我从GeoTrust购买了SSL证书。
在检查不同设备上的证书链时,我发现两个不同的链。这两个链都有效!
在Root-CA的链端 C = US,O = Equifax,OU = Equifax安全证书颁发机构,另一个在Root-CA C = US,O = GeoTrust Inc 。,CN = GeoTrust Global CA 。
这些链之间的差异在第一个链“GeoTrust Global CA”由“Equifax Secure Certificate Authority”签署,而在第二个“GeoTrust Global CA”中是自签名的。但在两个链条中,“GeoTrust Global CA”的指纹是“C0:7A:98:68:8D:89:FB:AB:05:64:0C:11:7D:AA:7D:65:B8:CA: CC:4E“,只有序列号不同。
这怎么可能?我认为ssl证书,他们的指纹和cahins是独一无二的!
Chain 1)
1a) C = US,O = GeoTrust Inc.,OU =域验证SSL,CN = GeoTrust DV SSL CA 签署 C = US,O = GeoTrust Inc.,CN = GeoTrust Global CA
Data:
Version: 3 (0x2)
Serial Number: 145106 (0x236d2)
Signature Algorithm: sha1WithRSAEncryption
Issuer: C=US, O=GeoTrust Inc., CN=GeoTrust Global CA
Validity
Not Before: Feb 26 21:32:31 2010 GMT
Not After : Feb 25 21:32:31 2020 GMT
Subject: C=US, O=GeoTrust Inc., OU=Domain Validated SSL, CN=GeoTrust DV SSL CA
X509v3 extensions:
X509v3 Key Usage: critical
Certificate Sign, CRL Sign
X509v3 Subject Key Identifier:
8C:F4:D9:93:0A:47:BC:00:A0:4A:CE:4B:75:6E:A0:B6:B0:B2:7E:FC
X509v3 Authority Key Identifier:
keyid:C0:7A:98:68:8D:89:FB:AB:05:64:0C:11:7D:AA:7D:65:B8:CA:CC:4E
1b) C = US,O = GeoTrust Inc.,CN = GeoTrust Global CA 签署 C = US,O = Equifax,OU = Equifax安全证书颁发机构
Data:
Version: 3 (0x2)
Serial Number: 1227750 (0x12bbe6)
Signature Algorithm: sha1WithRSAEncryption
Issuer: C=US, O=Equifax, OU=Equifax Secure Certificate Authority
Validity
Not Before: May 21 04:00:00 2002 GMT
Not After : Aug 21 04:00:00 2018 GMT
Subject: C=US, O=GeoTrust Inc., CN=GeoTrust Global CA
X509v3 extensions:
X509v3 Authority Key Identifier:
keyid:48:E6:68:F9:2B:D2:B2:95:D7:47:D8:23:20:10:4F:33:98:90:9F:D4
X509v3 Subject Key Identifier:
C0:7A:98:68:8D:89:FB:AB:05:64:0C:11:7D:AA:7D:65:B8:CA:CC:4E
X509v3 Basic Constraints: critical
CA:TRUE
1c)Root-CA C = US,O = Equifax,OU = Equifax安全证书颁发机构
Data:
Version: 3 (0x2)
Serial Number: 903804111 (0x35def4cf)
Signature Algorithm: sha1WithRSAEncryption
Issuer: C=US, O=Equifax, OU=Equifax Secure Certificate Authority
Validity
Not Before: Aug 22 16:41:51 1998 GMT
Not After : Aug 22 16:41:51 2018 GMT
Subject: C=US, O=Equifax, OU=Equifax Secure Certificate Authority
X509v3 extensions:
X509v3 Private Key Usage Period:
Not After: Aug 22 16:41:51 2018 GMT
X509v3 Key Usage:
Certificate Sign, CRL Sign
X509v3 Authority Key Identifier:
keyid:48:E6:68:F9:2B:D2:B2:95:D7:47:D8:23:20:10:4F:33:98:90:9F:D4
X509v3 Subject Key Identifier:
48:E6:68:F9:2B:D2:B2:95:D7:47:D8:23:20:10:4F:33:98:90:9F:D4
链2)
2a) C = US,O = GeoTrust Inc.,OU =域验证SSL,CN = GeoTrust DV SSL CA 签署 C = US,O = GeoTrust Inc.,CN = GeoTrust Global CA
Data:
Version: 3 (0x2)
Serial Number: 145106 (0x236d2)
Signature Algorithm: sha1WithRSAEncryption
Issuer: C=US, O=GeoTrust Inc., CN=GeoTrust Global CA
Validity
Not Before: Feb 26 21:32:31 2010 GMT
Not After : Feb 25 21:32:31 2020 GMT
Subject: C=US, O=GeoTrust Inc., OU=Domain Validated SSL, CN=GeoTrust DV SSL CA
X509v3 extensions:
X509v3 Key Usage: critical
Certificate Sign, CRL Sign
X509v3 Subject Key Identifier:
8C:F4:D9:93:0A:47:BC:00:A0:4A:CE:4B:75:6E:A0:B6:B0:B2:7E:FC
X509v3 Authority Key Identifier:
keyid:C0:7A:98:68:8D:89:FB:AB:05:64:0C:11:7D:AA:7D:65:B8:CA:CC:4E
2b)Root-CA C = US,O = GeoTrust Inc.,CN = GeoTrust Global CA
Data:
Version: 3 (0x2)
Serial Number: 144470 (0x23456)
Signature Algorithm: sha1WithRSAEncryption
Issuer: C=US, O=GeoTrust Inc., CN=GeoTrust Global CA
Validity
Not Before: May 21 04:00:00 2002 GMT
Not After : May 21 04:00:00 2022 GMT
Subject: C=US, O=GeoTrust Inc., CN=GeoTrust Global CA
X509v3 extensions:
X509v3 Basic Constraints: critical
CA:TRUE
X509v3 Subject Key Identifier:
C0:7A:98:68:8D:89:FB:AB:05:64:0C:11:7D:AA:7D:65:B8:CA:CC:4E
X509v3 Authority Key Identifier:
keyid:C0:7A:98:68:8D:89:FB:AB:05:64:0C:11:7D:AA:7D:65:B8:CA:CC:4E
答案 0 :(得分:4)
交叉证书通常用于使根证书在被接受到Mozilla / Microsoft / etc根程序之前受到信任。当这些程序接受了根目录时,它可以用作普通的自签名证书。