openssl的x509命令简单入门

openssl的x509命令简单入门

openssl是一个强大的开源工具包,它能够完成完成各种和ssl有关的操作。

命令说明

openssl -help 会得到如下的提示:

openssl:Error: '-help' is an invalid command.

Standard commands
asn1parse         ca                ciphers           cms               
crl               crl2pkcs7         dgst              dh                
dhparam           dsa               dsaparam          ec                
ecparam           enc               engine            errstr            
gendh             gendsa            genpkey           genrsa            
nseq              ocsp              passwd            pkcs12            
pkcs7             pkcs8             pkey              pkeyparam         
pkeyutl           prime             rand              req               
rsa               rsautl            s_client          s_server          
s_time            sess_id           smime             speed             
spkac             srp               ts                verify            
version           x509              

Message Digest commands (see the `dgst' command for more details)
md4               md5               mdc2              rmd160            
sha               sha1              

Cipher commands (see the `enc' command for more details)
aes-128-cbc       aes-128-ecb       aes-192-cbc       aes-192-ecb       
aes-256-cbc       aes-256-ecb       base64            bf                
bf-cbc            bf-cfb            bf-ecb            bf-ofb            
camellia-128-cbc  camellia-128-ecb  camellia-192-cbc  camellia-192-ecb  
camellia-256-cbc  camellia-256-ecb  cast              cast-cbc          
cast5-cbc         cast5-cfb         cast5-ecb         cast5-ofb         
des               des-cbc           des-cfb           des-ecb           
des-ede           des-ede-cbc       des-ede-cfb       des-ede-ofb       
des-ede3          des-ede3-cbc      des-ede3-cfb      des-ede3-ofb      
des-ofb           des3              desx              idea              
idea-cbc          idea-cfb          idea-ecb          idea-ofb          
rc2               rc2-40-cbc        rc2-64-cbc        rc2-cbc           
rc2-cfb           rc2-ecb           rc2-ofb           rc4               
rc4-40            seed              seed-cbc          seed-cfb          
seed-ecb          seed-ofb          zlib              

通过上面的参数可以发现openssl为为我们提供了大量的参数,每一个参数下面又有其对应的子参数,今天,我就熟悉一下x509参数。

通过openssl x509 -help参数可以得到x509下面的所有子参数。x509的子参数非常多。大概有50多条。

 -inform arg     - input format - default PEM (one of DER, NET or PEM)
 -outform arg    - output format - default PEM (one of DER, NET or PEM)
 -keyform arg    - private key format - default PEM
 -CAform arg     - CA format - default PEM
 -CAkeyform arg  - CA key format - default PEM
 -in arg         - input file - default stdin
 -out arg        - output file - default stdout
 -passin arg     - private key password source
 -serial         - print serial number value
 -subject_hash   - print subject hash value
 -subject_hash_old   - print old-style (MD5) subject hash value
 -issuer_hash    - print issuer hash value
 -issuer_hash_old    - print old-style (MD5) issuer hash value
 -hash           - synonym for -subject_hash
 -subject        - print subject DN
 -issuer         - print issuer DN
 -email          - print email address(es)
 -startdate      - notBefore field
 -enddate        - notAfter field
 -purpose        - print out certificate purposes
 -dates          - both Before and After dates
 -modulus        - print the RSA key modulus
 -pubkey         - output the public key
 -fingerprint    - print the certificate fingerprint
 -alias          - output certificate alias
 -noout          - no certificate output
 -ocspid         - print OCSP hash values for the subject name and public key
 -ocsp_uri       - print OCSP Responder URL(s)
 -trustout       - output a "trusted" certificate
 -clrtrust       - clear all trusted purposes
 -clrreject      - clear all rejected purposes
 -addtrust arg   - trust certificate for a given purpose
 -addreject arg  - reject certificate for a given purpose
 -setalias arg   - set certificate alias
 -days arg       - How long till expiry of a signed certificate - def 30 days
 -checkend arg   - check whether the cert expires in the next arg seconds
                   exit 1 if so, 0 if not
 -signkey arg    - self sign cert with arg
 -x509toreq      - output a certification request object
 -req            - input is a certificate request, sign and output.
 -CA arg         - set the CA certificate, must be PEM format.
 -CAkey arg      - set the CA key, must be PEM format
                   missing, it is assumed to be in the CA file.
 -CAcreateserial - create serial number file if it does not exist
 -CAserial arg   - serial file
 -set_serial     - serial number to use
 -text           - print the certificate in text form
 -C              - print out C code forms
 -md2/-md5/-sha1/-mdc2 - digest to use
 -extfile        - configuration file with X509V3 extensions to add
 -extensions     - section from config file with X509V3 extensions to add
 -clrext         - delete extensions before signing and input certificate
 -nameopt arg    - various certificate name options
 -engine e       - use engine e, possibly a hardware device.
 -certopt arg    - various certificate text options
 -checkhost host - check certificate matches "host"
 -checkemail email - check certificate matches "email"
 -checkip ipaddr - check certificate matches "ipaddr"

