Using the OpenSSL command to Test the SSL Certificate
- 时间:2020-10-11 15:17:18
- 分类:网络文摘
- 阅读:76 次
Usually, in the browser, by clicking the Lock icon, you can view the SSL certificate information.
ssl-certification-path
And, we can also run the `openssl` command to view the server ceritifcate (e.g. SSL chain) on command line. For example:
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 | $ openssl s_client -connect helloacm.com:443 CONNECTED(00000003) depth=2 C = IE, O = Baltimore, OU = CyberTrust, CN = Baltimore CyberTrust Root verify return:1 depth=1 C = US, ST = CA, L = San Francisco, O = "CloudFlare, Inc.", CN = CloudFlare Inc ECC CA-2 verify return:1 depth=0 C = US, ST = CA, L = San Francisco, O = "Cloudflare, Inc.", CN = sni.cloudflaressl.com verify return:1 --- Certificate chain 0 s:C = US, ST = CA, L = San Francisco, O = "Cloudflare, Inc.", CN = sni.cloudflaressl.com i:C = US, ST = CA, L = San Francisco, O = "CloudFlare, Inc.", CN = CloudFlare Inc ECC CA-2 1 s:C = US, ST = CA, L = San Francisco, O = "CloudFlare, Inc.", CN = CloudFlare Inc ECC CA-2 i:C = IE, O = Baltimore, OU = CyberTrust, CN = Baltimore CyberTrust Root --- Server certificate -----BEGIN CERTIFICATE----- MIIE5TCCBIugAwIBAgIQC5UFOgyjwCAycwdYqx90XzAKBggqhkjOPQQDAjBvMQsw CQYDVQQGEwJVUzELMAkGA1UECBMCQ0ExFjAUBgNVBAcTDVNhbiBGcmFuY2lzY28x GTAXBgNVBAoTEENsb3VkRmxhcmUsIEluYy4xIDAeBgNVBAMTF0Nsb3VkRmxhcmUg SW5jIEVDQyBDQS0yMB4XDTIwMDMxOTAwMDAwMFoXDTIwMTAwOTEyMDAwMFowbTEL MAkGA1UEBhMCVVMxCzAJBgNVBAgTAkNBMRYwFAYDVQQHEw1TYW4gRnJhbmNpc2Nv MRkwFwYDVQQKExBDbG91ZGZsYXJlLCBJbmMuMR4wHAYDVQQDExVzbmkuY2xvdWRm bGFyZXNzbC5jb20wWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAATdjmNNRSTaJQRg 3DBHzEMpKUtoNzciod0FgETrfMpPmtFjqKTVBywJenDP2SBmrYozrn3TpL4dQ3/X PARGh74No4IDCTCCAwUwHwYDVR0jBBgwFoAUPnQtH89FdQR+P8Cihz5MQ4NRE8Yw HQYDVR0OBBYEFPoMno5zzaoue3G90nO8fnAOFWzCMD4GA1UdEQQ3MDWCFXNuaS5j bG91ZGZsYXJlc3NsLmNvbYIMaGVsbG9hY20uY29tgg4qLmhlbGxvYWNtLmNvbTAO BgNVHQ8BAf8EBAMCB4AwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMHkG A1UdHwRyMHAwNqA0oDKGMGh0dHA6Ly9jcmwzLmRpZ2ljZXJ0LmNvbS9DbG91ZEZs YXJlSW5jRUNDQ0EyLmNybDA2oDSgMoYwaHR0cDovL2NybDQuZGlnaWNlcnQuY29t L0Nsb3VkRmxhcmVJbmNFQ0NDQTIuY3JsMEwGA1UdIARFMEMwNwYJYIZIAYb9bAEB MCowKAYIKwYBBQUHAgEWHGh0dHBzOi8vd3d3LmRpZ2ljZXJ0LmNvbS9DUFMwCAYG Z4EMAQICMHYGCCsGAQUFBwEBBGowaDAkBggrBgEFBQcwAYYYaHR0cDovL29jc3Au ZGlnaWNlcnQuY29tMEAGCCsGAQUFBzAChjRodHRwOi8vY2FjZXJ0cy5kaWdpY2Vy dC5jb20vQ2xvdWRGbGFyZUluY0VDQ0NBLTIuY3J0MAwGA1UdEwEB/wQCMAAwggED BgorBgEEAdZ5AgQCBIH0BIHxAO8AdQCyHgXMi6LNiiBOh2b5K7mKJSBna9r6cOey SVMt74uQXgAAAXDz80rYAAAEAwBGMEQCIEl6oXM4EHydqzGMm8efrCUp4nEIaTKm VbtHBTtarxxQAiBlhQ9R71vzf3M2M8UQEAN8yOVt0T5hl+Zb4yB+xDQ+UgB2APCV