:94:ce
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: C=US, O=Let's Encrypt, CN=Let's Encrypt Authority X3
        Validity
            Not Before: Oct 11 00:03:38 2017 GMT
            Not After : Jan  9 00:03:38 2018 GMT
        Subject: CN=awen.me
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                Public-Key: (2048 bit)
                Modulus:
                    00:ad:0a:e2:16:9e:91:ef:9f:a2:e6:ee:dc:20:52:
                    59:33:cb:5b:fa:8f:5b:50:ff:20:f1:5b:27:7c:82:
                    f3:a4:18:98:4b:4e:50:1e:a5:77:64:2d:0b:04:c3:
                    64:11:a4:6c:68:3a:fb:0e:db:c2:bd:30:7e:01:d5:
                    b6:8b:1b:29:79:4d:b3:67:64:01:48:50:ea:e4:0c:
                    13:2f:68:f1:54:15:85:ca:db:2a:ad:75:27:e4:cb:
                    d0:03:dc:b9:12:8d:17:03:32:ca:6a:9b:db:48:aa:
                    30:58:ca:ee:fc:96:89:99:47:f0:20:71:57:8f:60:
                    fc:18:7c:e3:73:68:4f:09:e0:db:c2:2e:77:85:23:
                    e7:f3:89:f3:6e:aa:99:14:b7:5f:30:a5:60:69:fe:
                    85:42:d7:f9:67:ef:84:a1:56:66:1c:ce:0f:48:a9:
                    35:fc:bf:0e:7c:31:69:41:7a:62:0b:38:8e:34:13:
                    15:c3:9c:e1:da:ed:97:71:16:5d:65:28:fb:55:8d:
                    f4:23:47:76:d2:f3:80:ec:8f:b5:c1:a8:36:0b:7b:
                    7b:49:35:e7:74:fa:44:c9:22:04:05:86:c8:47:91:
                    ca:43:a4:c3:d6:ef:ca:c3:cf:f7:b5:6a:40:36:a3:
                    44:72:fd:6c:c0:9d:ff:5d:38:90:df:8e:f7:7b:16:
                    c0:b5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Key Usage: critical
                Digital Signature, Key Encipherment
            X509v3 Extended Key Usage:
                TLS Web Server Authentication, TLS Web Client Authentication
            X509v3 Basic Constraints: critical
                CA:FALSE
            X509v3 Subject Key Identifier:
                ED:47:04:FF:90:A9:F3:BE:76:1B:E3:E6:7A:FA:BC:0A:FF:9A:53:87
            X509v3 Authority Key Identifier:
                keyid:A8:4A:6A:63:04:7D:DD:BA:E6:D1:39:B7:A6:45:65:EF:F3:A8:EC:A1

            Authority Information Access:
                OCSP - URI:http://ocsp.int-x3.letsencrypt.org
                CA Issuers - URI:http://cert.int-x3.letsencrypt.org/

            X509v3 Subject Alternative Name:
                DNS:awen.me, DNS:file.awen.me, DNS:www.awen.me
            X509v3 Certificate Policies:
                Policy: 2.23.140.1.2.1
                Policy: 1.3.6.1.4.1.44947.1.1.1
                  CPS: http://cps.letsencrypt.org
                  User Notice:
                    Explicit Text: This Certificate may only be relied upon by Relying Parties and only in accordance with the Certificate Policy found at https://letsencrypt.org/repository/

    Signature Algorithm: sha256WithRSAEncryption
         0c:ef:8a:b7:af:6c:0e:83:20:1f:72:0d:5a:b6:58:33:30:28:
         6d:54:66:8a:4e:59:64:e2:d7:52:f0:e2:4a:ce:12:05:05:1e:
         fb:34:6e:e0:1d:dd:65:ce:cf:f2:42:be:25:dd:66:2f:e1:3d:
         93:e7:e0:32:a7:87:3d:e5:fb:db:b9:6a:8c:b2:b0:f7:b0:bd:
         f4:30:18:6a:09:e5:dd:71:c2:65:72:45:94:7e:c7:a3:99:43:
         84:03:3c:aa:b6:c7:00:b6:b2:30:de:4b:10:2c:e9:a5:89:b7:
         f7:db:a4:c9:b0:83:15:fa:81:ec:83:d6:ab:48:75:23:d9:9e:
         21:cc:c0:f1:6c:7d:a3:97:ee:89:dc:79:6c:cc:f9:ae:7d:44:
         b6:1d:14:4c:0f:d2:86:24:55:04:0a:c9:8f:9c:3f:b0:75:47:
         81:2c:e9:5c:b8:dc:1c:0a:51:f4:28:21:e0:a8:97:0e:f9:90:
         c6:4e:4f:e1:bd:b6:0d:44:69:e9:7d:56:c9:ff:4e:8c:18:48:
         4a:77:eb:8a:c2:ea:cf:cb:9b:29:fa:64:ce:87:6d:93:4e:c3:
         74:c2:a7:35:ef:b2:f4:08:6c:bb:13:d3:4c:af:f7:ab:84:eb:
         9a:88:43:a1:80:71:08:e5:ab:72:b9:e6:66:95:f1:f3:fd:79:
         2f:e3:dc:95

显示证书信息

openssl s_client -connect www.alipay.com:443 -showcerts

以上就是本文的全部内容,希望本文的内容对大家的学习或者工作能带来一定的帮助,也希望大家多多支持 码农网

查看所有标签

猜你喜欢:

本站部分资源来源于网络,本站转载出于传递更多信息之目的,版权归原作者或者来源机构所有,如转载稿涉及版权问题,请联系我们

1024·人与机器共同进化

1024·人与机器共同进化

东西文库 / 译言·东西文库/电子工业出版社 / 2013-12-20 / 55元

《1024》:国内第一本专注于科技文化的mook。 本期创刊号将目光定焦在“人与机器”这个超热点领域。 如果把机器获得思维能力看作是一种进化, 那人类具备不朽之躯同样也是一种进化。 这是一个野心勃勃但又充满不确定性的未来。 在我们一厢情愿地猜测机器将在不远的将来赶超自己而惶惶不可终日时,人类其实还有一个机会——变得更像机器。这并非科幻小说,而是正在发生的现实。人类创造......一起来看看 《1024·人与机器共同进化》 这本书的介绍吧!

JSON 在线解析
JSON 在线解析

在线 JSON 格式化工具

随机密码生成器
随机密码生成器

多种字符组合密码

HEX CMYK 转换工具
HEX CMYK 转换工具

HEX CMYK 互转工具