inform和outform命令后面可选的参数有三个:PEM、DER、PEM。默认是PEM。用于控制输入和输出的文件类型。

keyform:用于设置私钥的格式,默认格式是PEM。

CAform:用于设置CA的格式,默认格式是PEM。

CAkeyform:用于设置CA的公钥的格式,默认格式是PEM。

in:指定输入文件,默认是标准输入。

out:指定输出文件,默认是标准输出。

passin:指定私钥密码的来源。

seria:显示序列号。

subject_hash:显示项目的hash值。

subject_hash_old:用md5方式显示项目的hash值

issuer_hash:显示签发者的hash

issuer_hash_old:使用md5方式显示项目的hash值

hash:和subject_hash命令一样

subject:打印项目的DN

issuer:打印签发者的DN

email:打印email地址

startdate:打印开始日期

enddate:打印结束日期

purpose:打印证书的用途

dates:打印开始日期和结束日期

modulus:打印RSA的系数

public:输出公钥

fingerprint:输出证书的指纹

alias:输出证书的别名

noout:没证书输出

ocspid:输出OCSP的项目名和公钥的hash值

ocsp_uri:输出OCSP响应者的URL

trustout :输出一个受信的证书

clrtrust:清除所有受信的目的

clrreject:清除所有拒绝的目的

addtrust:为一个给定的目的信任证书

addreject:为一个给定的目的拒绝证书

setalias:设置证书的别名

days: 设置证书的有效期时间,默认30天

checkend:检测证书是否在arg秒后过期

signkey:用arg自签名证书

x509toreq:输出一个证书请求

req:输入是一个证书请求,签名和输出

CA:设置CA证书,必须是PEM格式的

CAkey:设置CA的key,必须是PEM格式

CAcreateserial:如果序列号不存在时创建序列号

CAserial:连续文件

set_serial:使用序列号

text:以文本格式输出证书

C:输出C 代码格式

md2/md5/sha1/mdc2:摘要

extfile:使用X509V3扩展的配置文件

extensions:使用X509V3扩展的配置文件的部分

clrext:在签名和输入证书之前删除扩展

nameopt :多样的证书名称选择

engine:使用引擎,可能是一个硬件设备

certopt:多样的证书文本选择

checkhost:通过host验证证书

checkmail:通过email验证证书

checkip:通过ip验证证书

上面这么多很多事对英文的翻译,可能有些部分翻译不准确。

下面是对这些参数的一些使用例子。

参数使用

我准备了一张百度的证书:

-----BEGIN CERTIFICATE-----
MIIGLjCCBRagAwIBAgIQdimqIPqKjnYkohk29K0aqjANBgkqhkiG9w0BAQUFADCB
vDELMAkGA1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMR8wHQYDVQQL
ExZWZXJpU2lnbiBUcnVzdCBOZXR3b3JrMTswOQYDVQQLEzJUZXJtcyBvZiB1c2Ug
YXQgaHR0cHM6Ly93d3cudmVyaXNpZ24uY29tL3JwYSAoYykxMDE2MDQGA1UEAxMt
VmVyaVNpZ24gQ2xhc3MgMyBJbnRlcm5hdGlvbmFsIFNlcnZlciBDQSAtIEczMB4X
DTE1MDkxNzAwMDAwMFoXDTE2MDgzMTIzNTk1OVowgagxCzAJBgNVBAYTAkNOMRAw
DgYDVQQIEwdCZWlqaW5nMRAwDgYDVQQHFAdCZWlqaW5nMTowOAYDVQQKFDFCZWlq
aW5nIEJhaWR1IE5ldGNvbSBTY2llbmNlIFRlY2hub2xvZ3kgQ28uLCBMdGQuMSUw
IwYDVQQLFBxzZXJ2aWNlIG9wZXJhdGlvbiBkZXBhcnRtZW50MRIwEAYDVQQDFAli
YWlkdS5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCocs/rdlG7
AR4WURwOZFsmWfVbgiAWPnd4YsDi9lMeCS1itCcHOl2bmjwEL2kLHmSZpvDm2GyC
fgoAcsGMJ57ysmtsBmVQoLMNKvrf+6z0MmGsp1k7LIIYwPvXAA7YCH5THt+wpOvu
MCgn68XdgsUgcy5eQFHt5idy6sAkml3C+BuwYSW+Xi+7HBHWoNHwMAfFKEpaTCQj
skBodDvtk9eHEibEAQ8KCWh0HF0YqbJr106y7DYLkrjGtp7KTlm9JnnSleFpLehK
rCxE0cYzq35v2Spy4Dtky6sb0wXbxnaK7msUKu9ZSCo9C5PdbnIuo+vQO4kNipJV
3QKJxJMuz86vAgMBAAGjggI8MIICODCB5gYDVR0RBIHeMIHbggsqLmJhaWR1LmNv
bYILKi5udW9taS5jb22CDCouaGFvMTIzLmNvbYIOKi5iZHN0YXRpYy5jb22CEHd3
dy5iYWlkdS5jb20uY26CDHd3dy5iYWlkdS5jboISc2FwaS5tYXAuYmFpZHUuY29t
ghFsb2MubWFwLmJhaWR1LmNvbYIQbG9nLmhtLmJhaWR1LmNvbYIJYmFpZHUuY29t
ghFhcGkubWFwLmJhaWR1LmNvbYIVY29uc29sZS5iY2UuYmFpZHUuY29tghNsb2dp
bi5iY2UuYmFpZHUuY29tMAkGA1UdEwQCMAAwDgYDVR0PAQH/BAQDAgWgMCgGA1Ud
JQQhMB8GCCsGAQUFBwMBBggrBgEFBQcDAgYJYIZIAYb4QgQBMGEGA1UdIARaMFgw
VgYGZ4EMAQICMEwwIwYIKwYBBQUHAgEWF2h0dHBzOi8vZC5zeW1jYi5jb20vY3Bz
MCUGCCsGAQUFBwICMBkaF2h0dHBzOi8vZC5zeW1jYi5jb20vcnBhMB8GA1UdIwQY
MBaAFNebfNgioBX33a1fzimbWMO8RgC1MCsGA1UdHwQkMCIwIKAeoByGGmh0dHA6
Ly9zZS5zeW1jYi5jb20vc2UuY3JsMFcGCCsGAQUFBwEBBEswSTAfBggrBgEFBQcw
AYYTaHR0cDovL3NlLnN5bWNkLmNvbTAmBggrBgEFBQcwAoYaaHR0cDovL3NlLnN5
bWNiLmNvbS9zZS5jcnQwDQYJKoZIhvcNAQEFBQADggEBACz3im2KDp7SHu8wp//l
b9EOC8dY0zqxRsRTZ0y8RPnKqqbzzQDkXxWWvCrMuevMzqDH1gcEBpQQq2q30dJ7
pzGjdoC801F8OqBtBCxMDI6DwRdCMC/BBxYixBXuK9qfMAvXR11QNnWnYs/aEwUt
OYizq06zmORoOw5DL7FLMprDI4VOvA98Ns6OqLOZTmZfoqIRkD9vu/pgmkUNAUNn
wLDAHEiDzTX2sBH4vCBPjbV1nzYnEpCvr8Fgt+gb2HOVO/mem1tkXubf6S1WtOaP
uav+qkNsfL7jalqLGuBqSxdyLRbYS/GDzaLdMuFEKELF3ROkUai//jDakzbFHnbg
xs0=
-----END CERTIFICATE-----

