OpenSSL
OpenSSL
接続して証明書を取得して有効期限の表示
openssl s_client -connect <host>:<port> 2>/dev/null </dev/null | openssl x509 -noout -dates実行結果の例
$ openssl s_client -connect example.com:443 2>/dev/null </dev/null | openssl x509 -noout -dates
notBefore=Jan 30 00:00:00 2024 GMT
notAfter=Mar 1 23:59:59 2025 GMT接続して証明書を取得して中身の各フィールドを表示
openssl s_client -connect <host>:<port> 2>/dev/null </dev/null | openssl x509 -noout -text実行結果の例
$ openssl s_client -connect example.com:443 2>/dev/null </dev/null | openssl x509 -noout -text
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
07:5b:ce:f3:06:89:c8:ad:df:13:e5:1a:f4:af:e1:87
Signature Algorithm: sha256WithRSAEncryption
Issuer: C = US, O = DigiCert Inc, CN = DigiCert Global G2 TLS RSA SHA256 2020 CA1
Validity
Not Before: Jan 30 00:00:00 2024 GMT
Not After : Mar 1 23:59:59 2025 GMT
Subject: C = US, ST = California, L = Los Angeles, O = