openssl相关命令

s_client

openssl s_client -connect awen.me:443 -state

显示证书信息

➜  Downloads openssl s_client -connect awen.me:443 -state
CONNECTED(00000003)
SSL_connect:before/connect initialization
SSL_connect:SSLv2/v3 write client hello A
SSL_connect:SSLv3 read server hello A
depth=2 O = Digital Signature Trust Co., CN = DST Root CA X3
verify return:1
depth=1 C = US, O = Let's Encrypt, CN = Let's Encrypt Authority X3
verify return:1
depth=0 CN = awen.me
verify return:1
SSL_connect:SSLv3 read server certificate A
SSL_connect:SSLv3 read server key exchange A
SSL_connect:SSLv3 read server done A
SSL_connect:SSLv3 write client key exchange A
SSL_connect:SSLv3 write change cipher spec A
SSL_connect:SSLv3 write finished A
SSL_connect:SSLv3 flush data
SSL_connect:SSLv3 read server session ticket A
SSL_connect:SSLv3 read finished A
---
Certificate chain
 0 s:/CN=awen.me
   i:/C=US/O=Let's Encrypt/CN=Let's Encrypt Authority X3
 1 s:/C=US/O=Let's Encrypt/CN=Let's Encrypt Authority X3
   i:/O=Digital Signature Trust Co./CN=DST Root CA X3
---
Server certificate
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISA3pwr8utOg9I8/XTJ+8wdJTOMA0GCSqGSIb3DQEBCwUA
MEoxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MSMwIQYDVQQD
ExpMZXQncyBFbmNyeXB0IEF1dGhvcml0eSBYMzAeFw0xNzEwMTEwMDAzMzhaFw0x
ODAxMDkwMDAzMzhaMBIxEDAOBgNVBAMTB2F3ZW4ubWUwggEiMA0GCSqGSIb3DQEB
AQUAA4IBDwAwggEKAoIBAQCtCuIWnpHvn6Lm7twgUlkzy1v6j1tQ/yDxWyd8gvOk
GJhLTlAepXdkLQsEw2QRpGxoOvsO28K9MH4B1baLGyl5TbNnZAFIUOrkDBMvaPFU
FYXK2yqtdSfky9AD3LkSjRcDMspqm9tIqjBYyu78lomZR/AgcVePYPwYfONzaE8J
4NvCLneFI+fzifNuqpkUt18wpWBp/oVC1/ln74ShVmYczg9IqTX8vw58MWlBemIL
OI40ExXDnOHa7ZdxFl1lKPtVjfQjR3bS84Dsj7XBqDYLe3tJNed0+kTJIgQFhshH
kcpDpMPW78rDz/e1akA2o0Ry/WzAnf9dOJDfjvd7FsC1AgMBAAGjggIiMIICHjAO
BgNVHQ8BAf8EBAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMAwG
A1UdEwEB/wQCMAAwHQYDVR0OBBYEFO1HBP+QqfO+dhvj5nr6vAr/mlOHMB8GA1Ud
IwQYMBaAFKhKamMEfd265tE5t6ZFZe/zqOyhMG8GCCsGAQUFBwEBBGMwYTAuBggr
BgEFBQcwAYYiaHR0cDovL29jc3AuaW50LXgzLmxldHNlbmNyeXB0Lm9yZzAvBggr
BgEFBQcwAoYjaHR0cDovL2NlcnQuaW50LXgzLmxldHNlbmNyeXB0Lm9yZy8wLQYD
VR0RBCYwJIIHYXdlbi5tZYIMZmlsZS5hd2VuLm1lggt3d3cuYXdlbi5tZTCB/gYD
VR0gBIH2MIHzMAgGBmeBDAECATCB5gYLKwYBBAGC3xMBAQEwgdYwJgYIKwYBBQUH
AgEWGmh0dHA6Ly9jcHMubGV0c2VuY3J5cHQub3JnMIGrBggrBgEFBQcCAjCBngyB
m1RoaXMgQ2VydGlmaWNhdGUgbWF5IG9ubHkgYmUgcmVsaWVkIHVwb24gYnkgUmVs
eWluZyBQYXJ0aWVzIGFuZCBvbmx5IGluIGFjY29yZGFuY2Ugd2l0aCB0aGUgQ2Vy
dGlmaWNhdGUgUG9saWN5IGZvdW5kIGF0IGh0dHBzOi8vbGV0c2VuY3J5cHQub3Jn
L3JlcG9zaXRvcnkvMA0GCSqGSIb3DQEBCwUAA4IBAQAM74q3r2wOgyAfcg1atlgz
MChtVGaKTllk4tdS8OJKzhIFBR77NG7gHd1lzs/yQr4l3WYv4T2T5+Ayp4c95fvb
uWqMsrD3sL30MBhqCeXdccJlckWUfsejmUOEAzyqtscAtrIw3ksQLOmlibf326TJ
sIMV+oHsg9arSHUj2Z4hzMDxbH2jl+6J3HlszPmufUS2HRRMD9KGJFUECsmPnD+w
dUeBLOlcuNwcClH0KCHgqJcO+ZDGTk/hvbYNRGnpfVbJ/06MGEhKd+uKwurPy5sp
+mTOh22TTsN0wqc177L0CGy7E9NMr/erhOuaiEOhgHEI5atyueZmlfHz/Xkv49yV
-----END CERTIFICATE-----
subject=/CN=awen.me
issuer=/C=US/O=Let's Encrypt/CN=Let's Encrypt Authority X3
---
No client certificate CA names sent
Peer signing digest: SHA512
Server Temp Key: ECDH, P-256, 256 bits
---
SSL handshake has read 3148 bytes and written 433 bytes
---
New, TLSv1/SSLv3, Cipher is ECDHE-RSA-AES128-GCM-SHA256
Server public key is 2048 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
SSL-Session:
    Protocol  : TLSv1.2
    Cipher    : ECDHE-RSA-AES128-GCM-SHA256
    Session-ID: 07B2204FD14B558C10FD7B46FB671AA2773A7879E4D54EB6B87969AC0715817C
    Session-ID-ctx:
    Master-Key: A4CDEE832FED5CF7BC3EDBAF26F6656D50013C5B3D0F9180328E01055A4975ECF5DEB30EB7CBCD793743A5E5798CDF50
    Key-Arg   : None
    PSK identity: None
    PSK identity hint: None
    SRP username: None
    TLS session ticket lifetime hint: 86400 (seconds)
    TLS session ticket:
    0000 - 04 b2 d5 29 64 26 3a 7e-6b 73 f7 51 59 05 2c ef   ...)d&:~ks.QY.,.
    0010 - 6e 16 8c cd 04 bd b7 31-89 54 f0 93 36 98 92 ea   n......1.T..6...
    0020 - 89 5e 00 96 d4 04 09 4b-a6 a6 3b b0 73 24 45 40   .^.....K..;.s$E@
    0030 - a7 db c5 20 cd a0 72 c8-08 1b f9 a7 66 c6 64 a4   ... ..r.....f.d.
    0040 - 05 42 c8 69 e9 19 1a 33-46 63 b1 6b 6b 82 56 01   .B.i...3Fc.kk.V.
    0050 - 21 22 60 32 fd a3 af 58-77 8f f1 39 2b 44 f2 52   !"`2...Xw..9+D.R
    0060 - 6f 7e 93 80 19 8d a4 36-91 b3 c2 01 38 d3 6a 95   o~.....6....8.j.
    0070 - fc 22 d5 77 9d 67 2a 84-7f 35 85 c7 a1 7d e8 13   .".w.g*..5...}..
    0080 - 8e 38 96 c4 2c a6 35 02-92 1c 05 07 ef 4c 4d 80   .8..,.5......LM.
    0090 - fa cb 1b 3a 5b 15 f5 f0-46 ce 45 60 65 40 82 9f   ...:[...F.E`e@..
    00a0 - f3 62 36 9c 00 ab c0 9f-db 77 b0 36 f0 24 b7 74   .b6......w.6.$.t