pFnyANGCQBAtL5OIjq1L/h1H45nh0DSmsKiqjrJzAAABcPPzSyEAAAQDAEcwRQIh AL4n31LbZn5nO+yXep4Kh0E4/4SMhpyBiOApVWLgWkjqAiBcWB6A4krBCl09ub8J ttaFMV7+zPhjjTkt4toyrKu5iTAKBggqhkjOPQQDAgNIADBFAiAgA5xSHgF0Oa+f dy8QoEUX7RCwTDQ+bSkfJ2A0JaAHBAIhAO6t2NuyqG8sLeEOEqj0L5Xqr72r4dRy QpxHGpQRa3T7 -----END CERTIFICATE----- subject=C = US, ST = CA, L = San Francisco, O = "Cloudflare, Inc.", CN = sni.cloudflaressl.com issuer=C = US, ST = CA, L = San Francisco, O = "CloudFlare, Inc.", CN = CloudFlare Inc ECC CA-2 --- No client certificate CA names sent Peer signing digest: SHA256 Peer signature type: ECDSA Server Temp Key: X25519, 253 bits --- SSL handshake has read 2507 bytes and written 394 bytes Verification: OK --- New, TLSv1.3, Cipher is TLS_AES_256_GCM_SHA384 Server public key is 256 bit Secure Renegotiation IS NOT supported Compression: NONE Expansion: NONE No ALPN negotiated Early data was not sent Verify return code: 0 (ok) --- --- Post-Handshake New Session Ticket arrived: SSL-Session: Protocol : TLSv1.3 Cipher : TLS_AES_256_GCM_SHA384 Session-ID: 2369749FDF66D7BFD323F53958A27F6E45CDC2239A7FCDDCB1175A7C1C8B1466 Session-ID-ctx: Resumption PSK: EEA87720335AD216961F713DB0544F8A7E5F42223DEB2DBA992483D24D75F60809373FF82BEFEA0692C248151CC2BDDE PSK identity: None PSK identity hint: None SRP username: None TLS session ticket lifetime hint: 64800 (seconds) TLS session ticket: 0000 - 24 29 83 3e 7e 68 72 88-be fe 43 06 e6 91 6b 2e $).>~hr...C...k. 0010 - 98 32 0b c2 4f 6f 60 d0-6b 60 e0 40 8b c6 03 62 .2..Oo`.k`.@...b 0020 - 8f 8f 4c 25 ad 8c a1 22-c0 c7 47 94 5a 9e 97 18 ..L%..."..G.Z... 0030 - 81 eb 2f 4a b6 4c 07 02-aa e0 91 43 95 1e d2 22 ../J.L.....C..." 0040 - 6f 31 e5 2a 83 41 a1 6f-f9 ed 53 d2 0d 5d 89 cf o1.*.A.o..S..].. 0050 - 22 68 ad d9 bf 1d 49 b7-96 7f fc 09 6d 11 f5 f2 "h....I.....m... 0060 - 2a 5d a6 35 f0 fb 54 f5-be 1a d8 1d 19 ec 80 40 *][email protected] 0070 - 57 15 cc a0 38 79 1d 47-34 75 81 73 77 ce ef d2 W...8y.G4u.sw... 0080 - e9 17 ee 66 63 d2 2f c6-29 ce 74 f0 62 1d 49 b2 ...fc./.).t.b.I. 0090 - bc c5 da 62 24 e3 42 97-b2 13 e2 97 ed 7c 2d dc ...b$.B......|-. 00a0 - d3 55 ac 3e 66 92 43 af-11 ba 41 60 66 c0 f4 f7 .U.>f.C...A`f... 00b0 - 74 4a 1b 7c dd d9 8d 21-9b fe a0 ae 3f 97 37 4b tJ.|...!....?.7K 00c0 - ef c5 d5 34 31 93 30 ab-9f 8b 8b 2d f5 3f 21 1f ...41.0....