in

在命令行输入 openssl x509 -in baidu.pem ,得到的效果如下图:

显示的就是证书的PEM格式内容。

noout

在命令行中输入openssl x509 -in baidu.pem -noout 界面上没有任何输出。

serial

在命令行中输入 openssl x509 -in baidu.pem -noout -serial,界面上会输出这张证书的序列号:

subject_hash

在命令行中输入openssl x509 -in baidu.pem -noout -subject_hash,界面上会输出这张证书的主题的hash值:

subject_hash_old

在命令行中输入openssl x509 -in baidu.pem -noout -subject_hash_old,界面上会输出这张证书的主题的md5值:

issuer_hash

在命令行中输入openssl x509 -in baidu.pem -noout -issuer_hash,界面上会显示出这张证书的签发者的hash值:

issuer_hash_old

在命令行中输入openssl x509 -in baidu.pem -noout -issuer_hash_old,界面上会显示出这张证书的签发者的md5值:

hash

在命令行中输入openssl x509 -in baidu.pem -noout -hash,界面上会出现这张证书的主题的hash值:

我们可以发现使用-hash的结果和使用-subject_hash的结果是一样的。

subject

在命令行中输入openssl x509 -in baidu.pem -noout -subject,界面上会出现这张证书的主题的主题内容:

issuer

在命令行中输入openssl x509 -in baidu.pem -noout -issuer,界面上会出现这张证书的签发者的内容:

email

在命令行中输入openssl x509 -in baidu.pem -noout -email,如果这张证书有填写email的话会显示出email信息,如果没有就不显示。百度这张证书没有提供email。因此,并没有任何显示

startdate

在命令行中输入openssl x509 -in baidu.pem -noout -startdate,界面上会显示出这张证书起始时间:

enddate

在命令行中输入openssl x509 -in baidu.pem -noout -enddate,界面上会显示出这张证书的结束时间:

purpose

在命令行中输入openssl x509 -in baidu.pem -noout -purpose,界面上会出现这张证书的用途:

dates

在命令行中输入openssl x509 -in baidu.pem -noout -dates ,界面上会显示证书的有效期:

modulus

在命令行中输入openssl x509 -in baidu.pem -noout -modulus,界面会显示证书的RSA的公共秘钥:

pubkey

在命令行中输入openssl x509 -in baidu.pem -noout -pubkey ,界面会显示证书的公钥信息:

fingerprint

在命令行中输入openssl x509 -in baidu.pem -noout -fingerprint,界面会显示证书的指纹信息:

alias

在命令行中输入openssl x509 -in baidu.pem -noout -alias,界面会显示出证书的别名,如果没有别名,则会显示\

ocspid

在命令行中输入openssl x509 -in baidu.pem -noout -ocspid,如果证书中有ocspid的信息,显示,没有则不显示。

ocsp_uri

在命令行中输入 openssl x509 -in baidu.pem -noout -ocsp_uri,界面会显示ocsp的url地址:

test

在命令行中输入openssl x509 -in baidu.pem -noout -text,界面会显示已文本形式的证书信息:

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            76:29:aa:20:fa:8a:8e:76:24:a2:19:36:f4:ad:1a:aa
    Signature Algorithm: sha1WithRSAEncryption
        Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 International Server CA - G3
        Validity
            Not Before: Sep 17 00:00:00 2015 GMT
            Not After : Aug 31 23:59:59 2016 GMT
        Subject: C=CN, ST=Beijing, L=Beijing, O=Beijing Baidu Netcom Science Technology Co., Ltd., OU=service operation department, CN=baidu.com
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                Public-Key: (2048 bit)
                Modulus:
                    00:a8:72:cf:eb:76:51:bb:01:1e:16:51:1c:0e:64:
                    5b:26:59:f5:5b:82:20:16:3e:77:78:62:c0:e2:f6:
                    53:1e:09:2d:62:b4:27:07:3a:5d:9b:9a:3c:04:2f:
                    69:0b:1e:64:99:a6:f0:e6:d8:6c:82:7e:0a:00:72:
                    c1:8c:27:9e:f2:b2:6b:6c:06:65:50:a0:b3:0d:2a:
                    fa:df:fb:ac:f4:32:61:ac:a7:59:3b:2c:82:18:c0:
                    fb:d7:00:0e:d8:08:7e:53:1e:df:b0:a4:eb:ee:30:
                    28:27:eb:c5:dd:82:c5:20:73:2e:5e:40:51:ed:e6:
                    27:72:ea:c0:24:9a:5d:c2:f8:1b:b0:61:25:be:5e:
                    2f:bb:1c:11:d6:a0:d1:f0:30:07:c5:28:4a:5a:4c:
                    24:23:b2:40:68:74:3b:ed:93:d7:87:12:26:c4:01:
                    0f:0a:09:68:74:1c:5d:18:a9:b2:6b:d7:4e:b2:ec:
                    36:0b:92:b8:c6:b6:9e:ca:4e:59:bd:26:79:d2:95:
                    e1:69:2d:e8:4a:ac:2c:44:d1:c6:33:ab:7e:6f:d9:
                    2a:72:e0:3b:64:cb:ab:1b:d3:05:db:c6:76:8a:ee:
                    6b:14:2a:ef:59:48:2a:3d:0b:93:dd:6e:72:2e:a3:
                    eb:d0:3b:89:0d:8a:92:55:dd:02:89:c4:93:2e:cf:
                    ce:af
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Alternative Name: 
                DNS:*.baidu.com, DNS:*.nuomi.com, DNS:*.hao123.com, DNS:*.bdstatic.com, DNS:www.baidu.com.cn, DNS:www.baidu.cn, DNS:sapi.map.baidu.com, DNS:loc.map.baidu.com, DNS:log.hm.baidu.com, DNS:baidu.com, DNS:api.map.baidu.com, DNS:console.bce.baidu.com, DNS:login.bce.baidu.com
            X509v3 Basic Constraints: 
                CA:FALSE
            X509v3 Key Usage: critical
                Digital Signature, Key Encipherment
            X509v3 Extended Key Usage: 
                TLS Web Server Authentication, TLS Web Client Authentication, Netscape Server Gated Crypto
            X509v3 Certificate Policies: 
                Policy: 2.23.140.1.2.2
                  CPS: https://d.symcb.com/cps
                  User Notice:
                    Explicit Text: https://d.symcb.com/rpa

            X509v3 Authority Key Identifier: 
                keyid:D7:9B:7C:D8:22:A0:15:F7:DD:AD:5F:CE:29:9B:58:C3:BC:46:00:B5

            X509v3 CRL Distribution Points: 

                Full Name:
                  URI:http://se.symcb.com/se.crl

            Authority Information Access: 
                OCSP - URI:http://se.symcd.com
                CA Issuers - URI:http://se.symcb.com/se.crt

    Signature Algorithm: sha1WithRSAEncryption
         2c:f7:8a:6d:8a:0e:9e:d2:1e:ef:30:a7:ff:e5:6f:d1:0e:0b:
         c7:58:d3:3a:b1:46:c4:53:67:4c:bc:44:f9:ca:aa:a6:f3:cd:
         00:e4:5f:15:96:bc:2a:cc:b9:eb:cc:ce:a0:c7:d6:07:04:06:
         94:10:ab:6a:b7:d1:d2:7b:a7:31:a3:76:80:bc:d3:51:7c:3a:
         a0:6d:04:2c:4c:0c:8e:83:c1:17:42:30:2f:c1:07:16:22:c4:
         15:ee:2b:da:9f:30:0b:d7:47:5d:50:36:75:a7:62:cf:da:13:
         05:2d:39:88:b3:ab:4e:b3:98:e4:68:3b:0e:43:2f:b1:4b:32:
         9a:c3:23:85:4e:bc:0f:7c:36:ce:8e:a8:b3:99:4e:66:5f:a2:
         a2:11:90:3f:6f:bb:fa:60:9a:45:0d:01:43:67:c0:b0:c0:1c:
         48:83:cd:35:f6:b0:11:f8:bc:20:4f:8d:b5:75:9f:36:27:12:
         90:af:af:c1:60:b7:e8:1b:d8:73:95:3b:f9:9e:9b:5b:64:5e:
         e6:df:e9:2d:56:b4:e6:8f:b9:ab:fe:aa:43:6c:7c:be:e3:6a:
         5a:8b:1a:e0:6a:4b:17:72:2d:16:d8:4b:f1:83:cd:a2:dd:32:
         e1:44:28:42:c5:dd:13:a4:51:a8:bf:fe:30:da:93:36:c5:1e:
         76:e0:c6:cd

C

在控制台中输入openssl x509 -in baidu.pem -noout -C,界面上会以C代码的形式展示出证书的信息:

/* subject:/C=CN/ST=Beijing/L=Beijing/O=Beijing Baidu Netcom Science Technology Co., Ltd./OU=service operation department/CN=baidu.com */
/* issuer :/C=US/O=VeriSign, Inc./OU=VeriSign Trust Network/OU=Terms of use at https://www.verisign.com/rpa (c)10/CN=VeriSign Class 3 International Server CA - G3 */
unsigned char XXX_subject_name[171]={
0x30,0x81,0xA8,0x31,0x0B,0x30,0x09,0x06,0x03,0x55,0x04,0x06,0x13,0x02,0x43,0x4E,
0x31,0x10,0x30,0x0E,0x06,0x03,0x55,0x04,0x08,0x13,0x07,0x42,0x65,0x69,0x6A,0x69,
0x6E,0x67,0x31,0x10,0x30,0x0E,0x06,0x03,0x55,0x04,0x07,0x14,0x07,0x42,0x65,0x69,
0x6A,0x69,0x6E,0x67,0x31,0x3A,0x30,0x38,0x06,0x03,0x55,0x04,0x0A,0x14,0x31,0x42,
0x65,0x69,0x6A,0x69,0x6E,0x67,0x20,0x42,0x61,0x69,0x64,0x75,0x20,0x4E,0x65,0x74,
0x63,0x6F,0x6D,0x20,0x53,0x63,0x69,0x65,0x6E,0x63,0x65,0x20,0x54,0x65,0x63,0x68,
0x6E,0x6F,0x6C,0x6F,0x67,0x79,0x20,0x43,0x6F,0x2E,0x2C,0x20,0x4C,0x74,0x64,0x2E,
0x31,0x25,0x30,0x23,0x06,0x03,0x55,0x04,0x0B,0x14,0x1C,0x73,0x65,0x72,0x76,0x69,
0x63,0x65,0x20,0x6F,0x70,0x65,0x72,0x61,0x74,0x69,0x6F,0x6E,0x20,0x64,0x65,0x70,
0x61,0x72,0x74,0x6D,0x65,0x6E,0x74,0x31,0x12,0x30,0x10,0x06,0x03,0x55,0x04,0x03,
0x14,0x09,0x62,0x61,0x69,0x64,0x75,0x2E,0x63,0x6F,0x6D,
};
unsigned char XXX_public_key[294]={
0x30,0x82,0x01,0x22,0x30,0x0D,0x06,0x09,0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x01,
0x01,0x05,0x00,0x03,0x82,0x01,0x0F,0x00,0x30,0x82,0x01,0x0A,0x02,0x82,0x01,0x01,
0x00,0xA8,0x72,0xCF,0xEB,0x76,0x51,0xBB,0x01,0x1E,0x16,0x51,0x1C,0x0E,0x64,0x5B,
0x26,0x59,0xF5,0x5B,0x82,0x20,0x16,0x3E,0x77,0x78,0x62,0xC0,0xE2,0xF6,0x53,0x1E,
0x09,0x2D,0x62,0xB4,0x27,0x07,0x3A,0x5D,0x9B,0x9A,0x3C,0x04,0x2F,0x69,0x0B,0x1E,
0x64,0x99,0xA6,0xF0,0xE6,0xD8,0x6C,0x82,0x7E,0x0A,0x00,0x72,0xC1,0x8C,0x27,0x9E,
0xF2,0xB2,0x6B,0x6C,0x06,0x65,0x50,0xA0,0xB3,0x0D,0x2A,0xFA,0xDF,0xFB,0xAC,0xF4,
0x32,0x61,0xAC,0xA7,0x59,0x3B,0x2C,0x82,0x18,0xC0,0xFB,0xD7,0x00,0x0E,0xD8,0x08,
0x7E,0x53,0x1E,0xDF,0xB0,0xA4,0xEB,0xEE,0x30,0x28,0x27,0xEB,0xC5,0xDD,0x82,0xC5,
0x20,0x73,0x2E,0x5E,0x40,0x51,0xED,0xE6,0x27,0x72,0xEA,0xC0,0x24,0x9A,0x5D,0xC2,
0xF8,0x1B,0xB0,0x61,0x25,0xBE,0x5E,0x2F,0xBB,0x1C,0x11,0xD6,0xA0,0xD1,0xF0,0x30,
0x07,0xC5,0x28,0x4A,0x5A,0x4C,0x24,0x23,0xB2,0x40,0x68,0x74,0x3B,0xED,0x93,0xD7,
0x87,0x12,0x26,0xC4,0x01,0x0F,0x0A,0x09,0x68,0x74,0x1C,0x5D,0x18,0xA9,0xB2,0x6B,
0xD7,0x4E,0xB2,0xEC,0x36,0x0B,0x92,0xB8,0xC6,0xB6,0x9E,0xCA,0x4E,0x59,0xBD,0x26,
0x79,0xD2,0x95,0xE1,0x69,0x2D,0xE8,0x4A,0xAC,0x2C,0x44,0xD1,0xC6,0x33,0xAB,0x7E,
0x6F,0xD9,0x2A,0x72,0xE0,0x3B,0x64,0xCB,0xAB,0x1B,0xD3,0x05,0xDB,0xC6,0x76,0x8A,
0xEE,0x6B,0x14,0x2A,0xEF,0x59,0x48,0x2A,0x3D,0x0B,0x93,0xDD,0x6E,0x72,0x2E,0xA3,
0xEB,0xD0,0x3B,0x89,0x0D,0x8A,0x92,0x55,0xDD,0x02,0x89,0xC4,0x93,0x2E,0xCF,0xCE,
0xAF,0x02,0x03,0x01,0x00,0x01,
};
unsigned char XXX_certificate[1586]={
0x30,0x82,0x06,0x2E,0x30,0x82,0x05,0x16,0xA0,0x03,0x02,0x01,0x02,0x02,0x10,0x76,
0x29,0xAA,0x20,0xFA,0x8A,0x8E,0x76,0x24,0xA2,0x19,0x36,0xF4,0xAD,0x1A,0xAA,0x30,
0x0D,0x06,0x09,0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x01,0x05,0x05,0x00,0x30,0x81,
0xBC,0x31,0x0B,0x30,0x09,0x06,0x03,0x55,0x04,0x06,0x13,0x02,0x55,0x53,0x31,0x17,
0x30,0x15,0x06,0x03,0x55,0x04,0x0A,0x13,0x0E,0x56,0x65,0x72,0x69,0x53,0x69,0x67,
0x6E,0x2C,0x20,0x49,0x6E,0x63,0x2E,0x31,0x1F,0x30,0x1D,0x06,0x03,0x55,0x04,0x0B,
0x13,0x16,0x56,0x65,0x72,0x69,0x53,0x69,0x67,0x6E,0x20,0x54,0x72,0x75,0x73,0x74,
0x20,0x4E,0x65,0x74,0x77,0x6F,0x72,0x6B,0x31,0x3B,0x30,0x39,0x06,0x03,0x55,0x04,
0x0B,0x13,0x32,0x54,0x65,0x72,0x6D,0x73,0x20,0x6F,0x66,0x20,0x75,0x73,0x65,0x20,
0x61,0x74,0x20,0x68,0x74,0x74,0x70,0x73,0x3A,0x2F,0x2F,0x77,0x77,0x77,0x2E,0x76,
0x65,0x72,0x69,0x73,0x69,0x67,0x6E,0x2E,0x63,0x6F,0x6D,0x2F,0x72,0x70,0x61,0x20,
0x28,0x63,0x29,0x31,0x30,0x31,0x36,0x30,0x34,0x06,0x03,0x55,0x04,0x03,0x13,0x2D,
0x56,0x65,0x72,0x69,0x53,0x69,0x67,0x6E,0x20,0x43,0x6C,0x61,0x73,0x73,0x20,0x33,
0x20,0x49,0x6E,0x74,0x65,0x72,0x6E,0x61,0x74,0x69,0x6F,0x6E,0x61,0x6C,0x20,0x53,
0x65,0x72,0x76,0x65,0x72,0x20,0x43,0x41,0x20,0x2D,0x20,0x47,0x33,0x30,0x1E,0x17,
0x0D,0x31,0x35,0x30,0x39,0x31,0x37,0x30,0x30,0x30,0x30,0x30,0x30,0x5A,0x17,0x0D,
0x31,0x36,0x30,0x38,0x33,0x31,0x32,0x33,0x35,0x39,0x35,0x39,0x5A,0x30,0x81,0xA8,
0x31,0x0B,0x30,0x09,0x06,0x03,0x55,0x04,0x06,0x13,0x02,0x43,0x4E,0x31,0x10,0x30,
0x0E,0x06,0x03,0x55,0x04,0x08,0x13,0x07,0x42,0x65,0x69,0x6A,0x69,0x6E,0x67,0x31,
0x10,0x30,0x0E,0x06,0x03,0x55,0x04,0x07,0x14,0x07,0x42,0x65,0x69,0x6A,0x69,0x6E,
0x67,0x31,0x3A,0x30,0x38,0x06,0x03,0x55,0x04,0x0A,0x14,0x31,0x42,0x65,0x69,0x6A,
0x69,0x6E,0x67,0x20,0x42,0x61,0x69,0x64,0x75,0x20,0x4E,0x65,0x74,0x63,0x6F,0x6D,
0x20,0x53,0x63,0x69,0x65,0x6E,0x63,0x65,0x20,0x54,0x65,0x63,0x68,0x6E,0x6F,0x6C,
0x6F,0x67,0x79,0x20,0x43,0x6F,0x2E,0x2C,0x20,0x4C,0x74,0x64,0x2E,0x31,0x25,0x30,
0x23,0x06,0x03,0x55,0x04,0x0B,0x14,0x1C,0x73,0x65,0x72,0x76,0x69,0x63,0x65,0x20,
0x6F,0x70,0x65,0x72,0x61,0x74,0x69,0x6F,0x6E,0x20,0x64,0x65,0x70,0x61,0x72,0x74,
0x6D,0x65,0x6E,0x74,0x31,0x12,0x30,0x10,0x06,0x03,0x55,0x04,0x03,0x14,0x09,0x62,
0x61,0x69,0x64,0x75,0x2E,0x63,0x6F,0x6D,0x30,0x82,0x01,0x22,0x30,0x0D,0x06,0x09,
0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x01,0x01,0x05,0x00,0x03,0x82,0x01,0x0F,0x00,
0x30,0x82,0x01,0x0A,0x02,0x82,0x01,0x01,0x00,0xA8,0x72,0xCF,0xEB,0x76,0x51,0xBB,
0x01,0x1E,0x16,0x51,0x1C,0x0E,0x64,0x5B,0x26,0x59,0xF5,0x5B,0x82,0x20,0x16,0x3E,
0x77,0x78,0x62,0xC0,0xE2,0xF6,0x53,0x1E,0x09,0x2D,0x62,0xB4,0x27,0x07,0x3A,0x5D,
0x9B,0x9A,0x3C,0x04,0x2F,0x69,0x0B,0x1E,0x64,0x99,0xA6,0xF0,0xE6,0xD8,0x6C,0x82,
