今天对一个已经知道URL 的网站,想要导出他的证书,可以试试下面的方法:
1: 导出证书信息: (以doc.splunk.com 网站为例)
openssl s_client -connect docs.splunk.com:443
CONNECTED(00000006)
depth=2 C = US, O = DigiCert Inc, OU = www.digicert.com, CN = DigiCert Global Root CA
verify return:1
depth=1 C = US, O = DigiCert Inc, CN = DigiCert TLS RSA SHA256 2020 CA1
verify return:1
depth=0 C = US, ST = California, L = San Francisco, O = Splunk Inc., CN = splunk.com
verify return:1
---
Certificate chain
0 s:/C=US/ST=California/L=San Francisco/O=Splunk Inc./CN=splunk.com
i:/C=US/O=DigiCert Inc/CN=DigiCert TLS RSA SHA256 2020 CA1
1 s:/C=US/O=DigiCert Inc/CN=DigiCert TLS RSA SHA256 2020 CA1
i:/C=US/O=DigiCert Inc/OU=www.digicert.com/CN=DigiCert Global Root CA
---
Server certificate
-----BEGIN CERTIFICATE-----
XXXXXXXXXXX-AAAAAAAA (这段内容隐蔽掉)
-----END CERTIFICATE-----
2: 把上面 -----BEGIN CERTIFICATE----- 和 -----END CERTIFICATE----- copy 到一个空文件,命名: one.cer
3: 然后检查这个cert 的属性:
openssl x509 -in one.cer -noout -text
Certificate:
Data:
Version: 3 (0x2)
Serial Number:2022/9/15
0c:b9:2c:5e:63:5f:b2:62:6d:62:28:1d:04:4f:00:0c
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=US, O=DigiCert Inc, CN=DigiCert TLS RSA SHA256 2020 CA1
Validity
Not Before: Nov 29 00:00:00 2021 GMT
Not After : Nov 29 23:59:59 2022 GMT
Subject: C=US, ST=California, L=San Francisco, O=Splunk Inc., CN=splunk.com
看上面的有效期和 certification chain, 是一样的,就可以了。
4: 去网页:Documentation - Splunk Documentation 上面看到的证书的有效期和证书链都是一样的。