[实例] x509 命令(读取一个证书的信息)

[root@monitor ssl.crt]# openssl x509 -text -in mail.bob.com.crt 
Certificate:
    Data:
        Version: 1 (0x0)
        Serial Number: 0 (0x0)                                                                                            # 注释 :序列号固定都是 0 ,除非指定了 -set_serial
        Signature Algorithm: md5WithRSAEncryption                                                                # 注释 :签名的算法是 md5(消息摘要)+ RSA (公钥加密)
        Issuer: C=CN, ST=GD, L=GZ, O=NAP, OU=Maintenance, 
CN=mail.bob.com./[email protected]      # 注释 :issuer 字段的值
        Validity
            Not Before: Feb 19 02:18:10 2008 GMT                                                                                        # 注释 :证书的启用时间
            Not After : Feb 18 02:18:10 2009 GMT                                                                                         # 注释 :证书的国企时间
        Subject: C=CN, ST=GD, L=GZ, O=NAP, OU=Maintenance, 
CN=mail.bob.com./[email protected]     # 注释 :subject 字段的值
 
        Subject Public Key Info:                        # 注释 :下面是公钥的信息,要注意,这个公钥是证书所以有人的公钥,而不是 CA 的公钥,所以证书中会嵌入所有者的公钥信息
            Public Key Algorithm: rsaEncryption                            # 注释 :公钥算法 :RSA 
            RSA Public Key: (1024 bit)                                        # 注释 :公钥长度 :1024 bits
                Modulus (1024 bit):                    51:c4:96:4d:55:15:de:65:84:16:68:38:af:27:56:    # 注释 :Modulus(1024 bits)
                    6a:12:5a:95:a3:f7:69:39:a8:9e:7d:67:47:ff:13:
                    da:59:32:1a:ce:06:5b:89:c3:02:1b:7e:90:49:44:
                    4e:23:13:1f:ad:87:8e:51:73:c3:0e:bf:ee:06:81:
                    dd:46:95:4d:36:3a:1f:66:cb:e3:ff:71:23:56:9c:
                    f6:e5:a8:fe:c8:01:27:d2:53:56:35:4f:a5:19:22:
                    cb:da:04:49:29:0d:92:b6:4d
                Exponent: 65537 (0x10001)
    Signature Algorithm: md5WithRSAEncryption                        # 注释 :下面是数字签名部分,就是用 CA 的私钥对 CSR 生成一个摘要,再进行加密
        41:7c:32:37:51:55:a0:34:95:17:58:32:c7:0f:f5:da:dd:34:
        e4:4a:cb:c3:5d:df:33:ef:87:fe:fa:4a:59:8e:c3:05:6f:54:
        cb:0e:f1:b3:ad:4d:67:09:3f:71:78:49:53:1d:03:76:d0:f0:
        4d:27:c0:33:36:26:7d:2a:81:4c:b1:f7:24:62:66:24:12:64:
        73:92:f4:11:6d:4b:bf:a1:ca:00:a1:32:29:e8:2b:c7:fb:3b: 
        3b:0d:7d:97:71:be:8d:a8:ae:5e:39:b0:57:ed:3e:42:db:ed:
        67:bd:5c:2a:a8:e9:8a:2d:1a:4d:d1:f2:13:fa:69:0b:b3:bd:
        17:ed
-----BEGIN CERTIFICATE-----                                                                            # 注释 :这里包含了部分 CSR 的内容
MIICcTCCAdoCAQAwDQYJKoZIhvcNAQEEBQAwgYAxCzAJBgNVBAYTAkNOMQswCQYD
VQQIEwJHRDELMAkGA1UEBxMCR1oxDDAKBgNVBAoTA05BUDEUMBIGA1UECxMLTWFp
bnRlbmFuY2UxFjAUBgNVBAMTDW1haWwuYm9iLmNvbS4xGzAZBgkqhkiG9w0BCQEW
DGFpbG1zQHFxLmNvbTAeFw0wODAyMTkwMjE4MTBaFw0wOTAyMTgwMjE4MTBaMIGA
MQswCQYDVQQGEwJDTjELMAkGA1UECBMCR0QxCzAJBgNVBAcTAkdaMQwwCgYDVQQK
EwNOQVAxFDASBgNVBAsTC01haW50ZW5hbmNlMRYwFAYDVQQDEw1tYWlsLmJvYi5j
b20uMRswGQYJKoZIhvcNAQkBFgxhaWxtc0BxcS5jb20wgZ8wDQYJKoZIhvcNAQEB
BQADgY0AMIGJAoGBALU+HImxh60mrJJilA1dTEjZmbW+zv+ovi9MtWbKUcSWTVUV
3mWEFmg4rydWahJalaP3aTmonn1nR/8T2lkyGs4GW4nDAht+kElETiMTH62HjlFz
ww6/7gaB3UaVTTY6H2bL4/9xI1ac9uWo/sgBJ9JTVjVPpRkiy9oESSkNkrZNAgMB
AAEwDQYJKoZIhvcNAQEEBQADgYEAQXwyN1FVoDSVF1gyxw/12t005ErLw13fM++H
/vpKWY7DBW9Uyw7xs61NZwk/cXhJUx0DdtDwTSfAMzYmfSqBTLH3JGJmJBJkc5L0
EW1Lv6HKAKEyKegrx/s7Ow19l3G+jaiuXjmwV+0+QtvtZ71cKqjpii0aTdHyE/pp
C7O9F+0=
-----END CERTIFICATE-----
[root@monitor ssl.crt]#

你可能感兴趣的:(linux)