how to check certificate with openssl

• Subject : 소유자의 데이터로 domain 정보가 포함된다.
• Issuer : CA를 의미

CA(Certificate Authority)

subject 및 issuer 확인

$ curl -sL https://certs.godaddy.com/repository/gdroot-g2.crt | openssl x509 -subject -noout
subject=C = US, ST = Arizona, L = Scottsdale, O = "GoDaddy.com, Inc.", CN = Go Daddy Root Certificate Authority - G2
$ curl -sL https://certs.godaddy.com/repository/gdroot-g2.crt | openssl x509 -issuer -noout
issuer=C = US, ST = Arizona, L = Scottsdale, O = "GoDaddy.com, Inc.", CN = Go Daddy Root Certificate Authority - G2

expire time 확인

$ curl -sL https://certs.godaddy.com/repository/gdroot-g2.crt | openssl x509 -enddate -noout
notAfter=Dec 31 23:59:59 2037 GMT

certificate

subject 및 issuer 확인

$ cat jacobbaek.com/cert.pem  | openssl x509 -subject -noout
subject=CN = *.jacobbaek.com
$ cat jacobbaek.com/cert.pem  | openssl x509 -issuer -noout
issuer=C = US, O = Let's Encrypt, CN = R3

expire time 확인

$ cat jacobbaek.com/cert.pem  | openssl x509 -enddate -noout
notAfter=Jan 15 01:50:45 2024 GMT

certificate

server certificate 가져오기

$ SERVERURL="www.google.com"
$ openssl s_client -connect $SERVERURL:443 2>/dev/null </dev/null |  sed -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p'

subjet 확인

$ SERVERURL="www.google.com"
$ openssl s_client -connect $SERVERURL:443 2>/dev/null </dev/null |  sed -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p' | openssl x509 -subject -noout

References

https://stackoverflow.com/questions/40061263/what-is-ca-certificate-and-why-do-we-need-it