目录
s_client openssl s_client -connect awen.me:443 -state
显示证书信息
➜ Downloads openssl s_client -connect awen.me:443 -state CONNECTED(00000003) SSL_connect:before/connect initialization SSL_connect:SSLv2/v3 write client hello A SSL_connect:SSLv3 read server hello A depth=2 O = Digital Signature Trust Co., CN = DST Root CA X3 verify return:1 depth=1 C = US, O = Let's Encrypt, CN = Let's Encrypt Authority X3 verify return:1 depth=0 CN = awen.me verify return:1 SSL_connect:SSLv3 read server certificate A SSL_connect:SSLv3 read server key exchange A SSL_connect:SSLv3 read server done A SSL_connect:SSLv3 write client key exchange A SSL_connect:SSLv3 write change cipher spec A SSL_connect:SSLv3 write finished A SSL_connect:SSLv3 flush data SSL_connect:SSLv3 read server session ticket A SSL_connect:SSLv3 read finished A --- Certificate chain 0 s:/CN=awen.me i:/C=US/O=Let's Encrypt/CN=Let's Encrypt Authority X3 1 s:/C=US/O=Let's Encrypt/CN=Let's Encrypt Authority X3 i:/O=Digital Signature Trust Co./CN=DST Root CA X3 --- Server certificate -----BEGIN CERTIFICATE----- MIIFDDCCA/SgAwIBAgISA3pwr8utOg9I8/XTJ+8wdJTOMA0GCSqGSIb3DQEBCwUA MEoxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MSMwIQYDVQQD ExpMZXQncyBFbmNyeXB0IEF1dGhvcml0eSBYMzAeFw0xNzEwMTEwMDAzMzhaFw0x ODAxMDkwMDAzMzhaMBIxEDAOBgNVBAMTB2F3ZW4ubWUwggEiMA0GCSqGSIb3DQEB AQUAA4IBDwAwggEKAoIBAQCtCuIWnpHvn6Lm7twgUlkzy1v6j1tQ/yDxWyd8gvOk GJhLTlAepXdkLQsEw2QRpGxoOvsO28K9MH4B1baLGyl5TbNnZAFIUOrkDBMvaPFU FYXK2yqtdSfky9AD3LkSjRcDMspqm9tIqjBYyu78lomZR/AgcVePYPwYfONzaE8J 4NvCLneFI+fzifNuqpkUt18wpWBp/oVC1/ln74ShVmYczg9IqTX8vw58MWlBemIL OI40ExXDnOHa7ZdxFl1lKPtVjfQjR3bS84Dsj7XBqDYLe3tJNed0+kTJIgQFhshH kcpDpMPW78rDz/e1akA2o0Ry/WzAnf9dOJDfjvd7FsC1AgMBAAGjggIiMIICHjAO BgNVHQ8BAf8EBAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMAwG A1UdEwEB/wQCMAAwHQYDVR0OBBYEFO1HBP+QqfO+dhvj5nr6vAr/mlOHMB8GA1Ud IwQYMBaAFKhKamMEfd265tE5t6ZFZe/zqOyhMG8GCCsGAQUFBwEBBGMwYTAuBggr BgEFBQcwAYYiaHR0cDovL29jc3AuaW50LXgzLmxldHNlbmNyeXB0Lm9yZzAvBggr BgEFBQcwAoYjaHR0cDovL2NlcnQuaW50LXgzLmxldHNlbmNyeXB0Lm9yZy8wLQYD VR0RBCYwJIIHYXdlbi5tZYIMZmlsZS5hd2VuLm1lggt3d3cuYXdlbi5tZTCB/gYD VR0gBIH2MIHzMAgGBmeBDAECATCB5gYLKwYBBAGC3xMBAQEwgdYwJgYIKwYBBQUH