-.?!. Start Time: 1595760329 Timeout : 7200 (sec) Verify return code: 0 (ok) Extended master secret: no Max Early Data: 14336 --- read R BLOCK --- Post-Handshake New Session Ticket arrived: SSL-Session: Protocol : TLSv1.3 Cipher : TLS_AES_256_GCM_SHA384 Session-ID: B126A49538D22C054CC7A61988EAB35538A7953C1516C98A52513E81C6245B73 Session-ID-ctx: Resumption PSK: 16E0F2E582F4AF8120E79B33C54CA75E64FEFA6B8EF5CF819C59AEA63A0DBB96DE445563EF1D6C87028CE71BE1B5D137 PSK identity: None PSK identity hint: None SRP username: None TLS session ticket lifetime hint: 64800 (seconds) TLS session ticket: 0000 - 24 29 83 3e 7e 68 72 88-be fe 43 06 e6 91 6b 2e $).>~hr...C...k. 0010 - bb 07 3e 5b c8 33 49 bf-c4 23 d4 0b 29 04 c7 61 ..>[.3I..#..)..a 0020 - b9 63 d7 79 19 0d 00 55-fc 96 cc e4 2e d3 a5 d1 .c.y...U........ 0030 - 86 91 13 e1 5d b7 91 ef-e0 ef 1b 3d ed eb e0 c3 ....]......=.... 0040 - 74 a8 06 ce 03 8d 1e c0-a1 47 5e a1 94 3c 4c 60 t........G^..<L` 0050 - 84 62 e2 87 c9 0b 63 32-f7 6c 32 20 8c 98 d3 e3 .b....c2.l2 .... 0060 - f9 73 47 61 dd 1e 26 48-e7 46 ee 9a 47 bf 01 af .sGa..&H.F..G... 0070 - 78 51 a8 2d 20 cd ee 1a-c2 5f 88 c0 c8 70 ba 8a xQ.- ...._...p.. 0080 - a7 99 d3 ba 23 46 d0 bd-e0 3d b4 82 b5 e9 7e 64 ....#F...=....~d 0090 - b1 96 84 c7 4b d8 5c 83-22 a6 96 b0 8d 0e 51 5b ....K.\.".....Q[ 00a0 - aa 1e d8 82 e6 36 1b b7-1f 46 18 3c 89 28 4d a8 .....6...F.<.(M. 00b0 - ca 3f 37 83 16 e6 85 2a-ea 98 80 b7 da 20 3f f3 .?7....*..... ?. 00c0 - fc 74 9a 88 3b a8 07 07-f4 bb 19 af 19 82 5a bd .t..;.........Z. Start Time: 1595760329 Timeout : 7200 (sec) Verify return code: 0 (ok) Extended master secret: no Max Early Data: 14336 --- read R BLOCK closed |
$ openssl s_client -connect helloacm.com:443
CONNECTED(00000003)
depth=2 C = IE, O = Baltimore, OU = CyberTrust, CN = Baltimore CyberTrust Root
verify return:1
depth=1 C = US, ST = CA, L = San Francisco, O = "CloudFlare, Inc.", CN = CloudFlare Inc ECC CA-2
verify return:1
depth=0 C = US, ST = CA, L = San Francisco, O = "Cloudflare, Inc.", CN = sni.cloudflaressl.com
verify return:1
---
Certificate chain
0 s:C = US, ST = CA, L = San Francisco, O = "Cloudflare, Inc.", CN = sni.cloudflaressl.com
i:C = US, ST = CA, L = San Francisco, O = "CloudFlare, Inc.", CN = CloudFlare Inc ECC CA-2
1 s:C = US, ST = CA, L = San Francisco, O = "CloudFlare, Inc.", CN = CloudFlare Inc ECC CA-2
i:C = IE, O = Baltimore, OU = CyberTrust, CN = Baltimore CyberTrust Root
---
Server certificate
-----BEGIN CERTIFICATE-----
MIIE5TCCBIugAwIBAgIQC5UFOgyjwCAycwdYqx90XzAKBggqhkjOPQQDAjBvMQsw
CQYDVQQGEwJVUzELMAkGA1UECBMCQ0ExFjAUBgNVBAcTDVNhbiBGcmFuY2lzY28x
GTAXBgNVBAoTEENsb3VkRmxhcmUsIEluYy4xIDAeBgNVBAMTF0Nsb3VkRmxhcmUg
SW5jIEVDQyBDQS0yMB4XDTIwMDMxOTAwMDAwMFoXDTIwMTAwOTEyMDAwMFowbTEL
MAkGA1UEBhMCVVMxCzAJBgNVBAgTAkNBMRYwFAYDVQQHEw1TYW4gRnJhbmNpc2Nv
MRkwFwYDVQQKExBDbG91ZGZsYXJlLCBJbmMuMR4wHAYDVQQDExVzbmkuY2xvdWRm
bGFyZXNzbC5jb20wWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAATdjmNNRSTaJQRg
3DBHzEMpKUtoNzciod0FgETrfMpPmtFjqKTVBywJenDP2SBmrYozrn3TpL4dQ3/X
PARGh74No4IDCTCCAwUwHwYDVR0jBBgwFoAUPnQtH89FdQR+P8Cihz5MQ4NRE8Yw
HQYDVR0OBBYEFPoMno5zzaoue3G90nO8fnAOFWzCMD4GA1UdEQQ3MDWCFXNuaS5j
bG91ZGZsYXJlc3NsLmNvbYIMaGVsbG9hY20uY29tgg4qLmhlbGxvYWNtLmNvbTAO
BgNVHQ8BAf8EBAMCB4AwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMHkG
A1UdHwRyMHAwNqA0oDKGMGh0dHA6Ly9jcmwzLmRpZ2ljZXJ0LmNvbS9DbG91ZEZs
YXJlSW5jRUNDQ0EyLmNybDA2oDSgMoYwaHR0cDovL2NybDQuZGlnaWNlcnQuY29t
L0Nsb3VkRmxhcmVJbmNFQ0NDQTIuY3JsMEwGA1UdIARFMEMwNwYJYIZIAYb9bAEB
MCowKAYIKwYBBQUHAgEWHGh0dHBzOi8vd3d3LmRpZ2ljZXJ0LmNvbS9DUFMwCAYG
Z4EMAQICMHYGCCsGAQUFBwEBBGowaDAkBggrBgEFBQcwAYYYaHR0cDovL29jc3Au
ZGlnaWNlcnQuY29tMEAGCCsGAQUFBzAChjRodHRwOi8vY2FjZXJ0cy5kaWdpY2Vy
dC5jb20vQ2xvdWRGbGFyZUluY0VDQ0NBLTIuY3J0MAwGA1UdEwEB/wQCMAAwggED
BgorBgEEAdZ5AgQCBIH0BIHxAO8AdQCyHgXMi6LNiiBOh2b5K7mKJSBna9r6cOey
SVMt74uQXgAAAXDz80rYAAAEAwBGMEQCIEl6oXM4EHydqzGMm8efrCUp4nEIaTKm
VbtHBTtarxxQAiBlhQ9R71vzf3M2M8UQEAN8yOVt0T5hl+Zb4yB+xDQ+UgB2APCV
pFnyANGCQBAtL5OIjq1L/h1H45nh0DSmsKiqjrJzAAABcPPzSyEAAAQDAEcwRQIh
AL4n31LbZn5nO+yXep4Kh0E4/4SMhpyBiOApVWLgWkjqAiBcWB6A4krBCl09ub8J
ttaFMV7+zPhjjTkt4toyrKu5iTAKBggqhkjOPQQDAgNIADBFAiAgA5xSHgF0Oa+f
dy8QoEUX7RCwTDQ+bSkfJ2A0JaAHBAIhAO6t2NuyqG8sLeEOEqj0L5Xqr72r4dRy
QpxHGpQRa3T7
-----END CERTIFICATE-----
subject=C = US, ST = CA, L = San Francisco, O = "Cloudflare, Inc.", CN = sni.cloudflaressl.com
issuer=C = US, ST = CA, L = San Francisco, O = "CloudFlare, Inc.", CN = CloudFlare Inc ECC CA-2
---
No client certificate CA names sent
Peer signing digest: SHA256
Peer signature type: ECDSA
Server Temp Key: X25519, 253 bits
---
SSL handshake has read 2507 bytes and written 394 bytes
Verification: OK
---
New, TLSv1.3, Cipher is TLS_AES_256_GCM_SHA384
Server public key is 256 bit
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
Early data was not sent
Verify return code: 0 (ok)
---
---
Post-Handshake New Session Ticket arrived:
SSL-Session:
Protocol : TLSv1.3
Cipher : TLS_AES_256_GCM_SHA384
Session-ID: 2369749FDF66D7BFD323F53958A27F6E45CDC2239A7FCDDCB1175A7C1C8B1466
Session-ID-ctx:
Resumption PSK: EEA87720335AD216961F713DB0544F8A7E5F42223DEB2DBA992483D24D75F60809373FF82BEFEA0692C248151CC2BDDE
PSK identity: None
PSK identity hint: None
SRP username: None
TLS session ticket lifetime hint: 64800 (seconds)
TLS session ticket:
0000 - 24 29 83 3e 7e 68 72 88-be fe 43 06 e6 91 6b 2e $).>~hr...C...k.
0010 - 98 32 0b c2 4f 6f 60 d0-6b 60 e0 40 8b c6 03 62 .2..Oo`.k`[email protected]
0020 - 8f 8f 4c 25 ad 8c a1 22-c0 c7 47 94 5a 9e 97 18 ..L%..."..G.Z...
0030 - 81 eb 2f 4a b6 4c 07 02-aa e0 91 43 95 1e d2 22 ../J.L.....C..."
