{"id":1648,"date":"2020-07-31T03:52:25","date_gmt":"2020-07-31T03:52:25","guid":{"rendered":"https:\/\/www.ipcpu.com\/?p=1648"},"modified":"2022-07-31T03:53:01","modified_gmt":"2022-07-31T03:53:01","slug":"openssl-chain","status":"publish","type":"post","link":"https:\/\/c.ipcpu.com\/2020\/07\/openssl-chain\/","title":{"rendered":"\u4f7f\u7528openssl\u547d\u4ee4\u6821\u9a8c\u8bc1\u4e66\u94fe"},"content":{"rendered":"

1\u3001\u83b7\u53d6\u7f51\u7ad9\u8bc1\u4e66\u4fe1\u606f<\/h2>\n
\n
#\u83b7\u53d6\u6dd8\u5b9d\u8bc1\u4e66\u4fe1\u606f\nopenssl s_client -showcerts -connect www.taobao.com:443<\/code><\/pre>\n<\/div>\n
\u4f8b\u5982\uff1a<\/p>\n
\n
[root@Ali wss]# openssl s_client -showcerts -connect www.taobao.com:443\nCONNECTED(00000003)\ndepth=2 C = BE, O = GlobalSign nv-sa, OU = Root CA, CN = GlobalSign Root CA\nverify return:1\ndepth=1 C = BE, O = GlobalSign nv-sa, CN = GlobalSign Organization Validation CA - SHA256 - G2\nverify return:1\ndepth=0 C = CN, ST = ZheJiang, L = HangZhou, O = \"Alibaba (China) Technology Co., Ltd.\", CN = *.tmall.com\nverify return:1\n---\nCertificate chain\n0 s:\/C=CN\/ST=ZheJiang\/L=HangZhou\/O=Alibaba (China) Technology Co., Ltd.\/CN=*.tmall.com\n   i:\/C=BE\/O=GlobalSign nv-sa\/CN=GlobalSign Organization Validation CA - SHA256 - G2\n-----BEGIN CERTIFICATE-----\n#@\u8fd9\u662f\u7b2c1\u5f20\u8bc1\u4e66\uff0c*.tmall.com\u7684\u8bc1\u4e66\n#@\u7b7e\u53d1\u8005\u662fGlobalSign Organization Validation CA - SHA256 - G2\n-----END CERTIFICATE-----\n1 s:\/C=BE\/O=GlobalSign nv-sa\/CN=GlobalSign Organization Validation CA - SHA256 - G2\n   i:\/C=BE\/O=GlobalSign nv-sa\/OU=Root CA\/CN=GlobalSign Root CA\n-----BEGIN CERTIFICATE-----\n#@\u8fd9\u662f\u7b2c2\u5f20\u8bc1\u4e66\uff0c\u662fGlobalSign Organization Validation CA - SHA256 - G2\n#@\u7b7e\u53d1\u8005\u662fGlobalSign Root CA\n-----END CERTIFICATE-----\n---\nServer certificate\nsubject=\/C=CN\/ST=ZheJiang\/L=HangZhou\/O=Alibaba (China) Technology Co., Ltd.\/CN=*.tmall.com\nissuer=\/C=BE\/O=GlobalSign nv-sa\/CN=GlobalSign Organization Validation CA - SHA256 - G2\n---\nNo client certificate CA names sent\nServer Temp Key: ECDH, prime256v1, 256 bits\n---\nSSL handshake has read 4041 bytes and written 373 bytes<\/code><\/pre>\n<\/div>\n
2\u3001\u9a8c\u8bc1\u8bc1\u4e66\u94fe<\/h2>\n
\u6211\u4eec\u4ee5\u5929\u732b\u8bc1\u4e66\u7684\u4e09\u7ea7\u7ed3\u6784\u4e3a\u4f8b\uff1a<\/p>\n
\n
+GlobalSign Root CA\uff0c\u8fd9\u662f\u4e00\u5f20\u81ea\u7b7e\u8bc1\u4e66\uff0c\u5185\u7f6e\u5728\u6d4f\u89c8\u5668\u4e0a\n++GlobalSign Organization Validation CA - SHA256 - G2\uff0c\u4e2d\u95f4\u8bc1\u4e66\n+++*.tmall.com\uff0c\u5929\u732b\u7684\u6cdb\u57df\u540d\u8bc1\u4e66<\/code><\/pre>\n<\/div>\n
\u5206\u522b\u4fdd\u5b58\u4e3aGlobalSign.CA.cer\uff0cMiddle.cer \u548c TMall.cer  
\n\u53ef\u4ee5\u7528\u5982\u4e0b\u65b9\u6cd5\u9a8c\u8bc1\u8bc1\u4e66\u94fe\uff1a<\/p>\n
\n
