SSL证明书的有效期限的确认

A：本地证明书文件的有效期限的确认

# openssl x509 -noout -dates -in /etc/pki/tls/certs/ca-bundle.crt

notBefore=May 5 09:37:37 2011 GMT

notAfter=Dec 31 09:37:37 2030 GMT

B：服务侧证明书的有效期限的确认

---HTTPS

# openssl s_client -connect baidu.com:443 | openssl x509 -noout -enddate

depth=2 C = US, O = DigiCert Inc, OU = www.digicert.com, CN = DigiCert Global Root CA

verify return:1

depth=1 C = US, O = DigiCert Inc, CN = DigiCert SHA2 Secure Server CA

verify return:1

depth=0 C = CN, L = Beijing, O = "BeiJing Baidu Netcom Science Technology Co., Ltd", OU = service operation department, CN = www.baidu.cn

verify return:1

notAfter=Mar 17 12:00:00 2020 GMT

---SMTP

# openssl s_client -connect smtp.163.com:25 -starttls smtp | openssl x509 -noout -dates

depth=2 C = US, O = DigiCert Inc, OU = www.digicert.com, CN = DigiCert Global Root CA

verify return:1

depth=1 C = US, O = DigiCert Inc, OU = www.digicert.com, CN = GeoTrust RSA CA 2018

verify return:1

depth=0 C = CN, ST = Zhejiang, L = Hangzhou, O = "NetEase (Hangzhou) Network Co.,Ltd", OU = Game Dep., CN = *.163.com

verify return:1

250 8BITMIME

notBefore=Dec 20 00:00:00 2018 GMT

notAfter=Mar 20 12:00:00 2020 GMT

SSL证明书的使用者和颁发者的确认

# openssl x509 -noout -subject -in /etc/pki/tls/certs/ca-bundle.crt

subject= /CN=ACCVRAIZ1/OU=PKIACCV/O=ACCV/C=ES

# openssl x509 -noout -issuer -in /etc/pki/tls/certs/ca-bundle.crt

issuer= /CN=ACCVRAIZ1/OU=PKIACCV/O=ACCV/C=ES

SSL证明书的文件的确认

# openssl x509 -noout -text -in /etc/pki/tls/certs/ca-bundle.crt

Certificate:

Data:

Version: 3 (0x2)

Serial Number: 6828503384748696800 (0x5ec3b7a6437fa4e0)

Signature Algorithm: sha1WithRSAEncryption

Issuer: CN=ACCVRAIZ1, OU=PKIACCV, O=ACCV, C=ES

Validity

Not Before: May 5 09:37:37 2011 GMT

Not After : Dec 31 09:37:37 2030 GMT

Subject: CN=ACCVRAIZ1, OU=PKIACCV, O=ACCV, C=ES

Subject Public Key Info:

Public Key Algorithm: rsaEncryption

Public-Key: (4096 bit)

Modulus:

00:9b:a9:ab:bf:61:4a:97:af:2f:97:66:9a:74:5f:

d0:d9:96:fd:cf:e2:e4:66:ef:1f:1f:47:33:c2:44:

a3:df:9a:de:1f:b5:54:dd:15:7c:69:35:11:6f:bb:

c8:0c:8e:6a:18:1e:d8:8f:d9:16:bc:10:48:36:5c:

f0:63:b3:90:5a:5c:24:37:d7:a3:d6:cb:09:71:b9:

f1:01:72:84:b0:7d:db:4d:80:cd:fc:d3:6f:c9:f8:

da:b6:0e:82:d2:45:85:a8:1b:68:a8:3d:e8:f4:44:

6c:bd:a1:c2:cb:03:be:8c:3e:13:00:84:df:4a:48:

c0:e3:22:0a:e8:e9:37:a7:18:4c:b1:09:0d:23:56:

7f:04:4d:d9:17:84:18:a5:c8:da:40:94:73:eb:ce:

0e:57:3c:03:81:3a:9d:0a:a1:57:43:69:ac:57:6d:

79:90:78:e5:b5:b4:3b:d8:bc:4c:8d:28:a1:a7:a3:

a7:ba:02:4e:25:d1:2a:ae:ed:ae:03:22:b8:6b:20:

0f:30:28:54:95:7f:e0:ee:ce:0a:66:9d:d1:40:2d:

6e:22:af:9d:1a:c1:05:19:d2:6f:c0:f2:9f:f8:7b:

b3:02:42:fb:50:a9:1d:2d:93:0f:23:ab:c6:c1:0f:

