Können Sie bei Verwendung des persönlichen Stammzertifikats von Kaspersky Anti-Virus das Zertifikat der Website anzeigen?
... kann das SSL-Zertifikat für die Website selbst angezeigt werden?
Sie sollten es können, müssen dies aber außerhalb des Browsers tun. Google verwendet beispielsweise OpenSSLs s_client
:
$ openssl s_client -connect www.google.com:443 -tls1 -servername www.google.com | openssl x509 -text -noout ... Certificate: Data: Version: 3 (0x2) Serial Number: 3497310530607939837 (0x3088f165e61e80fd) Signature Algorithm: sha256WithRSAEncryption Issuer: C=US, O=Google Inc, CN=Google Internet Authority G2 Validity Not Before: Feb 11 11:17:05 2016 GMT Not After : May 11 00:00:00 2016 GMT Subject: C=US, ST=California, L=Mountain View, O=Google Inc, CN=www.google.com Subject Public Key Info: Public Key Algorithm: rsaEncryption Public-Key: (2048 bit) Modulus: 00:d4:90:20:6e:c9:e9:f7:1b:ce:57:59:b3:ee:45: 13:e1:e0:d1:7d:68:b2:05:69:c0:e1:0d:77:2c:89: 10:ea:b4:0a:d9:d5:5b:8d:a9:ac:9a:98:2b:b6:33: 1d:ba:53:8b:e0:1a:df:d9:01:fe:83:24:3f:6d:af: 0a:4b:c5:e0:de:75:7e:76:81:19:e0:c4:a8:ae:1f: 09:21:40:31:43:a7:52:d7:53:9c:f2:69:cc:2f:78: ef:39:d8:ad:d4:b2:4b:7d:8c:c5:70:8b:90:c7:48: f9:57:c2:69:85:b9:ba:4b:cb:17:f4:b1:1a:a9:e6: 50:60:ca:78:5a:7a:16:91:44:a9:56:4e:59:0f:93: 0d:23:a1:53:3c:5b:47:38:9d:76:ff:f7:b2:c2:ce: fd:09:d7:49:48:5e:39:fb:71:e8:b8:90:59:44:ed: 85:14:15:a1:4b:67:a7:66:40:3b:04:58:0a:6c:06: aa:df:71:f2:02:74:82:14:ad:4c:98:5a:09:53:82: 1e:40:2b:36:78:7e:31:8e:36:20:c5:c8:59:9a:dd: 8b:8e:24:2b:9e:8d:4f:94:d6:6b:0d:a2:7e:5e:a4: 7d:14:ac:c0:8a:17:5c:7a:c8:00:46:9c:24:75:50: a5:be:ec:51:d1:60:99:2f:6d:94:17:77:ce:63:09: 01:29 Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Extended Key Usage: TLS Web Server Authentication, TLS Web Client Authentication X509v3 Subject Alternative Name: DNS:www.google.com Authority Information Access: CA Issuers - URI:http://pki.google.com/GIAG2.crt OCSP - URI:http://clients1.google.com/ocsp X509v3 Subject Key Identifier: 4F:C7:02:93:EC:46:43:9C:34:43:03:3E:CB:18:CB:4E:7A:B4:0E:DE X509v3 Basic Constraints: critical CA:FALSE X509v3 Authority Key Identifier: keyid:4A:DD:06:16:1B:BC:F6:68:B5:76:F5:81:B6:BB:62:1A:BA:5A:81:2F X509v3 Certificate Policies: Policy: 1.3.6.1.4.1.11129.2.5.1 Policy: 2.23.140.1.2.2 X509v3 CRL Distribution Points: Full Name: URI:http://pki.google.com/GIAG2.crl Signature Algorithm: sha256WithRSAEncryption 19:5a:93:63:e9:3b:8a:f2:80:01:70:a9:02:8a:51:84:23:3b: 94:77:9b:4a:e1:38:d4:a1:8c:51:1d:67:79:a1:03:b5:1f:0d: c7:77:d8:52:64:92:55:77:c0:d9:0e:1c:6a:ff:f2:a9:56:04: 66:90:66:ca:e1:21:4a:45:cd:06:09:64:23:58:75:3f:84:23: 7b:d1:c9:bb:d8:b2:d0:4f:f2:4a:09:9d:6e:cf:14:2a:8b:8e: 52:f7:a6:8b:16:14:bc:13:71:e7:b0:50:e8:a0:04:c0:c7:c6: 89:13:67:19:a0:41:da:99:83:48:bb:ed:e3:f5:b4:29:bf:bc: 2b:95:2c:3b:54:ca:cf:5a:df:00:51:47:2d:cd:5a:7d:fb:e0: 15:bf:34:9e:a0:8b:ff:ba:80:57:e0:d3:c5:71:12:df:48:49: 98:13:d1:95:ef:68:b4:f4:50:77:0e:51:3e:98:e5:8f:31:57: a4:6a:8f:73:0b:9d:b4:ec:db:4d:04:c2:6a:ad:ec:5c:ac:02: 3a:0a:c1:96:f3:2a:53:02:f3:7a:19:94:17:80:ff:0f:4e:5d: 19:f4:b9:18:ba:89:dd:62:5d:01:39:da:4a:28:f8:32:39:84: 69:ef:5d:3b:5c:d0:9d:38:10:30:93:7b:2c:ee:0b:a2:9f:e5: 17:0c:cf:81
Sie können den Überprüfungsfehler löschen : num = 20: Kein Problem mit dem lokalen Ausstellerzertifikat mithilfe der -CAfile
Option:
$ openssl s_client -connect www.google.com:443 -tls1 -servername www.google.com -CAfile GeoTrust-Root.pem