[root@Ali wss]# openssl verify GlobalSign.CA.cer \nGlobalSign.CA.cer: OK\n#@\u76f4\u63a5\u6821\u9a8cCA\uff0c\u53d1\u73b0\u6ca1\u95ee\u9898\n[root@Ali wss]# openssl verify -CAfile GlobalSign.CA.cer Middle.cer \nMiddle.cer: OK\n#@\u4f7f\u7528CA\u6821\u9a8c\u4e2d\u95f4\u8bc1\u4e66\uff0c\u4e5f\u6ca1\u95ee\u9898\n[root@Ali wss]# openssl verify -CAfile Middle.cer TMall.cer \nTMall.cer: C = BE, O = GlobalSign nv-sa, CN = GlobalSign Organization Validation CA - SHA256 - G2\nerror 2 at 1 depth lookup:unable to get issuer certificate\n#@\u4f7f\u7528\u4e2d\u95f4\u8bc1\u4e66\u6821\u9a8cTMALL\u8bc1\u4e66\uff0c\u5931\u8d25\n[root@Ali wss]# openssl verify -CAfile GlobalSign.CA.cer TMall.cer \nTMall.cer: C = CN, ST = ZheJiang, L = HangZhou, O = \"Alibaba (China) Technology Co., Ltd.\", CN = *.tmall.com\nerror 20 at 0 depth lookup:unable to get local issuer certificate\n#@\u4f7f\u7528CA\u6821\u9a8cTMALL\u8bc1\u4e66\uff0c\u5931\u8d25\n[root@Ali wss]# cat GlobalSign.CA.cer Middle.cer > bundle.cer\n[root@Ali wss]# openssl verify -CAfile bundle.cer TMall.cer \nTMall.cer: OK\n#@\u5c06CA\u548c\u4e2d\u95f4\u8bc1\u4e66\u5408\u5e76\uff0c\u6821\u9a8cTMALL\u8bc1\u4e66\uff0c\u6210\u529f<\/code><\/pre>\n<\/div>\n
\u8f6c\u8f7d\u8bf7\u6ce8\u660e\uff1aIPCPU-\u7f51\u7edc\u4e4b\u8def<\/a> » \u4f7f\u7528openssl\u547d\u4ee4\u6821\u9a8c\u8bc1\u4e66\u94fe<\/a><\/p>","protected":false},"excerpt":{"rendered":"
1\u3001\u83b7\u53d6\u7f51\u7ad9\u8bc1\u4e66\u4fe1\u606f #\u83b7\u53d6\u6dd8\u5b9d\u8bc1\u4e66\u4fe1\u606f openssl s_client -showcerts -connect www.taobao.com:443 \u4f8b\u5982\uff1a [root@Ali wss]# openssl s_client -showcerts -connect www.taobao.com:443 CONNECTED(00000003) depth=2 C = BE, O = GlobalSign nv-sa, OU = Root CA, CN = GlobalSign Root CA verify return:1 depth=1 C = BE, O = GlobalSign nv-sa, CN = GlobalSign Organization Validation CA – SHA256 – G2 verify return:1 […]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":[],"categories":[3],"tags":[28],"_links":{"self":[{"href":"https:\/\/c.ipcpu.com\/wp-json\/wp\/v2\/posts\/1648"}],"collection":[{"href":"https:\/\/c.ipcpu.com\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/c.ipcpu.com\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/c.ipcpu.com\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/c.ipcpu.com\/wp-json\/wp\/v2\/comments?post=1648"}],"version-history":[{"count":1,"href":"https:\/\/c.ipcpu.com\/wp-json\/wp\/v2\/posts\/1648\/revisions"}],"predecessor-version":[{"id":1649,"href":"https:\/\/c.ipcpu.com\/wp-json\/wp\/v2\/posts\/1648\/revisions\/1649"}],"wp:attachment":[{"href":"https:\/\/c.ipcpu.com\/wp-json\/wp\/v2\/media?parent=1648"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/c.ipcpu.com\/wp-json\/wp\/v2\/categories?post=1648"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/c.ipcpu.com\/wp-json\/wp\/v2\/tags?post=1648"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}