Cloudflare
我的服務託管在 Google App Engine 上,位於 Cloudflare CDN 之後。如何檢查我的伺服器的 ssl 證書詳細資訊?
我不能在 GAE 中使用 CF origin ssl 證書,因為 GAE 不接受它。
我必須從其他 CA 購買 ssl 證書並將其應用於我的服務。舊的 ssl 證書將在一周後到期。如何驗證我是否已成功應用新的 ssl?在瀏覽器中,我只能看到 Cloudflare 頒發的 SSL 證書,因為我的服務是通過 Cloudflare CDN 提供的。
可以通過以下命令檢查 SSL 證書:
curl -vIs4 https://<hostname>/ --resolve <hostname>:443:<origin_ip>
假設域是
mycompany.com
. 由於它託管在 GAE 上,因此 origin_ip 將是ghs.googlehosted.com
最後的命令是:
curl -vIs4 https://mycompany.com/ --resolve mycompany.com:443:172.217.25.179
部分輸出:
* TLSv1.2 (OUT), TLS handshake, Client hello (1): * TLSv1.2 (IN), TLS handshake, Server hello (2): * TLSv1.2 (IN), TLS handshake, Certificate (11): * TLSv1.2 (IN), TLS handshake, Server key exchange (12): * TLSv1.2 (IN), TLS handshake, Server finished (14): * TLSv1.2 (OUT), TLS handshake, Client key exchange (16): * TLSv1.2 (OUT), TLS change cipher, Client hello (1): * TLSv1.2 (OUT), TLS handshake, Finished (20): * TLSv1.2 (IN), TLS change cipher, Client hello (1): * TLSv1.2 (IN), TLS handshake, Finished (20): * SSL connection using TLSv1.2 / ECDHE-RSA-CHACHA20-POLY1305 * ALPN, server accepted to use h2 * Server certificate: * subject: OU=Domain Control Validated; OU=Gandi Standard Wildcard SSL; CN=*.mycompany.com * start date: Apr 11 00:00:00 2019 GMT * expire date: Apr 11 23:59:59 2020 GMT * subjectAltName: host "www.mycompany.com" matched cert's "*.mycompany.com" * issuer: C=FR; ST=Paris; L=Paris; O=Gandi; CN=Gandi Standard SSL CA 2 * SSL certificate verify ok.