92:ff:d0:a2:15:f5:53:09:71:1c:ff:45:13:84:e6:

26:5e:f8:e0:88:1c:0a:fc:16:b6:a8:73:06:b8:f0:

63:84:02:a0:c6:5a:ec:e7:74:df:70:ae:a3:83:25:

ea:d6:c7:97:87:93:a7:c6:8a:8a:33:97:60:37:10:

3e:97:3e:6e:29:15:d6:a1:0f:d1:88:2c:12:9f:6f:

aa:a4:c6:42:eb:41:a2:e3:95:43:d3:01:85:6d:8e:

bb:3b:f3:23:36:c7:fe:3b:e0:a1:25:07:48:ab:c9:

89:74:ff:08:8f:80:bf:c0:96:65:f3:ee:ec:4b:68:

bd:9d:88:c3:31:b3:40:f1:e8:cf:f6:38:bb:9c:e4:

d1:7f:d4:e5:58:9b:7c:fa:d4:f3:0e:9b:75:91:e4:

ba:52:2e:19:7e:d1:f5:cd:5a:19:fc:ba:06:f6:fb:

52:a8:4b:99:04:dd:f8:f9:b4:8b:50:a3:4e:62:89:

f0:87:24:fa:83:42:c1:87:fa:d5:2d:29:2a:5a:71:

7a:64:6a:d7:27:60:63:0d:db:ce:49:f5:8d:1f:90:

89:32:17:f8:73:43:b8:d2:5a:93:86:61:d6:e1:75:

0a:ea:79:66:76:88:4f:71:eb:04:25:d6:0a:5a:7a:

93:e5:b9:4b:17:40:0f:b1:b6:b9:f5:de:4f:dc:e0:

b3:ac:3b:11:70:60:84:4a:43:6e:99:20:c0:29:71:

0a:c0:65

Exponent: 65537 (0x10001)

X509v3 extensions:

Authority Information Access:

CA Issuers - URI:http://www.accv.es/fileadmin/Archivos/certificados/raizaccv1.crt

OCSP - URI:http://ocsp.accv.es

X509v3 Subject Key Identifier:

D2:87:B4:E3:DF:37:27:93:55:F6:56:EA:81:E5:36:CC:8C:1E:3F:BD

X509v3 Basic Constraints: critical

CA:TRUE

X509v3 Authority Key Identifier:

keyid:D2:87:B4:E3:DF:37:27:93:55:F6:56:EA:81:E5:36:CC:8C:1E:3F:BD

X509v3 Certificate Policies:

Policy: X509v3 Any Policy

User Notice:

Explicit Text:

CPS: http://www.accv.es/legislacion_c.htm

X509v3 CRL Distribution Points:

Full Name:

URI:http://www.accv.es/fileadmin/Archivos/certificados/raizaccv1_der.crl

X509v3 Key Usage: critical

Certificate Sign, CRL Sign

X509v3 Subject Alternative Name:

email:[email protected]

Signature Algorithm: sha1WithRSAEncryption

97:31:02:9f:e7:fd:43:67:48:44:14:e4:29:87:ed:4c:28:66:

d0:8f:35:da:4d:61:b7:4a:97:4d:b5:db:90:e0:05:2e:0e:c6:

79:d0:f2:97:69:0f:bd:04:47:d9:be:db:b5:29:da:9b:d9:ae:

a9:99:d5:d3:3c:30:93:f5:8d:a1:a8:fc:06:8d:44:f4:ca:16:

95:7c:33:dc:62:8b:a8:37:f8:27:d8:09:2d:1b:ef:c8:14:27:

20:a9:64:44:ff:2e:d6:75:aa:6c:4d:60:40:19:49:43:54:63:

da:e2:cc:ba:66:e5:4f:44:7a:5b:d9:6a:81:2b:40:d5:7f:f9:

01:27:58:2c:c8:ed:48:91:7c:3f:a6:00:cf:c4:29:73:11:36:

de:86:19:3e:9d:ee:19:8a:1b:d5:b0:ed:8e:3d:9c:2a:c0:0d:

d8:3d:66:e3:3c:0d:bd:d5:94:5c:e2:e2:a7:35:1b:04:00:f6:

3f:5a:8d:ea:43:bd:5f:89:1d:a9:c1:b0:cc:99:e2:4d:00:0a:

da:c9:27:5b:e7:13:90:5c:e4:f5:33:a2:55:6d:dc:e0:09:4d:

