Ssl-Certificate

Windows如何以加密方式讀取網站證書文件?

  • October 14, 2013

我有一個由 CA 簽名的 .crt 文件。我cat看文件是ascii文本。然而,當我在 Windows 中點兩下 .crt 文件時,它會打開它並以某種方式顯示其中的所有資訊。Windows 是否會自動嘗試所有已知的 CA 公鑰,直到找到可以將該 .crt 文件轉換為資訊的公鑰?如何手動解密證書以查看資訊(最好在 linux 命令中,因為我更了解這些)?

根據 SSL 標準,您看到的 ASCII 字元是 ASCII 編碼的證書。您可以使用許多工具來解碼(而不是解密)證書;這是一個例子:

[me@anni tmp]$ cat /tmp/cert
-----BEGIN CERTIFICATE-----
MIIFNDCCBBygAwIBAgIDB9RMMA0GCSqGSIb3DQEBBQUAMDwxCzAJBgNVBAYTAlVT
[many lines deleted to save space]
n0lvNATb6/RC7CmSMw5RelfVqm19YorWPeQ8c/a6uHSgYhLboPeNTA==
-----END CERTIFICATE-----
[me@anni tmp]$ openssl x509 -text -noout -in /tmp/cert
Certificate:
   Data:
       Version: 3 (0x2)
       Serial Number: 513100 (0x7d44c)
   Signature Algorithm: sha1WithRSAEncryption
       Issuer: C=US, O=GeoTrust, Inc., CN=RapidSSL CA
       Validity
           Not Before: Aug 16 06:07:05 2012 GMT
           Not After : Oct 16 09:42:56 2016 GMT
       Subject: serialNumber=5VXPb8ozky-0FKC/YsTB4dvcoUwVakXy, OU=GT42621204, OU=See www.rapidssl.com/resources/cps (c)12, OU=Domain Control Validated - RapidSSL(R), CN=www.teaparty.net
       Subject Public Key Info:
           Public Key Algorithm: rsaEncryption
               Public-Key: (2048 bit)
               Modulus:
                   00:aa:e2:fd:b3:a2:5c:fa:33:0b:fa:14:8a:3a:3d:
[...]
                   f8:01
               Exponent: 65537 (0x10001)
       X509v3 extensions:
           X509v3 Authority Key Identifier: 
               keyid:6B:69:3D:6A:18:42:4A:DD:8F:02:65:39:FD:35:24:86:78:91:16:30

           X509v3 Key Usage: critical
               Digital Signature, Key Encipherment
           X509v3 Extended Key Usage: 
               TLS Web Server Authentication, TLS Web Client Authentication
           X509v3 Subject Alternative Name: 
               DNS:www.teaparty.net, DNS:teaparty.net
           X509v3 CRL Distribution Points: 

               Full Name:
                 URI:http://rapidssl-crl.geotrust.com/crls/rapidssl.crl

           X509v3 Subject Key Identifier: 
               1A:6D:59:8A:CD:C0:FD:AC:3C:D0:AF:C0:99:48:F5:5C:B9:AD:A9:E3
           X509v3 Basic Constraints: critical
               CA:FALSE
           Authority Information Access: 
               OCSP - URI:http://rapidssl-ocsp.geotrust.com
               CA Issuers - URI:http://rapidssl-aia.geotrust.com/rapidssl.crt

           X509v3 Certificate Policies: 
               Policy: 2.16.840.1.113733.1.7.54
                 CPS: http://www.geotrust.com/resources/cps

   Signature Algorithm: sha1WithRSAEncryption
        28:30:d9:19:a8:5e:8e:56:f6:98:1c:e0:be:b3:39:6e:6f:4c:
[...]
        a0:f7:8d:4c

引用自:https://serverfault.com/questions/539265