s_client
openssl s_client -connect awen.me:443 -state
显示证书信息
➜ Downloads openssl s_client -connect awen.me:443 -state
CONNECTED(00000003)
SSL_connect:before/connect initialization
SSL_connect:SSLv2/v3 write client hello A
SSL_connect:SSLv3 read server hello A
depth=2 O = Digital Signature Trust Co., CN = DST Root CA X3
verify return:1
depth=1 C = US, O = Let's Encrypt, CN = Let's Encrypt Authority X3
verify return:1
depth=0 CN = awen.me
verify return:1
SSL_connect:SSLv3 read server certificate A
SSL_connect:SSLv3 read server key exchange A
SSL_connect:SSLv3 read server done A
SSL_connect:SSLv3 write client key exchange A
SSL_connect:SSLv3 write change cipher spec A
SSL_connect:SSLv3 write finished A
SSL_connect:SSLv3 flush data
SSL_connect:SSLv3 read server session ticket A
SSL_connect:SSLv3 read finished A
---
Certificate chain
0 s:/CN=awen.me
i:/C=US/O=Let's Encrypt/CN=Let's Encrypt Authority X3
1 s:/C=US/O=Let's Encrypt/CN=Let's Encrypt Authority X3
i:/O=Digital Signature Trust Co./CN=DST Root CA X3
---
Server certificate
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISA3pwr8utOg9I8/XTJ+8wdJTOMA0GCSqGSIb3DQEBCwUA
MEoxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MSMwIQYDVQQD
ExpMZXQncyBFbmNyeXB0IEF1dGhvcml0eSBYMzAeFw0xNzEwMTEwMDAzMzhaFw0x
ODAxMDkwMDAzMzhaMBIxEDAOBgNVBAMTB2F3ZW4ubWUwggEiMA0GCSqGSIb3DQEB
AQUAA4IBDwAwggEKAoIBAQCtCuIWnpHvn6Lm7twgUlkzy1v6j1tQ/yDxWyd8gvOk
GJhLTlAepXdkLQsEw2QRpGxoOvsO28K9MH4B1baLGyl5TbNnZAFIUOrkDBMvaPFU
FYXK2yqtdSfky9AD3LkSjRcDMspqm9tIqjBYyu78lomZR/AgcVePYPwYfONzaE8J
4NvCLneFI+fzifNuqpkUt18wpWBp/oVC1/ln74ShVmYczg9IqTX8vw58MWlBemIL
OI40ExXDnOHa7ZdxFl1lKPtVjfQjR3bS84Dsj7XBqDYLe3tJNed0+kTJIgQFhshH
kcpDpMPW78rDz/e1akA2o0Ry/WzAnf9dOJDfjvd7FsC1AgMBAAGjggIiMIICHjAO
BgNVHQ8BAf8EBAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMAwG
A1UdEwEB/wQCMAAwHQYDVR0OBBYEFO1HBP+QqfO+dhvj5nr6vAr/mlOHMB8GA1Ud
IwQYMBaAFKhKamMEfd265tE5t6ZFZe/zqOyhMG8GCCsGAQUFBwEBBGMwYTAuBggr
BgEFBQcwAYYiaHR0cDovL29jc3AuaW50LXgzLmxldHNlbmNyeXB0Lm9yZzAvBggr
BgEFBQcwAoYjaHR0cDovL2NlcnQuaW50LXgzLmxldHNlbmNyeXB0Lm9yZy8wLQYD
VR0RBCYwJIIHYXdlbi5tZYIMZmlsZS5hd2VuLm1lggt3d3cuYXdlbi5tZTCB/gYD
VR0gBIH2MIHzMAgGBmeBDAECATCB5gYLKwYBBAGC3xMBAQEwgdYwJgYIKwYBBQUH
AgEWGmh0dHA6Ly9jcHMubGV0c2VuY3J5cHQub3JnMIGrBggrBgEFBQcCAjCBngyB
m1RoaXMgQ2VydGlmaWNhdGUgbWF5IG9ubHkgYmUgcmVsaWVkIHVwb24gYnkgUmVs
eWluZyBQYXJ0aWVzIGFuZCBvbmx5IGluIGFjY29yZGFuY2Ugd2l0aCB0aGUgQ2Vy
dGlmaWNhdGUgUG9saWN5IGZvdW5kIGF0IGh0dHBzOi8vbGV0c2VuY3J5cHQub3Jn
L3JlcG9zaXRvcnkvMA0GCSqGSIb3DQEBCwUAA4IBAQAM74q3r2wOgyAfcg1atlgz
MChtVGaKTllk4tdS8OJKzhIFBR77NG7gHd1lzs/yQr4l3WYv4T2T5+Ayp4c95fvb
uWqMsrD3sL30MBhqCeXdccJlckWUfsejmUOEAzyqtscAtrIw3ksQLOmlibf326TJ
sIMV+oHsg9arSHUj2Z4hzMDxbH2jl+6J3HlszPmufUS2HRRMD9KGJFUECsmPnD+w
dUeBLOlcuNwcClH0KCHgqJcO+ZDGTk/hvbYNRGnpfVbJ/06MGEhKd+uKwurPy5sp
+mTOh22TTsN0wqc177L0CGy7E9NMr/erhOuaiEOhgHEI5atyueZmlfHz/Xkv49yV
-----END CERTIFICATE-----
subject=/CN=awen.me
issuer=/C=US/O=Let's Encrypt/CN=Let's Encrypt Authority X3
---
No client certificate CA names sent
Peer signing digest: SHA512
Server Temp Key: ECDH, P-256, 256 bits
---
SSL handshake has read 3148 bytes and written 433 bytes
---
New, TLSv1/SSLv3, Cipher is ECDHE-RSA-AES128-GCM-SHA256
Server public key is 2048 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
SSL-Session:
Protocol : TLSv1.2
Cipher : ECDHE-RSA-AES128-GCM-SHA256
Session-ID: 07B2204FD14B558C10FD7B46FB671AA2773A7879E4D54EB6B87969AC0715817C
Session-ID-ctx:
Master-Key: A4CDEE832FED5CF7BC3EDBAF26F6656D50013C5B3D0F9180328E01055A4975ECF5DEB30EB7CBCD793743A5E5798CDF50
Key-Arg : None
PSK identity: None
PSK identity hint: None
SRP username: None
TLS session ticket lifetime hint: 86400 (seconds)
TLS session ticket:
0000 - 04 b2 d5 29 64 26 3a 7e-6b 73 f7 51 59 05 2c ef ...)d&:~ks.QY.,.
0010 - 6e 16 8c cd 04 bd b7 31-89 54 f0 93 36 98 92 ea n......1.T..6...
0020 - 89 5e 00 96 d4 04 09 4b-a6 a6 3b b0 73 24 45 40 .^.....K..;.s$E@
0030 - a7 db c5 20 cd a0 72 c8-08 1b f9 a7 66 c6 64 a4 ... ..r.....f.d.
0040 - 05 42 c8 69 e9 19 1a 33-46 63 b1 6b 6b 82 56 01 .B.i...3Fc.kk.V.
0050 - 21 22 60 32 fd a3 af 58-77 8f f1 39 2b 44 f2 52 !"`2...Xw..9+D.R
0060 - 6f 7e 93 80 19 8d a4 36-91 b3 c2 01 38 d3 6a 95 o~.....6....8.j.
0070 - fc 22 d5 77 9d 67 2a 84-7f 35 85 c7 a1 7d e8 13 .".w.g*..5...}..
0080 - 8e 38 96 c4 2c a6 35 02-92 1c 05 07 ef 4c 4d 80 .8..,.5......LM.
0090 - fa cb 1b 3a 5b 15 f5 f0-46 ce 45 60 65 40 82 9f ...:[...F.E`e@..
00a0 - f3 62 36 9c 00 ab c0 9f-db 77 b0 36 f0 24 b7 74 .b6......w.6.$.t
Start Time: 1509693221
Timeout : 300 (sec)
Verify return code: 0 (ok)
---
SSL3 alert read:warning:close notify
closed
SSL3 alert write:warning:close notify
提取证书
echo |\openssl s_client -connect awen.me:443 2>&1|\sed -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p' >> awen.pem
得到如下内容
➜ Downloads cat awen.pem
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISA3pwr8utOg9I8/XTJ+8wdJTOMA0GCSqGSIb3DQEBCwUA
MEoxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MSMwIQYDVQQD
ExpMZXQncyBFbmNyeXB0IEF1dGhvcml0eSBYMzAeFw0xNzEwMTEwMDAzMzhaFw0x
ODAxMDkwMDAzMzhaMBIxEDAOBgNVBAMTB2F3ZW4ubWUwggEiMA0GCSqGSIb3DQEB
AQUAA4IBDwAwggEKAoIBAQCtCuIWnpHvn6Lm7twgUlkzy1v6j1tQ/yDxWyd8gvOk
GJhLTlAepXdkLQsEw2QRpGxoOvsO28K9MH4B1baLGyl5TbNnZAFIUOrkDBMvaPFU
FYXK2yqtdSfky9AD3LkSjRcDMspqm9tIqjBYyu78lomZR/AgcVePYPwYfONzaE8J
4NvCLneFI+fzifNuqpkUt18wpWBp/oVC1/ln74ShVmYczg9IqTX8vw58MWlBemIL
OI40ExXDnOHa7ZdxFl1lKPtVjfQjR3bS84Dsj7XBqDYLe3tJNed0+kTJIgQFhshH
kcpDpMPW78rDz/e1akA2o0Ry/WzAnf9dOJDfjvd7FsC1AgMBAAGjggIiMIICHjAO
BgNVHQ8BAf8EBAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMAwG
A1UdEwEB/wQCMAAwHQYDVR0OBBYEFO1HBP+QqfO+dhvj5nr6vAr/mlOHMB8GA1Ud
IwQYMBaAFKhKamMEfd265tE5t6ZFZe/zqOyhMG8GCCsGAQUFBwEBBGMwYTAuBggr
BgEFBQcwAYYiaHR0cDovL29jc3AuaW50LXgzLmxldHNlbmNyeXB0Lm9yZzAvBggr
BgEFBQcwAoYjaHR0cDovL2NlcnQuaW50LXgzLmxldHNlbmNyeXB0Lm9yZy8wLQYD
VR0RBCYwJIIHYXdlbi5tZYIMZmlsZS5hd2VuLm1lggt3d3cuYXdlbi5tZTCB/gYD
VR0gBIH2MIHzMAgGBmeBDAECATCB5gYLKwYBBAGC3xMBAQEwgdYwJgYIKwYBBQUH
AgEWGmh0dHA6Ly9jcHMubGV0c2VuY3J5cHQub3JnMIGrBggrBgEFBQcCAjCBngyB
m1RoaXMgQ2VydGlmaWNhdGUgbWF5IG9ubHkgYmUgcmVsaWVkIHVwb24gYnkgUmVs
eWluZyBQYXJ0aWVzIGFuZCBvbmx5IGluIGFjY29yZGFuY2Ugd2l0aCB0aGUgQ2Vy
dGlmaWNhdGUgUG9saWN5IGZvdW5kIGF0IGh0dHBzOi8vbGV0c2VuY3J5cHQub3Jn
L3JlcG9zaXRvcnkvMA0GCSqGSIb3DQEBCwUAA4IBAQAM74q3r2wOgyAfcg1atlgz
MChtVGaKTllk4tdS8OJKzhIFBR77NG7gHd1lzs/yQr4l3WYv4T2T5+Ayp4c95fvb
uWqMsrD3sL30MBhqCeXdccJlckWUfsejmUOEAzyqtscAtrIw3ksQLOmlibf326TJ
sIMV+oHsg9arSHUj2Z4hzMDxbH2jl+6J3HlszPmufUS2HRRMD9KGJFUECsmPnD+w
dUeBLOlcuNwcClH0KCHgqJcO+ZDGTk/hvbYNRGnpfVbJ/06MGEhKd+uKwurPy5sp
+mTOh22TTsN0wqc177L0CGy7E9NMr/erhOuaiEOhgHEI5atyueZmlfHz/Xkv49yV
-----END CERTIFICATE-----
查看证书信息
➜ Downloads openssl x509 -noout -text -in awen.pem
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
03:7a:70:af:cb:ad:3a:0f:48:f3:f5:d3:27:ef:30:74:94:ce
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=US, O=Let's Encrypt, CN=Let's Encrypt Authority X3
Validity
Not Before: Oct 11 00:03:38 2017 GMT
Not After : Jan 9 00:03:38 2018 GMT
Subject: CN=awen.me
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (2048 bit)
