最新消息:
    你的位置:IPCPU-网络之路 > IT技术 > 使用openssl命令查看服务器ssl证书和有效期

    使用openssl命令查看服务器ssl证书和有效期

    IT技术 ipcpu 655浏览 0评论

    使用openssl命令查看服务器ssl证书

    命令如下

    # openssl s_client -connect sqimg.qq.com:443
CONNECTED(00000003)
depth=2 C = US, O = DigiCert Inc, OU = www.digicert.com, CN = DigiCert Global Root CA
verify return:1
depth=1 C = US, O = DigiCert Inc, CN = DigiCert Secure Site CN CA G3
verify return:1
depth=0 C = CN, ST = Guangdong Province, L = Shenzhen, O = Shenzhen Tencent Computer Systems Company Limited, CN = weixin.qq.com
verify return:1
---
Certificate chain
 0 s:/C=CN/ST=Guangdong Province/L=Shenzhen/O=Shenzhen Tencent Computer Systems Company Limited/CN=weixin.qq.com
   i:/C=US/O=DigiCert Inc/CN=DigiCert Secure Site CN CA G3
 1 s:/C=US/O=DigiCert Inc/CN=DigiCert Secure Site CN CA G3
   i:/C=US/O=DigiCert Inc/OU=www.digicert.com/CN=DigiCert Global Root CA
 2 s:/C=US/O=DigiCert Inc/OU=www.digicert.com/CN=DigiCert Global Root CA
   i:/C=US/O=DigiCert Inc/OU=www.digicert.com/CN=DigiCert Global Root CA

    如果使用了SNI,则需要指定下servername

    # openssl s_client -connect sqimg.qq.com:443 -servername sqimg.qq.com
CONNECTED(00000003)
depth=2 C = US, O = DigiCert Inc, OU = www.digicert.com, CN = DigiCert Global Root CA
verify return:1
depth=1 C = US, O = DigiCert Inc, CN = DigiCert Secure Site CN CA G3
verify return:1
depth=0 C = CN, ST = Guangdong Province, L = Shenzhen, O = Shenzhen Tencent Computer Systems Company Limited, CN = office.qq.com
verify return:1
---
Certificate chain
 0 s:/C=CN/ST=Guangdong Province/L=Shenzhen/O=Shenzhen Tencent Computer Systems Company Limited/CN=office.qq.com
   i:/C=US/O=DigiCert Inc/CN=DigiCert Secure Site CN CA G3
 1 s:/C=US/O=DigiCert Inc/CN=DigiCert Secure Site CN CA G3
   i:/C=US/O=DigiCert Inc/OU=www.digicert.com/CN=DigiCert Global Root CA
 2 s:/C=US/O=DigiCert Inc/OU=www.digicert.com/CN=DigiCert Global Root CA
   i:/C=US/O=DigiCert Inc/OU=www.digicert.com/CN=DigiCert Global Root CA
---

    openssl命令查看服务器ssl证书的有效期

    # 查看远程证书有效期
echo | openssl s_client -connect www.ipcpu.com:443 2>/dev/null | openssl x509 -noout -dates
notBefore=Dec 11 12:02:58 2013 GMT
notAfter=Apr 10 00:00:00 2014 GMT

# 查看本地证书文件有效期
# openssl x509 -noout -dates -in /tmp/xxx.pem
notBefore=May 17 01:14:08 2022 GMT
notAfter=Aug 15 01:14:07 2022 GMT

#查看远程证书详细信息
 echo | openssl s_client -connect www.ipcpu.com:443 2>/dev/null | openssl x509 -text -noout
# 查看本地证书文件详细信息
openssl x509 -in /tmp/xxx.pem -text -noout

    转载请注明:IPCPU-网络之路 » 使用openssl命令查看服务器ssl证书和有效期

    继续浏览有关 的文章

    与本文相关的文章

    发表我的评论
    取消评论
    表情

    Hi,您需要填写昵称和邮箱!

    • 昵称 (必填)
    • 邮箱 (必填)
    • 网址