0040 - 6f 31 e5 2a 83 41 a1 6f-f9 ed 53 d2 0d 5d 89 cf o1.*.A.o..S..]..
0050 - 22 68 ad d9 bf 1d 49 b7-96 7f fc 09 6d 11 f5 f2 "h....I.....m...
0060 - 2a 5d a6 35 f0 fb 54 f5-be 1a d8 1d 19 ec 80 40 *][email protected]
0070 - 57 15 cc a0 38 79 1d 47-34 75 81 73 77 ce ef d2 W...8y.G4u.sw...
0080 - e9 17 ee 66 63 d2 2f c6-29 ce 74 f0 62 1d 49 b2 ...fc./.).t.b.I.
0090 - bc c5 da 62 24 e3 42 97-b2 13 e2 97 ed 7c 2d dc ...b$.B......|-.
00a0 - d3 55 ac 3e 66 92 43 af-11 ba 41 60 66 c0 f4 f7 .U.>f.C...A`f...
00b0 - 74 4a 1b 7c dd d9 8d 21-9b fe a0 ae 3f 97 37 4b tJ.|...!....?.7K
00c0 - ef c5 d5 34 31 93 30 ab-9f 8b 8b 2d f5 3f 21 1f ...41.0....-.?!.
Start Time: 1595760329
Timeout : 7200 (sec)
Verify return code: 0 (ok)
Extended master secret: no
Max Early Data: 14336
---
read R BLOCK
---
Post-Handshake New Session Ticket arrived:
SSL-Session:
Protocol : TLSv1.3
Cipher : TLS_AES_256_GCM_SHA384
Session-ID: B126A49538D22C054CC7A61988EAB35538A7953C1516C98A52513E81C6245B73
Session-ID-ctx:
Resumption PSK: 16E0F2E582F4AF8120E79B33C54CA75E64FEFA6B8EF5CF819C59AEA63A0DBB96DE445563EF1D6C87028CE71BE1B5D137
PSK identity: None
PSK identity hint: None
SRP username: None
TLS session ticket lifetime hint: 64800 (seconds)
TLS session ticket:
0000 - 24 29 83 3e 7e 68 72 88-be fe 43 06 e6 91 6b 2e $).>~hr...C...k.
0010 - bb 07 3e 5b c8 33 49 bf-c4 23 d4 0b 29 04 c7 61 ..>[.3I..#..)..a
0020 - b9 63 d7 79 19 0d 00 55-fc 96 cc e4 2e d3 a5 d1 .c.y...U........
0030 - 86 91 13 e1 5d b7 91 ef-e0 ef 1b 3d ed eb e0 c3 ....]......=....
0040 - 74 a8 06 ce 03 8d 1e c0-a1 47 5e a1 94 3c 4c 60 t........G^..<L`
0050 - 84 62 e2 87 c9 0b 63 32-f7 6c 32 20 8c 98 d3 e3 .b....c2.l2 ....
0060 - f9 73 47 61 dd 1e 26 48-e7 46 ee 9a 47 bf 01 af .sGa..&H.F..G...
0070 - 78 51 a8 2d 20 cd ee 1a-c2 5f 88 c0 c8 70 ba 8a xQ.- ...._...p..
0080 - a7 99 d3 ba 23 46 d0 bd-e0 3d b4 82 b5 e9 7e 64 ....#F...=....~d
0090 - b1 96 84 c7 4b d8 5c 83-22 a6 96 b0 8d 0e 51 5b ....K.\.".....Q[
00a0 - aa 1e d8 82 e6 36 1b b7-1f 46 18 3c 89 28 4d a8 .....6...F.<.(M.
00b0 - ca 3f 37 83 16 e6 85 2a-ea 98 80 b7 da 20 3f f3 .?7....*..... ?.
00c0 - fc 74 9a 88 3b a8 07 07-f4 bb 19 af 19 82 5a bd .t..;.........Z.
Start Time: 1595760329
Timeout : 7200 (sec)
Verify return code: 0 (ok)
Extended master secret: no
Max Early Data: 14336
---
read R BLOCK
closed--EOF (The Ultimate Computing & Technology Blog) --
推荐阅读:唐雎不辱使命原文及翻译 唐雎说信陵君原文及翻译 鲁共公择言原文及翻译 鲁仲连义不帝秦原文及翻译 触龙说赵太后原文及翻译 庄辛论幸臣原文及翻译 赵威后问齐使原文及翻译 冯谖客孟尝君原文及翻译 齐宣王见颜斶/颜斶说齐王原文及翻译 邹忌讽齐王纳谏原文及翻译
- 评论列表
-
- 添加评论