0x7E,0x0A,0x00,0x72,0xC1,0x8C,0x27,0x9E,0xF2,0xB2,0x6B,0x6C,0x06,0x65,0x50,0xA0,
0xB3,0x0D,0x2A,0xFA,0xDF,0xFB,0xAC,0xF4,0x32,0x61,0xAC,0xA7,0x59,0x3B,0x2C,0x82,
0x18,0xC0,0xFB,0xD7,0x00,0x0E,0xD8,0x08,0x7E,0x53,0x1E,0xDF,0xB0,0xA4,0xEB,0xEE,
0x30,0x28,0x27,0xEB,0xC5,0xDD,0x82,0xC5,0x20,0x73,0x2E,0x5E,0x40,0x51,0xED,0xE6,
0x27,0x72,0xEA,0xC0,0x24,0x9A,0x5D,0xC2,0xF8,0x1B,0xB0,0x61,0x25,0xBE,0x5E,0x2F,
0xBB,0x1C,0x11,0xD6,0xA0,0xD1,0xF0,0x30,0x07,0xC5,0x28,0x4A,0x5A,0x4C,0x24,0x23,
0xB2,0x40,0x68,0x74,0x3B,0xED,0x93,0xD7,0x87,0x12,0x26,0xC4,0x01,0x0F,0x0A,0x09,
0x68,0x74,0x1C,0x5D,0x18,0xA9,0xB2,0x6B,0xD7,0x4E,0xB2,0xEC,0x36,0x0B,0x92,0xB8,
0xC6,0xB6,0x9E,0xCA,0x4E,0x59,0xBD,0x26,0x79,0xD2,0x95,0xE1,0x69,0x2D,0xE8,0x4A,
0xAC,0x2C,0x44,0xD1,0xC6,0x33,0xAB,0x7E,0x6F,0xD9,0x2A,0x72,0xE0,0x3B,0x64,0xCB,
0xAB,0x1B,0xD3,0x05,0xDB,0xC6,0x76,0x8A,0xEE,0x6B,0x14,0x2A,0xEF,0x59,0x48,0x2A,
0x3D,0x0B,0x93,0xDD,0x6E,0x72,0x2E,0xA3,0xEB,0xD0,0x3B,0x89,0x0D,0x8A,0x92,0x55,
0xDD,0x02,0x89,0xC4,0x93,0x2E,0xCF,0xCE,0xAF,0x02,0x03,0x01,0x00,0x01,0xA3,0x82,
0x02,0x3C,0x30,0x82,0x02,0x38,0x30,0x81,0xE6,0x06,0x03,0x55,0x1D,0x11,0x04,0x81,
0xDE,0x30,0x81,0xDB,0x82,0x0B,0x2A,0x2E,0x62,0x61,0x69,0x64,0x75,0x2E,0x63,0x6F,
0x6D,0x82,0x0B,0x2A,0x2E,0x6E,0x75,0x6F,0x6D,0x69,0x2E,0x63,0x6F,0x6D,0x82,0x0C,
0x2A,0x2E,0x68,0x61,0x6F,0x31,0x32,0x33,0x2E,0x63,0x6F,0x6D,0x82,0x0E,0x2A,0x2E,
0x62,0x64,0x73,0x74,0x61,0x74,0x69,0x63,0x2E,0x63,0x6F,0x6D,0x82,0x10,0x77,0x77,
0x77,0x2E,0x62,0x61,0x69,0x64,0x75,0x2E,0x63,0x6F,0x6D,0x2E,0x63,0x6E,0x82,0x0C,
0x77,0x77,0x77,0x2E,0x62,0x61,0x69,0x64,0x75,0x2E,0x63,0x6E,0x82,0x12,0x73,0x61,
0x70,0x69,0x2E,0x6D,0x61,0x70,0x2E,0x62,0x61,0x69,0x64,0x75,0x2E,0x63,0x6F,0x6D,
0x82,0x11,0x6C,0x6F,0x63,0x2E,0x6D,0x61,0x70,0x2E,0x62,0x61,0x69,0x64,0x75,0x2E,
0x63,0x6F,0x6D,0x82,0x10,0x6C,0x6F,0x67,0x2E,0x68,0x6D,0x2E,0x62,0x61,0x69,0x64,
0x75,0x2E,0x63,0x6F,0x6D,0x82,0x09,0x62,0x61,0x69,0x64,0x75,0x2E,0x63,0x6F,0x6D,
0x82,0x11,0x61,0x70,0x69,0x2E,0x6D,0x61,0x70,0x2E,0x62,0x61,0x69,0x64,0x75,0x2E,
0x63,0x6F,0x6D,0x82,0x15,0x63,0x6F,0x6E,0x73,0x6F,0x6C,0x65,0x2E,0x62,0x63,0x65,
0x2E,0x62,0x61,0x69,0x64,0x75,0x2E,0x63,0x6F,0x6D,0x82,0x13,0x6C,0x6F,0x67,0x69,
0x6E,0x2E,0x62,0x63,0x65,0x2E,0x62,0x61,0x69,0x64,0x75,0x2E,0x63,0x6F,0x6D,0x30,
0x09,0x06,0x03,0x55,0x1D,0x13,0x04,0x02,0x30,0x00,0x30,0x0E,0x06,0x03,0x55,0x1D,
0x0F,0x01,0x01,0xFF,0x04,0x04,0x03,0x02,0x05,0xA0,0x30,0x28,0x06,0x03,0x55,0x1D,
0x25,0x04,0x21,0x30,0x1F,0x06,0x08,0x2B,0x06,0x01,0x05,0x05,0x07,0x03,0x01,0x06,
0x08,0x2B,0x06,0x01,0x05,0x05,0x07,0x03,0x02,0x06,0x09,0x60,0x86,0x48,0x01,0x86,
0xF8,0x42,0x04,0x01,0x30,0x61,0x06,0x03,0x55,0x1D,0x20,0x04,0x5A,0x30,0x58,0x30,
0x56,0x06,0x06,0x67,0x81,0x0C,0x01,0x02,0x02,0x30,0x4C,0x30,0x23,0x06,0x08,0x2B,
