最新消息:

使用openssl命令查看服务器ssl证书和有效期

IT技术 ipcpu 22浏览 0评论

使用openssl命令查看服务器ssl证书

命令如下

# openssl s_client -connect sqimg.qq.com:443
CONNECTED(00000003)
depth=2 C = US, O = DigiCert Inc, OU = www.digicert.com, CN = DigiCert Global Root CA
verify return:1
depth=1 C = US, O = DigiCert Inc, CN = DigiCert Secure Site CN CA G3
verify return:1
depth=0 C = CN, ST = Guangdong Province, L = Shenzhen, O = Shenzhen Tencent Computer Systems Company Limited, CN = weixin.qq.com
verify return:1
---
Certificate chain
 0 s:/C=CN/ST=Guangdong Province/L=Shenzhen/O=Shenzhen Tencent Computer Systems Company Limited/CN=weixin.qq.com
   i:/C=US/O=DigiCert Inc/CN=DigiCert Secure Site CN CA G3
 1 s:/C=US/O=DigiCert Inc/CN=DigiCert Secure Site CN CA G3
   i:/C=US/O=DigiCert Inc/OU=www.digicert.com/CN=DigiCert Global Root CA
 2 s:/C=US/O=DigiCert Inc/OU=www.digicert.com/CN=DigiCert Global Root CA
   i:/C=US/O=DigiCert Inc/OU=www.digicert.com/CN=DigiCert Global Root CA

如果使用了SNI,则需要指定下servername

# openssl s_client -connect sqimg.qq.com:443 -servername sqimg.qq.com
CONNECTED(00000003)
depth=2 C = US, O = DigiCert Inc, OU = www.digicert.com, CN = DigiCert Global Root CA
verify return:1
depth=1 C = US, O = DigiCert Inc, CN = DigiCert Secure Site CN CA G3
verify return:1
depth=0 C = CN, ST = Guangdong Province, L = Shenzhen, O = Shenzhen Tencent Computer Systems Company Limited, CN = office.qq.com
verify return:1
---
Certificate chain
 0 s:/C=CN/ST=Guangdong Province/L=Shenzhen/O=Shenzhen Tencent Computer Systems Company Limited/CN=office.qq.com
   i:/C=US/O=DigiCert Inc/CN=DigiCert Secure Site CN CA G3
 1 s:/C=US/O=DigiCert Inc/CN=DigiCert Secure Site CN CA G3
   i:/C=US/O=DigiCert Inc/OU=www.digicert.com/CN=DigiCert Global Root CA
 2 s:/C=US/O=DigiCert Inc/OU=www.digicert.com/CN=DigiCert Global Root CA
   i:/C=US/O=DigiCert Inc/OU=www.digicert.com/CN=DigiCert Global Root CA
---

openssl命令查看服务器ssl证书的有效期

# 查看远程证书有效期
echo | openssl s_client -connect www.ipcpu.com:443 2>/dev/null | openssl x509 -noout -dates
notBefore=Dec 11 12:02:58 2013 GMT
notAfter=Apr 10 00:00:00 2014 GMT

# 查看本地证书文件有效期
# openssl x509 -noout -dates -in /tmp/xxx.pem
notBefore=May 17 01:14:08 2022 GMT
notAfter=Aug 15 01:14:07 2022 GMT

#查看远程证书详细信息
 echo | openssl s_client -connect www.ipcpu.com:443 2>/dev/null | openssl x509 -text -noout
# 查看本地证书文件详细信息
openssl x509 -in /tmp/xxx.pem -text -noout

转载请注明:IPCPU-网络之路 » 使用openssl命令查看服务器ssl证书和有效期

发表我的评论
取消评论
表情

Hi,您需要填写昵称和邮箱!

  • 昵称 (必填)
  • 邮箱 (必填)
  • 网址