AgEWGmh0dHA6Ly9jcHMubGV0c2VuY3J5cHQub3JnMIGrBggrBgEFBQcCAjCBngyB m1RoaXMgQ2VydGlmaWNhdGUgbWF5IG9ubHkgYmUgcmVsaWVkIHVwb24gYnkgUmVs eWluZyBQYXJ0aWVzIGFuZCBvbmx5IGluIGFjY29yZGFuY2Ugd2l0aCB0aGUgQ2Vy dGlmaWNhdGUgUG9saWN5IGZvdW5kIGF0IGh0dHBzOi8vbGV0c2VuY3J5cHQub3Jn L3JlcG9zaXRvcnkvMA0GCSqGSIb3DQEBCwUAA4IBAQAM74q3r2wOgyAfcg1atlgz MChtVGaKTllk4tdS8OJKzhIFBR77NG7gHd1lzs/yQr4l3WYv4T2T5+Ayp4c95fvb uWqMsrD3sL30MBhqCeXdccJlckWUfsejmUOEAzyqtscAtrIw3ksQLOmlibf326TJ sIMV+oHsg9arSHUj2Z4hzMDxbH2jl+6J3HlszPmufUS2HRRMD9KGJFUECsmPnD+w dUeBLOlcuNwcClH0KCHgqJcO+ZDGTk/hvbYNRGnpfVbJ/06MGEhKd+uKwurPy5sp +mTOh22TTsN0wqc177L0CGy7E9NMr/erhOuaiEOhgHEI5atyueZmlfHz/Xkv49yV -----END CERTIFICATE----- subject=/CN=awen.me issuer=/C=US/O=Let's Encrypt/CN=Let's Encrypt Authority X3 --- No client certificate CA names sent Peer signing digest: SHA512 Server Temp Key: ECDH, P-256, 256 bits --- SSL handshake has read 3148 bytes and written 433 bytes --- New, TLSv1/SSLv3, Cipher is ECDHE-RSA-AES128-GCM-SHA256 Server public key is 2048 bit Secure Renegotiation IS supported Compression: NONE Expansion: NONE No ALPN negotiated SSL-Session: Protocol : TLSv1.2 Cipher : ECDHE-RSA-AES128-GCM-SHA256 Session-ID: 07B2204FD14B558C10FD7B46FB671AA2773A7879E4D54EB6B87969AC0715817C Session-ID-ctx: Master-Key: A4CDEE832FED5CF7BC3EDBAF26F6656D50013C5B3D0F9180328E01055A4975ECF5DEB30EB7CBCD793743A5E5798CDF50 Key-Arg : None PSK identity: None PSK identity hint: None SRP username: None TLS session ticket lifetime hint: 86400 (seconds) TLS session ticket: 0000 - 04 b2 d5 29 64 26 3a 7e-6b 73 f7 51 59 05 2c ef ...)d&:~ks.QY.,. 0010 - 6e 16 8c cd 04 bd b7 31 -89 54 f0 93 36 98 92 ea n......1.T..6... 0020 - 89 5e 00 96 d4 04 09 4b-a6 a6 3b b0 73 24 45 40 .^.....K..;.s$E@ 0030 - a7 db c5 20 cd a0 72 c8-08 1b f9 a7 66 c6 64 a4 ... ..r.....f.d. 0040 - 05 42 c8 69 e9 19 1a 33 -46 63 b1 6b 6b 82 56 01 .B.i...3Fc.kk.V. 0050 - 21 22 60 32 fd a3 af 58 -77 8f f1 39 2b 44 f2 52 !"`2...Xw..9+D.R 0060 - 6f 7e 93 80 19 8d a4 36 -91 b3 c2 01 38 d3 6a 95 o~.....6....8.j. 0070 - fc 22 d5 77 9d 67 2a 84 -7f 35 85 c7 a1 7d e8 13 .".w.g*..5...}.. 0080 - 8e 38 96 c4 2c a6 35 02 -92 1c 05 07 ef 4c 4d 80 .8 ..,.5......LM. 0090 - fa cb 1b 3a 5b 15 f5 f0-46 ce 45 60 65 40 82 9f ...:[...F.E`e@.. 00a0 - f3 62 36 9c 00 ab c0 9f-db 77 b0 36 f0 24 b7 74 .b6......w.6.$.t Start Time: 1509693221 Timeout : 300 (sec) Verify return code: 0 (ok) --- SSL3 alert read:warning:close notify closed SSL3 alert write:warning:close notify