    Start Time: 1509693221
    Timeout   : 300 (sec)
    Verify return code: 0 (ok)
---
SSL3 alert read:warning:close notify
closed
SSL3 alert write:warning:close notify

提取证书

echo |\openssl s_client -connect awen.me:443 2>&1|\sed -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p' >> awen.pem

得到如下内容

➜  Downloads cat awen.pem
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISA3pwr8utOg9I8/XTJ+8wdJTOMA0GCSqGSIb3DQEBCwUA
MEoxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MSMwIQYDVQQD
ExpMZXQncyBFbmNyeXB0IEF1dGhvcml0eSBYMzAeFw0xNzEwMTEwMDAzMzhaFw0x
ODAxMDkwMDAzMzhaMBIxEDAOBgNVBAMTB2F3ZW4ubWUwggEiMA0GCSqGSIb3DQEB
AQUAA4IBDwAwggEKAoIBAQCtCuIWnpHvn6Lm7twgUlkzy1v6j1tQ/yDxWyd8gvOk
GJhLTlAepXdkLQsEw2QRpGxoOvsO28K9MH4B1baLGyl5TbNnZAFIUOrkDBMvaPFU
FYXK2yqtdSfky9AD3LkSjRcDMspqm9tIqjBYyu78lomZR/AgcVePYPwYfONzaE8J
4NvCLneFI+fzifNuqpkUt18wpWBp/oVC1/ln74ShVmYczg9IqTX8vw58MWlBemIL
OI40ExXDnOHa7ZdxFl1lKPtVjfQjR3bS84Dsj7XBqDYLe3tJNed0+kTJIgQFhshH
kcpDpMPW78rDz/e1akA2o0Ry/WzAnf9dOJDfjvd7FsC1AgMBAAGjggIiMIICHjAO
BgNVHQ8BAf8EBAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMAwG
A1UdEwEB/wQCMAAwHQYDVR0OBBYEFO1HBP+QqfO+dhvj5nr6vAr/mlOHMB8GA1Ud
IwQYMBaAFKhKamMEfd265tE5t6ZFZe/zqOyhMG8GCCsGAQUFBwEBBGMwYTAuBggr
BgEFBQcwAYYiaHR0cDovL29jc3AuaW50LXgzLmxldHNlbmNyeXB0Lm9yZzAvBggr
BgEFBQcwAoYjaHR0cDovL2NlcnQuaW50LXgzLmxldHNlbmNyeXB0Lm9yZy8wLQYD
VR0RBCYwJIIHYXdlbi5tZYIMZmlsZS5hd2VuLm1lggt3d3cuYXdlbi5tZTCB/gYD
VR0gBIH2MIHzMAgGBmeBDAECATCB5gYLKwYBBAGC3xMBAQEwgdYwJgYIKwYBBQUH
AgEWGmh0dHA6Ly9jcHMubGV0c2VuY3J5cHQub3JnMIGrBggrBgEFBQcCAjCBngyB
m1RoaXMgQ2VydGlmaWNhdGUgbWF5IG9ubHkgYmUgcmVsaWVkIHVwb24gYnkgUmVs
eWluZyBQYXJ0aWVzIGFuZCBvbmx5IGluIGFjY29yZGFuY2Ugd2l0aCB0aGUgQ2Vy
dGlmaWNhdGUgUG9saWN5IGZvdW5kIGF0IGh0dHBzOi8vbGV0c2VuY3J5cHQub3Jn
L3JlcG9zaXRvcnkvMA0GCSqGSIb3DQEBCwUAA4IBAQAM74q3r2wOgyAfcg1atlgz
MChtVGaKTllk4tdS8OJKzhIFBR77NG7gHd1lzs/yQr4l3WYv4T2T5+Ayp4c95fvb
uWqMsrD3sL30MBhqCeXdccJlckWUfsejmUOEAzyqtscAtrIw3ksQLOmlibf326TJ
sIMV+oHsg9arSHUj2Z4hzMDxbH2jl+6J3HlszPmufUS2HRRMD9KGJFUECsmPnD+w
dUeBLOlcuNwcClH0KCHgqJcO+ZDGTk/hvbYNRGnpfVbJ/06MGEhKd+uKwurPy5sp
+mTOh22TTsN0wqc177L0CGy7E9NMr/erhOuaiEOhgHEI5atyueZmlfHz/Xkv49yV
-----END CERTIFICATE-----