0x06,0x01,0x05,0x05,0x07,0x02,0x01,0x16,0x17,0x68,0x74,0x74,0x70,0x73,0x3A,0x2F,
0x2F,0x64,0x2E,0x73,0x79,0x6D,0x63,0x62,0x2E,0x63,0x6F,0x6D,0x2F,0x63,0x70,0x73,
0x30,0x25,0x06,0x08,0x2B,0x06,0x01,0x05,0x05,0x07,0x02,0x02,0x30,0x19,0x1A,0x17,
0x68,0x74,0x74,0x70,0x73,0x3A,0x2F,0x2F,0x64,0x2E,0x73,0x79,0x6D,0x63,0x62,0x2E,
0x63,0x6F,0x6D,0x2F,0x72,0x70,0x61,0x30,0x1F,0x06,0x03,0x55,0x1D,0x23,0x04,0x18,
0x30,0x16,0x80,0x14,0xD7,0x9B,0x7C,0xD8,0x22,0xA0,0x15,0xF7,0xDD,0xAD,0x5F,0xCE,
0x29,0x9B,0x58,0xC3,0xBC,0x46,0x00,0xB5,0x30,0x2B,0x06,0x03,0x55,0x1D,0x1F,0x04,
0x24,0x30,0x22,0x30,0x20,0xA0,0x1E,0xA0,0x1C,0x86,0x1A,0x68,0x74,0x74,0x70,0x3A,
0x2F,0x2F,0x73,0x65,0x2E,0x73,0x79,0x6D,0x63,0x62,0x2E,0x63,0x6F,0x6D,0x2F,0x73,
0x65,0x2E,0x63,0x72,0x6C,0x30,0x57,0x06,0x08,0x2B,0x06,0x01,0x05,0x05,0x07,0x01,
0x01,0x04,0x4B,0x30,0x49,0x30,0x1F,0x06,0x08,0x2B,0x06,0x01,0x05,0x05,0x07,0x30,
0x01,0x86,0x13,0x68,0x74,0x74,0x70,0x3A,0x2F,0x2F,0x73,0x65,0x2E,0x73,0x79,0x6D,
0x63,0x64,0x2E,0x63,0x6F,0x6D,0x30,0x26,0x06,0x08,0x2B,0x06,0x01,0x05,0x05,0x07,
0x30,0x02,0x86,0x1A,0x68,0x74,0x74,0x70,0x3A,0x2F,0x2F,0x73,0x65,0x2E,0x73,0x79,
0x6D,0x63,0x62,0x2E,0x63,0x6F,0x6D,0x2F,0x73,0x65,0x2E,0x63,0x72,0x74,0x30,0x0D,
0x06,0x09,0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x01,0x05,0x05,0x00,0x03,0x82,0x01,
0x01,0x00,0x2C,0xF7,0x8A,0x6D,0x8A,0x0E,0x9E,0xD2,0x1E,0xEF,0x30,0xA7,0xFF,0xE5,
0x6F,0xD1,0x0E,0x0B,0xC7,0x58,0xD3,0x3A,0xB1,0x46,0xC4,0x53,0x67,0x4C,0xBC,0x44,
0xF9,0xCA,0xAA,0xA6,0xF3,0xCD,0x00,0xE4,0x5F,0x15,0x96,0xBC,0x2A,0xCC,0xB9,0xEB,
0xCC,0xCE,0xA0,0xC7,0xD6,0x07,0x04,0x06,0x94,0x10,0xAB,0x6A,0xB7,0xD1,0xD2,0x7B,
0xA7,0x31,0xA3,0x76,0x80,0xBC,0xD3,0x51,0x7C,0x3A,0xA0,0x6D,0x04,0x2C,0x4C,0x0C,
0x8E,0x83,0xC1,0x17,0x42,0x30,0x2F,0xC1,0x07,0x16,0x22,0xC4,0x15,0xEE,0x2B,0xDA,
0x9F,0x30,0x0B,0xD7,0x47,0x5D,0x50,0x36,0x75,0xA7,0x62,0xCF,0xDA,0x13,0x05,0x2D,
0x39,0x88,0xB3,0xAB,0x4E,0xB3,0x98,0xE4,0x68,0x3B,0x0E,0x43,0x2F,0xB1,0x4B,0x32,
0x9A,0xC3,0x23,0x85,0x4E,0xBC,0x0F,0x7C,0x36,0xCE,0x8E,0xA8,0xB3,0x99,0x4E,0x66,
0x5F,0xA2,0xA2,0x11,0x90,0x3F,0x6F,0xBB,0xFA,0x60,0x9A,0x45,0x0D,0x01,0x43,0x67,
0xC0,0xB0,0xC0,0x1C,0x48,0x83,0xCD,0x35,0xF6,0xB0,0x11,0xF8,0xBC,0x20,0x4F,0x8D,
0xB5,0x75,0x9F,0x36,0x27,0x12,0x90,0xAF,0xAF,0xC1,0x60,0xB7,0xE8,0x1B,0xD8,0x73,
0x95,0x3B,0xF9,0x9E,0x9B,0x5B,0x64,0x5E,0xE6,0xDF,0xE9,0x2D,0x56,0xB4,0xE6,0x8F,
0xB9,0xAB,0xFE,0xAA,0x43,0x6C,0x7C,0xBE,0xE3,0x6A,0x5A,0x8B,0x1A,0xE0,0x6A,0x4B,
0x17,0x72,0x2D,0x16,0xD8,0x4B,0xF1,0x83,0xCD,0xA2,0xDD,0x32,0xE1,0x44,0x28,0x42,
0xC5,0xDD,0x13,0xA4,0x51,0xA8,0xBF,0xFE,0x30,0xDA,0x93,0x36,0xC5,0x1E,0x76,0xE0,
0xC6,0xCD,
};

checkXXX

checkhost 验证域名是否在证书信息中,checkemail验证email是否在证书信息中,checkup 验证输入的ip是否在证书的ip域中。

还有很多的命令没有了解,比如req这些,这些命令好像和生成证书有关。下次再了解说明。

你可能感兴趣的:(openssl)