提取证书
echo |\openssl s_client -connect awen.me:443 2>&1|\sed -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p ' >> awen.pem
得到如下内容
➜ Downloads cat awen.pem
查看证书信息
➜ Downloads openssl x509 -noout -text -in awen.pemCertificate: Data: Version: 3 (0x2 )Serial Number: 03 : 7 a: 70 :af :cb :ad : 3 a: 0 f: 48 :f3 :f5 :d3 : 27 :ef : 30 : 74 : 94 :ce Signature Algorithm: sha256WithRSAEncryptionIssuer: C=US , O=Let 's Encrypt, CN=Let' s Encrypt Authority X3 Validity Not Before: Oct 11 00 : 03 : 38 2017 GMT Not After : Jan 9 00 : 03 : 38 2018 GMT Subject: CN =awen.meSubject Public Key Info: Public Key Algorithm: rsaEncryptionPublic -Key: (2048 bit)Modulus: 00 :ad : 0 a: e2: 16 : 9 e: 91 :ef : 9 f: a2: e6: ee: dc: 20 : 52 :59 : 33 :cb : 5 b: fa: 8 f: 5 b: 50 :ff : 20 :f1 : 5 b: 27 : 7 c: 82 :f3: a4: 18 : 98 : 4 b: 4 e: 50 : 1 e: a5: 77 : 64 : 2 d: 0 b: 04 :c3 :64 : 11 :a4 : 6 c: 68 : 3 a: fb: 0 e: db: c2: bd: 30 : 7 e: 01 :d5 :b6: 8 b: 1 b: 29 : 79 : 4 d: b3: 67 : 64 : 01 : 48 : 50 :ea :e4 : 0 c: 13 : 2 f: 68 :f1 : 54 : 15 : 85 :ca :db : 2 a: ad: 75 : 27 :e4 :cb :d0: 03 :dc :b9 : 12 : 8 d: 17 : 03 : 32 :ca : 6 a: 9 b: db: 48 :aa :30 : 58 :ca :ee :fc : 96 : 89 : 99 : 47 :f0 : 20 : 71 : 57 : 8 f: 60 :fc: 18 : 7 c: e3: 73 : 68 : 4 f: 09 :e0 :db :c2 : 2 e: 77 : 85 : 23 :e7: f3: 89 :f3 : 6 e: aa: 99 : 14 :b7 : 5 f: 30 :a5 : 60 : 69 :fe :85 : 42 :d7 :f9 : 67 :ef : 84 :a1 : 56 : 66 : 1 c: ce: 0 f: 48 :a9 :35 :fc :bf : 0 e: 7 c: 31 : 69 : 41 : 7 a: 62 : 0 b: 38 : 8 e: 34 : 13 :15 :c3 : 9 c: e1: da: ed: 97 : 71 : 16 : 5 d: 65 : 28 :fb : 55 : 8 d: f4: 23 : 47 : 76 :d2 :f3 : 80 :ec : 8 f: b5: c1: a8: 36 : 0 b: 7 b: 7 b: 49 : 35 :e7 : 74 :fa : 44 :c9 : 22 : 04 : 05 : 86 :c8 : 47 : 91 :ca: 43 :a4 :c3 :d6 :ef :ca :c3 :cf :f7 :b5 : 6 a: 40 : 36 :a3 :44 : 72 :fd : 6 c: c0: 9 d: ff: 5 d: 38 : 90 :df : 8 e: f7: 7 b: 16 :c0: b5Exponent: 65537 (0x10001 )X509v3 extensions: X509v3 Key Usage: criticalDigital Signature , Key Encipherment X509v3 Extended Key Usage: TLS Web Server Authentication , TLS Web Client Authentication X509v3 Basic Constraints: criticalCA: FALSE X509v3 Subject Key Identifier: ED: 47 : 04 :FF : 90 :A9 :F3 :BE : 76 : 1 B: E3: E6: 7 A: FA: BC: 0 A: FF: 9 A: 53 : 87 X509v3 Authority Key Identifier: keyid: A8: 4 A: 6 A: 63 : 04 : 7 D: DD: BA: E6: D1: 39 :B7 :A6 : 45 : 65 :EF :F3 :A8 :EC :A1 Authority Information Access: OCSP - URI: http: //ocsp.int-x3.letsencrypt.orgCA Issuers - URI: http: //cert.int-x3.letsencrypt.org/X509v3 Subject Alternative Name: DNS: awen.me, DNS: file.awen.me, DNS: www.awen.meX509v3 Certificate Policies: Policy: 2.23 .140.1 .2.1 Policy: 1.3 .6.1 .4.1 .44947.1 .1.1 CPS: http: //cps.letsencrypt.orgUser Notice: Explicit Text: This Certificate may only be relied upon by Relying Parties and only in accordance with the Certificate Policy found at https: //letsencrypt.org/repository/Signature Algorithm: sha256WithRSAEncryption0 c: ef: 8 a: b7: af: 6 c: 0 e: 83 : 20 : 1 f: 72 : 0 d: 5 a: b6: 58 : 33 : 30 : 28 :6 d: 54 : 66 : 8 a: 4 e: 59 : 64 :e2 :d7 : 52 :f0 :e2 : 4 a: ce: 12 : 05 : 05 : 1 e: fb: 34 : 6 e: e0: 1 d: dd: 65 :ce :cf :f2 : 42 :be : 25 :dd : 66 : 2 f: e1: 3 d: 93 :e7 :e0 : 32 :a7 : 87 : 3 d: e5: fb: db: b9: 6 a: 8 c: b2: b0: f7: b0: bd: f4: 30 : 18 : 6 a: 09 :e5 :dd : 71 :c2 : 65 : 72 : 45 : 94 : 7 e: c7: a3: 99 : 43 :84 : 03 : 3 c: aa: b6: c7: 00 :b6 :b2 : 30 :de : 4 b: 10 : 2 c: e9: a5: 89 :b7 :f7: db: a4: c9: b0: 83 : 15 :fa : 81 :ec : 83 :d6 :ab : 48 : 75 : 23 :d9 : 9 e: 21 :cc :c0 :f1 : 6 c: 7 d: a3: 97 :ee : 89 :dc : 79 : 6 c: cc: f9: ae: 7 d: 44 :b6: 1 d: 14 : 4 c: 0 f: d2: 86 : 24 : 55 : 04 : 0 a: c9: 8 f: 9 c: 3 f: b0: 75 : 47 :81 : 2 c: e9: 5 c: b8: dc: 1 c: 0 a: 51 :f4 : 28 : 21 :e0 :a8 : 97 : 0 e: f9: 90 :c6: 4 e: 4 f: e1: bd: b6: 0 d: 44 : 69 :e9 : 7 d: 56 :c9 :ff : 4 e: 8 c: 18 : 48 :4 a: 77 :eb : 8 a: c2: ea: cf: cb: 9 b: 29 :fa : 64 :ce : 87 : 6 d: 93 : 4 e: c3: 74 :c2 :a7 : 35 :ef :b2 :f4 : 08 : 6 c: bb: 13 :d3 : 4 c: af: f7: ab: 84 :eb :9 a: 88 : 43 :a1 : 80 : 71 : 08 :e5 :ab : 72 :b9 :e6 : 66 : 95 :f1 :f3 :fd : 79 :2 f: e3: dc: 95
显示证书信息
openssl s_client -connect www.alipay .com :443 -showcerts
文章作者: 阿文
版权声明: 本博客所有文章除特别声明外,均采用
CC BY-NC-SA 4.0 许可协议。转载请注明来自
阿文的博客 !