2f:b1:26:5b:27:75:00:09:c4:62:77:29:08:5f:9e:59:ac:b6:

7e:ad:9f:54:30:22:03:c1:1e:71:64:fe:f9:38:0a:96:18:dd:

02:14:ac:23:cb:06:1c:1e:a4:7d:8d:0d:de:27:41:e8:ad:da:

15:b7:b0:23:dd:2b:a8:d3:da:25:87:ed:e8:55:44:4d:88:f4:

36:7e:84:9a:78:ac:f7:0e:56:49:0e:d6:33:25:d6:84:50:42:

6c:20:12:1d:2a:d5:be:bc:f2:70:81:a4:70:60:be:05:b5:9b:

9e:04:44:be:61:23:ac:e9:a5:24:8c:11:80:94:5a:a2:a2:b9:

49:d2:c1:dc:d1:a7:ed:31:11:2c:9e:19:a6:ee:e1:55:e1:c0:

ea:cf:0d:84:e4:17:b7:a2:7c:a5:de:55:25:06:ee:cc:c0:87:

5c:40:da:cc:95:3f:55:e0:35:c7:b8:84:be:b4:5d:cd:7a:83:

01:72:ee:87:e6:5f:1d:ae:b5:85:c6:26:df:e6:c1:9a:e9:1e:

02:47:9f:2a:a8:6d:a9:5b:cf:ec:45:77:7f:98:27:9a:32:5d:

2a:e3:84:ee:c5:98:66:2f:96:20:1d:dd:d8:c3:27:d7:b0:f9:

fe:d9:7d:cd:d0:9f:8f:0b:14:58:51:9f:2f:8b:c3:38:2d:de:

e8:8f:d6:8d:87:a4:f5:56:43:16:99:2c:f4:a4:56:b4:34:b8:

61:37:c9:c2:58:80:1b:a0:97:a1:fc:59:8d:e9:11:f6:d1:0f:

4b:55:34:46:2a:8b:86:3b

# openssl asn1parse -in /etc/pki/tls/certs/ca-bundle.crt

0:d=0 hl=4 l=2003 cons: SEQUENCE

4:d=1 hl=4 l=1467 cons: SEQUENCE

8:d=2 hl=2 l= 3 cons: cont [ 0 ]

