Security/System&Tools
how to check certificate with openssl
Jacob_baek
2023. 11. 29. 10:38
- Subject : 소유자의 데이터로 domain 정보가 포함된다.
- Issuer : CA를 의미
CA(Certificate Authority)
subject 및 issuer 확인
$ curl -sL https://certs.godaddy.com/repository/gdroot-g2.crt | openssl x509 -subject -noout
subject=C = US, ST = Arizona, L = Scottsdale, O = "GoDaddy.com, Inc.", CN = Go Daddy Root Certificate Authority - G2
$ curl -sL https://certs.godaddy.com/repository/gdroot-g2.crt | openssl x509 -issuer -noout
issuer=C = US, ST = Arizona, L = Scottsdale, O = "GoDaddy.com, Inc.", CN = Go Daddy Root Certificate Authority - G2
expire time 확인
$ curl -sL https://certs.godaddy.com/repository/gdroot-g2.crt | openssl x509 -enddate -noout
notAfter=Dec 31 23:59:59 2037 GMT
certificate
subject 및 issuer 확인
$ cat jacobbaek.com/cert.pem | openssl x509 -subject -noout
subject=CN = *.jacobbaek.com
$ cat jacobbaek.com/cert.pem | openssl x509 -issuer -noout
issuer=C = US, O = Let's Encrypt, CN = R3
expire time 확인
$ cat jacobbaek.com/cert.pem | openssl x509 -enddate -noout
notAfter=Jan 15 01:50:45 2024 GMT
certificate
server certificate 가져오기
$ SERVERURL="www.google.com"
$ openssl s_client -connect $SERVERURL:443 2>/dev/null </dev/null | sed -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p'
subjet 확인
$ SERVERURL="www.google.com"
$ openssl s_client -connect $SERVERURL:443 2>/dev/null </dev/null | sed -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p' | openssl x509 -subject -noout
References
https://stackoverflow.com/questions/40061263/what-is-ca-certificate-and-why-do-we-need-it