Modulus:
00:ad:0a:e2:16:9e:91:ef:9f:a2:e6:ee:dc:20:52:
59:33:cb:5b:fa:8f:5b:50:ff:20:f1:5b:27:7c:82:
f3:a4:18:98:4b:4e:50:1e:a5:77:64:2d:0b:04:c3:
64:11:a4:6c:68:3a:fb:0e:db:c2:bd:30:7e:01:d5:
b6:8b:1b:29:79:4d:b3:67:64:01:48:50:ea:e4:0c:
13:2f:68:f1:54:15:85:ca:db:2a:ad:75:27:e4:cb:
d0:03:dc:b9:12:8d:17:03:32:ca:6a:9b:db:48:aa:
30:58:ca:ee:fc:96:89:99:47:f0:20:71:57:8f:60:
fc:18:7c:e3:73:68:4f:09:e0:db:c2:2e:77:85:23:
e7:f3:89:f3:6e:aa:99:14:b7:5f:30:a5:60:69:fe:
85:42:d7:f9:67:ef:84:a1:56:66:1c:ce:0f:48:a9:
35:fc:bf:0e:7c:31:69:41:7a:62:0b:38:8e:34:13:
15:c3:9c:e1:da:ed:97:71:16:5d:65:28:fb:55:8d:
f4:23:47:76:d2:f3:80:ec:8f:b5:c1:a8:36:0b:7b:
7b:49:35:e7:74:fa:44:c9:22:04:05:86:c8:47:91:
ca:43:a4:c3:d6:ef:ca:c3:cf:f7:b5:6a:40:36:a3:
44:72:fd:6c:c0:9d:ff:5d:38:90:df:8e:f7:7b:16:
c0:b5
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Key Usage: critical
Digital Signature, Key Encipherment
X509v3 Extended Key Usage:
TLS Web Server Authentication, TLS Web Client Authentication
X509v3 Basic Constraints: critical
CA:FALSE
X509v3 Subject Key Identifier:
ED:47:04:FF:90:A9:F3:BE:76:1B:E3:E6:7A:FA:BC:0A:FF:9A:53:87
X509v3 Authority Key Identifier:
keyid:A8:4A:6A:63:04:7D:DD:BA:E6:D1:39:B7:A6:45:65:EF:F3:A8:EC:A1
Authority Information Access:
OCSP - URI:http://ocsp.int-x3.letsencrypt.org
CA Issuers - URI:http://cert.int-x3.letsencrypt.org/
X509v3 Subject Alternative Name:
DNS:awen.me, DNS:file.awen.me, DNS:www.awen.me
X509v3 Certificate Policies:
Policy: 2.23.140.1.2.1
Policy: 1.3.6.1.4.1.44947.1.1.1
CPS: http://cps.letsencrypt.org
User Notice:
Explicit Text: This Certificate may only be relied upon by Relying Parties and only in accordance with the Certificate Policy found at https://letsencrypt.org/repository/
Signature Algorithm: sha256WithRSAEncryption
0c:ef:8a:b7:af:6c:0e:83:20:1f:72:0d:5a:b6:58:33:30:28:
6d:54:66:8a:4e:59:64:e2:d7:52:f0:e2:4a:ce:12:05:05:1e:
fb:34:6e:e0:1d:dd:65:ce:cf:f2:42:be:25:dd:66:2f:e1:3d:
93:e7:e0:32:a7:87:3d:e5:fb:db:b9:6a:8c:b2:b0:f7:b0:bd:
f4:30:18:6a:09:e5:dd:71:c2:65:72:45:94:7e:c7:a3:99:43:
84:03:3c:aa:b6:c7:00:b6:b2:30:de:4b:10:2c:e9:a5:89:b7:
f7:db:a4:c9:b0:83:15:fa:81:ec:83:d6:ab:48:75:23:d9:9e:
21:cc:c0:f1:6c:7d:a3:97:ee:89:dc:79:6c:cc:f9:ae:7d:44:
b6:1d:14:4c:0f:d2:86:24:55:04:0a:c9:8f:9c:3f:b0:75:47:
81:2c:e9:5c:b8:dc:1c:0a:51:f4:28:21:e0:a8:97:0e:f9:90:
c6:4e:4f:e1:bd:b6:0d:44:69:e9:7d:56:c9:ff:4e:8c:18:48:
4a:77:eb:8a:c2:ea:cf:cb:9b:29:fa:64:ce:87:6d:93:4e:c3:
74:c2:a7:35:ef:b2:f4:08:6c:bb:13:d3:4c:af:f7:ab:84:eb:
9a:88:43:a1:80:71:08:e5:ab:72:b9:e6:66:95:f1:f3:fd:79:
2f:e3:dc:95
显示证书信息
openssl s_client -connect www.alipay.com:443 -showcerts