10:d=3 hl=2 l= 1 prim: INTEGER :02

13:d=2 hl=2 l= 8 prim: INTEGER :5EC3B7A6437FA4E0

23:d=2 hl=2 l= 13 cons: SEQUENCE

25:d=3 hl=2 l= 9 prim: OBJECT :sha1WithRSAEncryption

36:d=3 hl=2 l= 0 prim: NULL

38:d=2 hl=2 l= 66 cons: SEQUENCE

40:d=3 hl=2 l= 18 cons: SET

42:d=4 hl=2 l= 16 cons: SEQUENCE

44:d=5 hl=2 l= 3 prim: OBJECT :commonName

49:d=5 hl=2 l= 9 prim: UTF8STRING :ACCVRAIZ1

60:d=3 hl=2 l= 16 cons: SET

62:d=4 hl=2 l= 14 cons: SEQUENCE

64:d=5 hl=2 l= 3 prim: OBJECT :organizationalUnitName

69:d=5 hl=2 l= 7 prim: UTF8STRING :PKIACCV

78:d=3 hl=2 l= 13 cons: SET

80:d=4 hl=2 l= 11 cons: SEQUENCE

82:d=5 hl=2 l= 3 prim: OBJECT :organizationName

87:d=5 hl=2 l= 4 prim: UTF8STRING :ACCV

93:d=3 hl=2 l= 11 cons: SET

95:d=4 hl=2 l= 9 cons: SEQUENCE

97:d=5 hl=2 l= 3 prim: OBJECT :countryName

102:d=5 hl=2 l= 2 prim: PRINTABLESTRING :ES

106:d=2 hl=2 l= 30 cons: SEQUENCE

108:d=3 hl=2 l= 13 prim: UTCTIME :110505093737Z

123:d=3 hl=2 l= 13 prim: UTCTIME :301231093737Z

138:d=2 hl=2 l= 66 cons: SEQUENCE

140:d=3 hl=2 l= 18 cons: SET

142:d=4 hl=2 l= 16 cons: SEQUENCE

144:d=5 hl=2 l= 3 prim: OBJECT :commonName

149:d=5 hl=2 l= 9 prim: UTF8STRING :ACCVRAIZ1

160:d=3 hl=2 l= 16 cons: SET

162:d=4 hl=2 l= 14 cons: SEQUENCE

164:d=5 hl=2 l= 3 prim: OBJECT :organizationalUnitName

169:d=5 hl=2 l= 7 prim: UTF8STRING :PKIACCV

178:d=3 hl=2 l= 13 cons: SET

180:d=4 hl=2 l= 11 cons: SEQUENCE

182:d=5 hl=2 l= 3 prim: OBJECT :organizationName

187:d=5 hl=2 l= 4 prim: UTF8STRING :ACCV

193:d=3 hl=2 l= 11 cons: SET

195:d=4 hl=2 l= 9 cons: SEQUENCE

197:d=5 hl=2 l= 3 prim: OBJECT :countryName

202:d=5 hl=2 l= 2 prim: PRINTABLESTRING :ES

206:d=2 hl=4 l= 546 cons: SEQUENCE

210:d=3 hl=2 l= 13 cons: SEQUENCE

212:d=4 hl=2 l= 9 prim: OBJECT :rsaEncryption

223:d=4 hl=2 l= 0 prim: NULL

225:d=3 hl=4 l= 527 prim: BIT STRING

756:d=2 hl=4 l= 715 cons: cont [ 3 ]

760:d=3 hl=4 l= 711 cons: SEQUENCE

764:d=4 hl=2 l= 125 cons: SEQUENCE

766:d=5 hl=2 l= 8 prim: OBJECT :Authority Information Access

776:d=5 hl=2 l= 113 prim: OCTET STRING [HEX DUMP]:306F304C06082B060105050730028640687474703A2F2F7777772E616363762E65732F66696C6561646D696E2F4172636869766F732F636572746966696361646F732F7261697A61636376312E637274301F06082B060105050730018613687474703A2F2F6F6373702E616363762E6573

891:d=4 hl=2 l= 29 cons: SEQUENCE

893:d=5 hl=2 l= 3 prim: OBJECT :X509v3 Subject Key Identifier

898:d=5 hl=2 l= 22 prim: OCTET STRING [HEX DUMP]:0414D287B4E3DF37279355F656EA81E536CC8C1E3FBD

922:d=4 hl=2 l= 15 cons: SEQUENCE

924:d=5 hl=2 l= 3 prim: OBJECT :X509v3 Basic Constraints

929:d=5 hl=2 l= 1 prim: BOOLEAN :255

932:d=5 hl=2 l= 5 prim: OCTET STRING [HEX DUMP]:30030101FF

939:d=4 hl=2 l= 31 cons: SEQUENCE

941:d=5 hl=2 l= 3 prim: OBJECT :X509v3 Authority Key Identifier

946:d=5 hl=2 l= 24 prim: OCTET STRING [HEX DUMP]:30168014D287B4E3DF37279355F656EA81E536CC8C1E3FBD

972:d=4 hl=4 l= 371 cons: SEQUENCE

976:d=5 hl=2 l= 3 prim: OBJECT :X509v3 Certificate Policies

981:d=5 hl=4 l= 362 prim: OCTET STRING [HEX DUMP]:30820166308201620604551D2000308201583082012206082B06010505070202308201141E820110004100750074006F0072006900640061006400200064006500200043006500720074006900660069006300610063006900F3006E00200052006100ED007A0020006400650020006C00610020004100430043005600200028004100670065006E0063006900610020006400650020005400650063006E006F006C006F006700ED00610020007900200043006500720074006900660069006300610063006900F3006E00200045006C006500630074007200F3006E006900630061002C002000430049004600200051003400360030003100310035003600450029002E002000430050005300200065006E00200068007400740070003A002F002F007700770077002E0061006300630076002E00650073303006082B060105050702011624687474703A2F2F7777772E616363762E65732F6C656769736C6163696F6E5F632E68746D

1347:d=4 hl=2 l= 85 cons: SEQUENCE

1349:d=5 hl=2 l= 3 prim: OBJECT :X509v3 CRL Distribution Points

1354:d=5 hl=2 l= 78 prim: OCTET STRING [HEX DUMP]:304C304AA048A0468644687474703A2F2F7777772E616363762E65732F66696C6561646D696E2F4172636869766F732F636572746966696361646F732F7261697A61636376315F6465722E63726C

