So erhalten Sie das Zertifikat meiner Serveradresse: 10.112. . : 443 Wie machen wir das mit dem Befehl in Windows?
Installieren Sie Win32 OpenSSL von Shining Light Production . Die Befehle sind unabhängig vom Betriebssystem gleich. Dann (aus einer OS X-Box):
$ openssl s_client -connect www.google.com:443 -tls1 -servername www.google.com | \ openssl x509 -text -noout depth=2 C = US, O = GeoTrust Inc., CN = GeoTrust Global CA verify error:num=20:unable to get local issuer certificate Certificate: Data: Version: 3 (0x2) Serial Number: 2625022969251558231 (0x246df47b897af357) Signature Algorithm: sha256WithRSAEncryption Issuer: C = US, O = Google Inc, CN = Google Internet Authority G2 Validity Not Before: Jun 30 15:20:05 2016 GMT Not After : Sep 22 14:53:00 2016 GMT Subject: C = US, ST = California, L = Mountain View, O = Google Inc, CN = www.google.com Subject Public Key Info: Public Key Algorithm: rsaEncryption Public-Key: (2048 bit) Modulus: 00:ac:49:83:56:dc:06:b5:1b:77:7f:49:25:81:1e: 20:be:ea:06:6f:d5:61:a1:d8:f1:7c:ec:f6:15:53: cf:35:42:13:3e:40:49:80:00:0e:85:b7:91:25:96: 59:2d:c9:9e:5f:95:e6:24:6b:c8:7d:0c:a6:fa:0e: 8f:a2:6a:0c:b1:14:3b:70:85:c4:b2:14:d2:2d:39: 31:74:06:f6:08:e9:bb:89:50:e9:fb:bd:ce:45:40: 45:b5:31:58:a4:3a:74:61:fc:53:ba:6a:06:f8:4c: de:b8:72:34:1e:02:6b:09:43:65:7b:5f:c6:2f:ee: ef:8f:e0:b4:b7:9d:d7:dc:24:b1:0a:51:21:1a:80: f3:f1:cc:2f:9e:21:79:49:62:a2:22:b5:b2:e0:9f: 38:ca:e1:a2:ba:0c:9e:6d:d4:19:50:e9:40:7d:8e: 93:91:63:55:bc:1e:e1:7c:82:b5:dd:e2:79:85:93: dd:54:67:f4:92:c9:a0:22:d2:46:0e:f0:0e:b4:43: 0d:ff:9a:a2:12:53:6c:7d:1a:c0:82:54:a3:36:1c: 40:43:bf:bc:ce:19:51:40:96:fa:35:e8:12:f6:3f: 45:c9:7c:ac:5f:25:ff:62:3d:dd:66:c4:87:7f:3c: fc:45:ff:db:11:dc:59:eb:27:91:10:d0:6e:e0:fd: 2a:59 Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Extended Key Usage: TLS Web Server Authentication, TLS Web Client Authentication X509v3 Subject Alternative Name: DNS:www.google.com Authority Information Access: CA Issuers - URI:http://pki.google.com/GIAG2.crt OCSP - URI:http://clients1.google.com/ocsp X509v3 Subject Key Identifier: 48:59:57:0D:D3:48:20:96:1B:7D:7A:3F:69:1D:DF:E4:5E:C4:21:6B X509v3 Basic Constraints: critical CA:FALSE X509v3 Authority Key Identifier: keyid:4A:DD:06:16:1B:BC:F6:68:B5:76:F5:81:B6:BB:62:1A:BA:5A:81:2F X509v3 Certificate Policies: Policy: 1.3.6.1.4.1.11129.2.5.1 Policy: 2.23.140.1.2.2 X509v3 CRL Distribution Points: Full Name: URI:http://pki.google.com/GIAG2.crl Signature Algorithm: sha256WithRSAEncryption 1d:0e:32:85:6e:d6:db:3b:a3:7e:f3:19:22:33:38:57:50:61: 45:89:2e:30:f1:26:2f:b4:29:45:b6:9d:86:94:63:fa:b8:dc: 3c:08:2a:27:01:14:46:bc:a4:d7:ba:a3:63:1e:9f:4a:0e:88: 79:0a:6b:c6:4b:11:04:73:bd:79:a8:48:36:1f:38:a4:fa:4a: ae:e5:71:f9:0d:00:8b:c4:3d:6a:44:2e:85:e2:dd:05:fc:61: a7:92:bf:71:38:ad:ae:5f:06:c0:dc:53:da:ec:a4:85:bb:00: 2f:30:7b:d0:33:fd:01:c0:ed:9e:69:fe:5a:22:ab:cb:bb:07: 0d:0b:a7:eb:ef:45:0f:5f:7f:c9:d4:27:0a:27:94:f5:c4:de: 74:31:ef:7b:ac:ca:c4:20:0a:6d:9b:55:80:5f:ff:4a:8d:66: e9:ae:aa:c7:7b:29:76:c8:99:de:e6:66:71:2f:cd:dd:79:45: 49:a8:28:db:0e:20:78:f2:18:df:3e:22:13:8f:07:05:bf:95: 21:bd:d3:0d:1c:a8:ca:39:04:a7:d9:e5:57:ef:48:b7:18:f5: dc:25:76:2c:b0:fb:25:b2:cf:31:fe:71:a9:53:b9:d6:37:a5: 65:f6:0c:da:7e:3f:e4:87:78:7f:05:63:5d:67:a3:ad:50:47: 32:c8:a3:fb
Wenn der obige Text Sie zufrieden stellt, geben Sie einfach Folgendes ein:
$ openssl s_client -connect www.google.com:443 -tls1 -servername www.google.com | \ openssl x509 -text -noout > certificate.txt
Wenn Sie es in einer Datei im ASN.1 / DER- oder PEM-Format speichern möchten, anstatt es anzuzeigen ( -text -noout
), sollten Sie einige der anderen openssl x509
Optionen auschecken .