openssl代替telnet

openssl验证证书

操作系统根证书位置:/etc/pki/tls/certs/ca-bundle.crt

openssl命令:
openssl s_client -connect hkzww.com:443 -servername hkzww.com
openssl s_client -verify_hostname hkzww.com -connect hkzww.com:443 -servername hkzww.com
openssl s_client -verify 2 -connect hkzww.com:443
openssl crl2pkcs7 -nocrl -certfile hkzww.com.crt | openssl pkcs7 -print_certs -noout

查看证书链:
openssl crl2pkcs7 -nocrl -certfile chain.pem | openssl pkcs7 -print_certs -noout
subject=/CN=vipads.com.cn
issuer=/C=US/O=Let's Encrypt/CN=R3

subject=/C=US/O=Let's Encrypt/CN=R3
issuer=/C=US/O=Internet Security Research Group/CN=ISRG Root X1

subject=/C=US/O=Internet Security Research Group/CN=ISRG Root X1
issuer=/O=Digital Signature Trust Co./CN=DST Root CA X3

单独验证一个证书是有意料之中的错误的:
openssl verify cert.pem
CN = vipads.com.cn
error 20 at 0 depth lookup: unable to get local issuer certificate
error cert.pem: verification failed

有中间证书和根证书的验证过程:
$ openssl verify -CAfile ca.pem \

             -untrusted intermediate.pem \
             cert.pem

cert.pem: OK

money slow
文章已创建 1586

相关文章

开始在上面输入您的搜索词,然后按回车进行搜索。按ESC取消。

返回顶部
京ICP备11047313号-20