Ssl
使用 CLI 工具顯示遠端 SSL 證書詳細資訊
在 Chrome 中,點擊綠色 HTTPS 鎖定圖示會打開一個包含證書詳細資訊的視窗:
當我對 cURL 進行同樣的嘗試時,我只得到了一些資訊:
$ curl -vvI https://gnupg.org * Rebuilt URL to: https://gnupg.org/ * Hostname was NOT found in DNS cache * Trying 217.69.76.60... * Connected to gnupg.org (217.69.76.60) port 443 (#0) * TLS 1.2 connection using TLS_DHE_RSA_WITH_AES_128_CBC_SHA * Server certificate: gnupg.org * Server certificate: Gandi Standard SSL CA * Server certificate: UTN-USERFirst-Hardware > HEAD / HTTP/1.1 > User-Agent: curl/7.37.1 > Host: gnupg.org > Accept: */*知道如何從命令行工具(cURL 或其他)獲取完整的證書資訊嗎?
您應該能夠將 OpenSSL 用於您的目的:
echo | openssl s_client -showcerts -servername gnupg.org -connect gnupg.org:443 2>/dev/null | openssl x509 -inform pem -noout -text該命令連接到所需的網站並將 PEM 格式的證書傳送到另一個讀取和解析詳細資訊的 openssl 命令。
(請注意,“冗餘”
-servername參數對於openssl使用 SNI 支持發出請求是必需的。)
基本證書資訊
這是我的日常腳本:
curl --insecure -vvI https://www.example.com 2>&1 | awk 'BEGIN { cert=0 } /^\* SSL connection/ { cert=1 } /^\*/ { if (cert) print }'輸出:
* SSL connection using TLSv1.3 / TLS_AES_256_GCM_SHA384 * ALPN, server accepted to use h2 * Server certificate: * subject: C=US; ST=California; L=Los Angeles; O=Verizon Digital Media Services, Inc.; CN=www.example.org * start date: Dec 10 00:00:00 2021 GMT * expire date: Dec 9 23:59:59 2022 GMT * issuer: C=US; O=DigiCert Inc; CN=DigiCert TLS RSA SHA256 2020 CA1 * SSL certificate verify ok. * Using HTTP2, server supports multi-use * Connection state changed (HTTP/2 confirmed) * Copying HTTP/2 data in stream buffer to connection buffer after upgrade: len=0 * Using Stream ID: 1 (easy handle 0x5588e1f5ae30) * TLSv1.3 (IN), TLS handshake, Newsession Ticket (4): * TLSv1.3 (IN), TLS handshake, Newsession Ticket (4): * old SSL session ID is stale, removing * Connection state changed (MAX_CONCURRENT_STREAMS == 100)! * Connection #0 to host www.example.com left intact完整的證書資訊
openssl s_client -connect www.example.com:443 </dev/null 2>/dev/null | openssl x509 -inform pem -text