我想使用OpenSSL或任何本机Linux命令来获取SQL Server的证书。我尝试的方式与使用HTTP服务器的方式相同,但它不起作用。
openssl s_client -showcerts -connect MY.MSSQL.SERVER:1433
CONNECTED(00000003)
write:errno=104
---
no peer certificate available
---
No client certificate CA names sent
---
SSL handshake has read 0 bytes and written 249 bytes
---
New, (NONE), Cipher is (NONE)
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
---
答案 0 :(得分:1)
accees setOptions by ref提供了一个python脚本,“一种连接到MS SQL Server并将证书作为PEM进行转储的糟糕方法” (他的措辞)是python。是的,这不是您要的,而是您有关OpenSSL的。但是其中一条评论部分说明了
使用openssl,我可以得到如下所示的相同结果:
openssl s_client -showcerts -connect <hostname>:<port> </dev/null 2>/dev/null|openssl x509 -outform PEM >dbcertfile.pem。
(不知道“某处”会在哪里。)
我尝试过openssl方法,但对我而言却失败了:
rpresser@11MTLDEV-L11626:~$ openssl s_client -showcerts -connect mysqlserver.mydomain.com:1433 </dev/null 2>/dev/null|openssl x509 -outform PEM >dbcertfile.pem
unable to load certificate
140246796931520:error:0909006C:PEM routines:get_name:no start line:../crypto/pem/pem_lib.c:745:Expecting: TRUSTED CERTIFICATE
也许这是因为不信任自签名证书(请参见下文)吗?我真的不确定。
修复了一个缩进错误后,python方法对我有用:
rpresser@11MTLDEV-L11626:/mnt/c/temp$ python3 get_tds_cert.py redacted.domain.COM 1433
# get_tdspacket: 0, tdspacket len: 43
# Header: {'type': 4, 'status': 1, 'length': 43, 'channel': 0, 'packet': 1, 'window': 0}
# Remaining tdspbuf length: 0
# Starting TLS handshake loop..
# Shaking (0/5)
# get_tdspacket: 0, tdspacket len: 894
# Header: {'type': 18, 'status': 1, 'length': 894, 'channel': 0, 'packet': 0, 'window': 0}
# Remaining tdspbuf length: 0
# Shaking (1/5)
# get_tdspacket: 0, tdspacket len: 67
# Header: {'type': 18, 'status': 1, 'length': 67, 'channel': 0, 'packet': 0, 'window': 0}
# Remaining tdspbuf length: 0
# Handshake completed, dumping certificates
-----BEGIN CERTIFICATE-----
MIIB+zCCAWSgAwIBAgIQYc0YElx/YYFF/Q0PIYETxDANBgkqhkiG9w0BAQUFADA7
MTkwNwYDVQQDHjAAUwBTAEwAXwBTAGUAbABmAF8AUwBpAGcAbgBlAGQAXwBGAGEA
bABsAGIAYQBjAGswIBcNMjAwMjAyMDQ0NzA5WhgPMjA1MDAyMDIwNDQ3MDlaMDsx
OTA3BgNVBAMeMABTAFMATABfAFMAZQBsAGYAXwBTAGkAZwBuAGUAZABfAEYAYQBs
AGwAYgBhAGMAazCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAohSQbug4qZug
ji16iKuNpX4OzGc9DPAORaho8LB2AGinol+rEmcTGRofeIg9zeXMbiOwWbrCnT3/
RUDLOW6V4papZ7H/qIcmVIKdzNCezWMlfPd0h4S00kVovHDIbC1t2uhcDdfEIsh+
fbgzS34bkXNACurtV5t8kpPWYDsRwqsCAwEAATANBgkqhkiG9w0BAQUFAAOBgQBr
qfAph+/NF6Cgxisp7UHq9kjQ6sYNCIXfq9mJnRqX+I8H6nxSQfpDlljdvKN3GYeg
SL4jowNL11z5xjpJS9/KhLFwodicWKt0Go/CqusPWJKVJo0HgIn9a1hHPipRbR8w
3+QRy50kaPXm5VOoSg83+CjEg9ri7jfgtWLetq+xoQ==
-----END CERTIFICATE-----
我不必费心修改证书,因为它是This gist所显示的SQL Server self-signed fallback
- 证书信息:
- 公用名:SSL_Self_Signed_Fallback
- 有效期自:2020年2月1日
有效日期:2050年2月1日 序列号:61cd18125c7f618145fd0d0f218113c4
答案 1 :(得分:0)
在https://gist.github.com/lnattrass/a4a91dbf439fc1719d69f7865c1b1791的帮助下,受https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-tds/1ef08b76-1594-40cf-8ce0-d2407133dd3d的启发
groovy(java 11)中类似的implementation,它从sql服务器返回证书链:
fig.add_trace(go.Scatter(
x=x,
y=[10, 20, None, 15, 10, 5, 15, None, 20, 10, 10, 15, 25, 20, 10],
name = '<b>No</b> Gaps', # Style name/legend entry with html tags
connectgaps=True # override default to connect the gaps