尝试通过脚本批处理中的openssl命令自动执行标识执行以检查证书是否为根CA,发行CA,客户端的服务服务器。我们该怎么做?以及如何在命令行中做到这一点?
答案 0 :(得分:1)
主题和发行者可以给我们一个主意。
CA $ openssl x509 -subject -issuer -noout -in RCA.Zone_A.crt
subject=CN = www.RCA.Zone_A.rsa2048.com, emailAddress = RCA.Zone_A.rsa2048@RCA.Zone_A.rsa2048.com, O = RCA.Zone_A.rsa2048, L = CA, C = US
issuer=CN = www.RCA.Zone_A.rsa2048.com, emailAddress = RCA.Zone_A.rsa2048@RCA.Zone_A.rsa2048.com, O = RCA.Zone_A.rsa2048, L = CA, C = US
中级CA $ openssl x509 -subject -issuer -noout -in ICA_00.RCA.Zone_A.crt
subject=CN = www.ICA_00.RCA.Zone_A.rsa2048.com, emailAddress = ICA_00.RCA.Zone_A.rsa2048@ICA_00.RCA.Zone_A.rsa2048.com, O = ICA_00.RCA.Zone_A.rsa2048, L = CA, C = US
issuer=CN = www.RCA.Zone_A.rsa2048.com, emailAddress = RCA.Zone_A.rsa2048@RCA.Zone_A.rsa2048.com, O = RCA.Zone_A.rsa2048, L = CA, C = US
依赖服务 $ openssl x509 -subject -issuer -noout -in service_00.ICA_00.RCA.Zone_A.crt
subject=CN = www.service_00.ICA_00.RCA.Zone_A.rsa2048.com, emailAddress = service_00.ICA_00.RCA.Zone_A.rsa2048@service_00.ICA_00.RCA.Zone_A.rsa2048.com, O = service_00.ICA_00.RCA.Zone_A.rsa2048, L = CA, C = US
issuer=CN = www.ICA_00.RCA.Zone_A.rsa2048.com, emailAddress = ICA_00.RCA.Zone_A.rsa2048@ICA_00.RCA.Zone_A.rsa2048.com, O = ICA_00.RCA.Zone_A.rsa2048, L = CA, C = US