我必须从我的本地环境证书链中从remore服务器检索和下载。 我可以使用浏览器嵌入式服务来做到这一点,但据我所知,这种方法不适用于证书链(或有一些瓶颈)。这就是我尝试使用openssl跟随命令的原因:
openssl s_client -showcerts -connect host.host:9999
将打印出适当的证书信息,如:
CONNECTED(0000015C) depth=1 /C=US/O=Google Inc/CN=Google Internet Authority verify error:num=20:unable to get local issuer certificate verify return:0 --- Certificate chain 0 s:/C=US/ST=California/L=Mountain View/O=Google Inc/CN=google.com i:/C=US/O=Google Inc/CN=Google Internet Authority -----BEGIN CERTIFICATE----- MIIcFzCCG4CgAwIBAgIGR09PUAFxMA0GCSqGSIb3DQEBBQUAMEYxCzAJBgNVBAYT -----END CERTIFICATE----- 1 s:/C=US/O=Google Inc/CN=Google Internet Authority i:/C=US/O=Equifax/OU=Equifax Secure Certificate Authority -----BEGIN CERTIFICATE----- MIICsDCCAhmgAwIBAgIDC2dxMA0GCSqGSIb3DQEBBQUAME4xCzAJBgNVBAYTAlVT -----END CERTIFICATE----- --- Server certificate subject=/C=US/ST=California/L=Mountain View/O=Google Inc/CN=google.com issuer=/C=US/O=Google Inc/CN=Google Internet Authority --- No client certificate CA names sent --- SSL handshake has read 8040 bytes and written 310 bytes
如何以.crt或.cer格式获取此内容?我可以将其复制/粘贴到具有适当扩展名的文本文件中吗?如果是,链的起点和终点在哪里?
答案 0 :(得分:0)
我不知道'.crt'或'.cer'格式究竟是什么意思。如果您在 ----- BEGIN CERTIFICATE ----- 和 ----- END CERTIFICATE ----- 之间复制这些输出并保存在文本文件中,您将获得PEM格式的证书链文件(openssl的默认值)。您的文件应如下所示(链中有2个证书):
-----BEGIN CERTIFICATE-----
MIIF/DCCBWWgAwIBAgIKUCYyawAAAAB1rzANBgkqhkiG9w0BAQUFADBGMQswCQYD
<the rest of the certificate 1>
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
MIICsDCCAhmgAwIBAgIDC2dxMA0GCSqGSIb3DQEBBQUAME4xCzAJBgNVBAYTAlVT
<the rest of the certificate 2>
-----END CERTIFICATE-----