查看证书信息

➜  Downloads openssl x509 -noout -text -in awen.pem
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            03:7a:70:af:cb:ad:3a:0f:48:f3:f5:d3:27:ef:30:74:94:ce
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: C=US, O=Let's Encrypt, CN=Let's Encrypt Authority X3
        Validity
            Not Before: Oct 11 00:03:38 2017 GMT
            Not After : Jan  9 00:03:38 2018 GMT
        Subject: CN=awen.me
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                Public-Key: (2048 bit)
                Modulus:
                    00:ad:0a:e2:16:9e:91:ef:9f:a2:e6:ee:dc:20:52:
                    59:33:cb:5b:fa:8f:5b:50:ff:20:f1:5b:27:7c:82:
                    f3:a4:18:98:4b:4e:50:1e:a5:77:64:2d:0b:04:c3:
                    64:11:a4:6c:68:3a:fb:0e:db:c2:bd:30:7e:01:d5:
                    b6:8b:1b:29:79:4d:b3:67:64:01:48:50:ea:e4:0c:
                    13:2f:68:f1:54:15:85:ca:db:2a:ad:75:27:e4:cb:
                    d0:03:dc:b9:12:8d:17:03:32:ca:6a:9b:db:48:aa:
                    30:58:ca:ee:fc:96:89:99:47:f0:20:71:57:8f:60:
                    fc:18:7c:e3:73:68:4f:09:e0:db:c2:2e:77:85:23:
                    e7:f3:89:f3:6e:aa:99:14:b7:5f:30:a5:60:69:fe:
                    85:42:d7:f9:67:ef:84:a1:56:66:1c:ce:0f:48:a9:
                    35:fc:bf:0e:7c:31:69:41:7a:62:0b:38:8e:34:13:
                    15:c3:9c:e1:da:ed:97:71:16:5d:65:28:fb:55:8d:
                    f4:23:47:76:d2:f3:80:ec:8f:b5:c1:a8:36:0b:7b:
                    7b:49:35:e7:74:fa:44:c9:22:04:05:86:c8:47:91:
                    ca:43:a4:c3:d6:ef:ca:c3:cf:f7:b5:6a:40:36:a3:
                    44:72:fd:6c:c0:9d:ff:5d:38:90:df:8e:f7:7b:16:
                    c0:b5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Key Usage: critical
                Digital Signature, Key Encipherment
            X509v3 Extended Key Usage:
                TLS Web Server Authentication, TLS Web Client Authentication
            X509v3 Basic Constraints: critical
                CA:FALSE
            X509v3 Subject Key Identifier:
                ED:47:04:FF:90:A9:F3:BE:76:1B:E3:E6:7A:FA:BC:0A:FF:9A:53:87
            X509v3 Authority Key Identifier:
                keyid:A8:4A:6A:63:04:7D:DD:BA:E6:D1:39:B7:A6:45:65:EF:F3:A8:EC:A1

            Authority Information Access:
                OCSP - URI:http://ocsp.int-x3.letsencrypt.org
                CA Issuers - URI:http://cert.int-x3.letsencrypt.org/

            X509v3 Subject Alternative Name:
                DNS:awen.me, DNS:file.awen.me, DNS:www.awen.me
            X509v3 Certificate Policies:
                Policy: 2.23.140.1.2.1
                Policy: 1.3.6.1.4.1.44947.1.1.1
                  CPS: http://cps.letsencrypt.org
                  User Notice:
                    Explicit Text: This Certificate may only be relied upon by Relying Parties and only in accordance with the Certificate Policy found at https://letsencrypt.org/repository/

    Signature Algorithm: sha256WithRSAEncryption
         0c:ef:8a:b7:af:6c:0e:83:20:1f:72:0d:5a:b6:58:33:30:28:
         6d:54:66:8a:4e:59:64:e2:d7:52:f0:e2:4a:ce:12:05:05:1e:
         fb:34:6e:e0:1d:dd:65:ce:cf:f2:42:be:25:dd:66:2f:e1:3d:
         93:e7:e0:32:a7:87:3d:e5:fb:db:b9:6a:8c:b2:b0:f7:b0:bd:
         f4:30:18:6a:09:e5:dd:71:c2:65:72:45:94:7e:c7:a3:99:43:
         84:03:3c:aa:b6:c7:00:b6:b2:30:de:4b:10:2c:e9:a5:89:b7:
         f7:db:a4:c9:b0:83:15:fa:81:ec:83:d6:ab:48:75:23:d9:9e:
         21:cc:c0:f1:6c:7d:a3:97:ee:89:dc:79:6c:cc:f9:ae:7d:44:
         b6:1d:14:4c:0f:d2:86:24:55:04:0a:c9:8f:9c:3f:b0:75:47:
         81:2c:e9:5c:b8:dc:1c:0a:51:f4:28:21:e0:a8:97:0e:f9:90:
         c6:4e:4f:e1:bd:b6:0d:44:69:e9:7d:56:c9:ff:4e:8c:18:48:
         4a:77:eb:8a:c2:ea:cf:cb:9b:29:fa:64:ce:87:6d:93:4e:c3:
         74:c2:a7:35:ef:b2:f4:08:6c:bb:13:d3:4c:af:f7:ab:84:eb:
         9a:88:43:a1:80:71:08:e5:ab:72:b9:e6:66:95:f1:f3:fd:79:
         2f:e3:dc:95

显示证书信息

openssl s_client -connect www.alipay.com:443 -showcerts