1434:d=4 hl=2 l= 14 cons: SEQUENCE

1436:d=5 hl=2 l= 3 prim: OBJECT :X509v3 Key Usage

1441:d=5 hl=2 l= 1 prim: BOOLEAN :255

1444:d=5 hl=2 l= 4 prim: OCTET STRING [HEX DUMP]:03020106

1450:d=4 hl=2 l= 23 cons: SEQUENCE

1452:d=5 hl=2 l= 3 prim: OBJECT :X509v3 Subject Alternative Name

1457:d=5 hl=2 l= 16 prim: OCTET STRING [HEX DUMP]:300E810C6163637640616363762E6573

1475:d=1 hl=2 l= 13 cons: SEQUENCE

1477:d=2 hl=2 l= 9 prim: OBJECT :sha1WithRSAEncryption

1488:d=2 hl=2 l= 0 prim: NULL

1490:d=1 hl=4 l= 513 prim: BIT STRING

2007:d=0 hl=2 l= 15 cons: SET

2009:d=1 hl=2 l= 13 cons: SEQUENCE

2011:d=2 hl=2 l= 3 prim: OBJECT :organizationName

2016:d=2 hl=2 l= 6 prim: UTF8STRING :EDICOM

2024:d=0 hl=2 l= 11 cons: SET

2026:d=1 hl=2 l= 9 cons: SEQUENCE

2028:d=2 hl=2 l= 3 prim: OBJECT :countryName

2033:d=2 hl=2 l= 2 prim: PRINTABLESTRING :ES

2037:d=0 hl=4 l= 546 cons: SEQUENCE

2041:d=1 hl=2 l= 13 cons: SEQUENCE

2043:d=2 hl=2 l= 9 prim: OBJECT :rsaEncryption

2054:d=2 hl=2 l= 0 prim: NULL

2056:d=1 hl=4 l= 527 prim: BIT STRING

2587:d=0 hl=3 l= 170 cons: cont [ 3 ]

2590:d=1 hl=3 l= 167 cons: SEQUENCE

2593:d=2 hl=2 l= 15 cons: SEQUENCE

2595:d=3 hl=2 l= 3 prim: OBJECT :X509v3 Basic Constraints

2600:d=3 hl=2 l= 1 prim: BOOLEAN :255

2603:d=3 hl=2 l= 5 prim: OCTET STRING [HEX DUMP]:30030101FF

2610:d=2 hl=2 l= 31 cons: SEQUENCE

2612:d=3 hl=2 l= 3 prim: OBJECT :X509v3 Authority Key Identifier

2617:d=3 hl=2 l= 24 prim: OCTET STRING [HEX DUMP]:30168014A6B3E12B2B49B6D773A1AA94F501E773654CAC50

2643:d=2 hl=2 l= 14 cons: SEQUENCE

2645:d=3 hl=2 l= 3 prim: OBJECT :X509v3 Key Usage

2650:d=3 hl=2 l= 1 prim: BOOLEAN :255

2653:d=3 hl=2 l= 4 prim: OCTET STRING [HEX DUMP]:03020186

2659:d=2 hl=2 l= 29 cons: SEQUENCE

2661:d=3 hl=2 l= 3 prim: OBJECT :X509v3 Subject Key Identifier

2666:d=3 hl=2 l= 22 prim: OCTET STRING [HEX DUMP]:0414A6B3E12B2B49B6D773A1AA94F501E773654CAC50

2690:d=2 hl=2 l= 68 cons: SEQUENCE

2692:d=3 hl=2 l= 3 prim: OBJECT :X509v3 Certificate Policies

2697:d=3 hl=2 l= 61 prim: OCTET STRING [HEX DUMP]:303B30390604551D20003031302F06082B060105050702011623687474703A2F2F6163656469636F6D2E656469636F6D67726F75702E636F6D2F646F63

2760:d=0 hl=2 l= 13 cons: SEQUENCE

2762:d=1 hl=2 l= 9 prim: OBJECT :sha1WithRSAEncryption

2773:d=1 hl=2 l= 0 prim: NULL

2775:d=0 hl=4 l= 513 prim: BIT STRING

3292:d=0 hl=2 l= 52 prim:

3346:d=0 hl=2 l= 8 prim: EXTERNAL

Error in encoding

140565697197984:error:0D07207B:asn1 encoding routines:ASN1_get_object:header too long:asn1_lib.c:157:

02.SSL证明书的有效期限和内容的确认方法

SSL证明书的有效期限的确认

A：本地证明书文件的有效期限的确认

B：服务侧证明书的有效期限的确认

SSL证明书的使用者和颁发者的确认

SSL证明书的文件的确认

你可能感兴趣的:(02.SSL证明书的有效期限和内容的确认方法)