Cloudflare

我的服務託管在 Google App Engine 上,位於 Cloudflare CDN 之後。如何檢查我的伺服器的 ssl 證書詳細資訊?

  • April 22, 2019

我不能在 GAE 中使用 CF origin ssl 證書,因為 GAE 不接受它。

我必須從其他 CA 購買 ssl 證書並將其應用於我的服務。舊的 ssl 證書將在一周後到期。如何驗證我是否已成功應用新的 ssl?在瀏覽器中,我只能看到 Cloudflare 頒發的 SSL 證書,因為我的服務是通過 Cloudflare CDN 提供的。

可以通過以下命令檢查 SSL 證書:

curl -vIs4 https://<hostname>/ --resolve <hostname>:443:<origin_ip>

假設域是mycompany.com. 由於它託管在 GAE 上,因此 origin_ip 將是ghs.googlehosted.com

最後的命令是:

curl -vIs4 https://mycompany.com/ --resolve mycompany.com:443:172.217.25.179

部分輸出:

* TLSv1.2 (OUT), TLS handshake, Client hello (1):
* TLSv1.2 (IN), TLS handshake, Server hello (2):
* TLSv1.2 (IN), TLS handshake, Certificate (11):
* TLSv1.2 (IN), TLS handshake, Server key exchange (12):
* TLSv1.2 (IN), TLS handshake, Server finished (14):
* TLSv1.2 (OUT), TLS handshake, Client key exchange (16):
* TLSv1.2 (OUT), TLS change cipher, Client hello (1):
* TLSv1.2 (OUT), TLS handshake, Finished (20):
* TLSv1.2 (IN), TLS change cipher, Client hello (1):
* TLSv1.2 (IN), TLS handshake, Finished (20):
* SSL connection using TLSv1.2 / ECDHE-RSA-CHACHA20-POLY1305
* ALPN, server accepted to use h2
* Server certificate:
*  subject: OU=Domain Control Validated; OU=Gandi Standard Wildcard SSL; CN=*.mycompany.com
*  start date: Apr 11 00:00:00 2019 GMT
*  expire date: Apr 11 23:59:59 2020 GMT
*  subjectAltName: host "www.mycompany.com" matched cert's "*.mycompany.com"
*  issuer: C=FR; ST=Paris; L=Paris; O=Gandi; CN=Gandi Standard SSL CA 2
*  SSL certificate verify ok.

引用自:https://serverfault.com/questions/963617