実行例は次の通り。$ openssl s_client -connect xx.xx.xxx.xxx:443 -showcerts -showcertsは、ベリサインなどの中間証明書も取得したい場合に使います。 ベリサインだけではないでしょうが、CAはときどき証明書の構成や暗号ロジックを変更することがあります。
取得した証明書の内容を確認するのもopensslコマンドを使います。CONNECTED(00000003) depth=2 /C=US/O=VeriSign, Inc./OU=Class 3 Public Primary Certification Authority - G2/OU=(c) 1998 VeriSign, Inc. - For authorized use only/OU=VeriSign Trust Network verify return:1 depth=1 /C=US/O=VeriSign, Inc./OU=VeriSign Trust Network/OU=Terms of use at https://www.verisign.com/rpa (c)09/CN=VeriSign Class 3 Secure Server 1024-bit CA - G2 verify return:1 depth=0 /C=JP/ST=Tokyo/L=Taishido, Setagaya-ku/O=Index Corporation/OU=Technical Support Dept./CN=ssl-ssss.indexweb.co.jp verify return:1 --- Certificate chain 0 s:/C=JP/ST=Tokyo/L=Taishido, Setagaya-ku/O=Index Corporation/OU=Technical Support Dept./CN=ssl-ssss.indexweb.co.jp i:/C=US/O=VeriSign, Inc./OU=VeriSign Trust Network/OU=Terms of use at https://www.verisign.com/rpa (c)09/CN=VeriSign Class 3 Secure Server 1024-bit CA - G2 -----BEGIN CERTIFICATE----- ★接続先の証明書 MIIeWZccbcYGaWibaGiqywYoY9B7krqf1Jf92VXf4danbGKQHKIg9W0baqUFADCB : +zcHSBcs/TAf0SUFoYTaaYS/pzeJUhO= -----END CERTIFICATE----- 1 s:/C=US/O=VeriSign, Inc./OU=VeriSign Trust Network/OU=Terms of use at https://www.verisign.com/rpa (c)09/CN=VeriSign Class 3 Secure Server 1024-bit CA - G2 i:/C=US/O=VeriSign, Inc./OU=Class 3 Public Primary Certification Authority - G2/OU=(c) 1998 VeriSign, Inc. - For authorized use only/OU=VeriSign Trust Network -----BEGIN CERTIFICATE----- ★ベリサインの中間証明書 MIIfRdccbrwGaWibaGiqzwzyZf3KeK/Wf+X7KrvLGdanbGKQHKIg9W0baqufadCB : 54aOnkweIl2+DoyLE39vHw== -----END CERTIFICATE----- --- Server certificate subject=/C=JP/ST=Tokyo/L=Taishido, Setagaya-ku/O=Index Corporation/OU=Technical Support Dept./CN=ssl-ssss.indexweb.co.jp issuer=/C=US/O=VeriSign, Inc./OU=VeriSign Trust Network/OU=Terms of use at https://www.verisign.com/rpa (c)09/CN=VeriSign Class 3 Secure Server 1024-bit CA - G2 --- No client certificate CA names sent --- SSL handshake has read 2844 bytes and written 316 bytes --- New, TLSv1/SSLv3, Cipher is AES256-SHA Server public key is 1024 bit Compression: NONE Expansion: NONE SSL-Session: Protocol : TLSv1 Cipher : AES256-SHA Session-ID: xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx Session-ID-ctx: Master-Key: XXXXXXXXXXXXXXXXXXXXXXX Key-Arg : None Krb5 Principal: None Start Time: 1298440296 Timeout : 300 (sec) Verify return code: 0 (ok) ---
コモンネームだけ知りたければgrepすると簡単です。
$ openssl asn1parse -i -in test.crt | grep -A1 commonName 185:d=5 hl=2 l= 3 prim: OBJECT :commonName 190:d=5 hl=2 l= 47 prim: PRINTABLESTRING :VeriSign Class 3 Secure Server 1024-bit CA - G2 -- 401:d=5 hl=2 l= 3 prim: OBJECT :commonName 406:d=5 hl=2 l= 23 prim: T61STRING :ssl-ssss.indexweb.co.jp
0 件のコメント:
コメントを投稿