为什么Java的SSL返回的Google证书上的序列号与Firefox和Chrome返回的序列号不同？

Question

我在Java中使用以下代码打印出Google证书的各种属性。

import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLSession;
import javax.net.ssl.SSLSocket;
import javax.net.SocketFactory;

import java.io.*;
import java.math.*;
import java.net.*;
import java.security.*;

import javax.net.*;
import javax.security.cert.X509Certificate;

/*
 * Start an connection with google.com and submit to Google to figure out how to get the certificate.
 * Should not pull from artificial context.
 */
public class MWE{
    public static void main(String[] args) throws Exception{
        SSLContext sslContext = SSLContext.getDefault();
        SocketFactory clientSocketFactory = sslContext.getSocketFactory();

        String remoteHost = "google.com";
        int remotePort = 443;
        SSLSocket socket = null;
        try {
            //Lookup the "common name" field of the certificate from the remote server:
            socket = (SSLSocket) clientSocketFactory.createSocket(remoteHost, remotePort);
            socket.setEnabledCipherSuites(socket.getSupportedCipherSuites());
            socket.startHandshake();
        } catch (IOException ioe) {
            ioe.printStackTrace();
        }
        X509Certificate[] c = socket.getSession().getPeerCertificateChain();
        X509Certificate serverCertificate = c[0]; //can I control which instance of this is used?
        Principal serverDN = serverCertificate.getSubjectDN();
        BigInteger serverSerialNumber = serverCertificate.getSerialNumber();

        System.out.println(serverCertificate.getClass());
        System.out.println(serverDN);
        System.out.println(serverSerialNumber.toString(16));
        System.out.println(serverCertificate.getSigAlgName());

        System.out.println(serverCertificate.getNotBefore());
        System.out.println(serverCertificate.getNotAfter());
    }
}

我得到的输出如下：

CN=*.google.com, O=Google Inc, L=Mountain View, ST=California, C=US
1484d9a3000000007d35
SHA1withRSA
Wed Feb 20 05:34:43 PST 2013
Fri Jun 07 12:43:27 PDT 2013

但是，当我从Firefox或Chrome查看证书时，除序列号外，所有内容都匹配。

Answer 1

您的Firefox证书信息显示www.google.com的证书，而您的Java代码显示google.com的证书。

这两个网站有不同的证书，因此有不同的连续出版物。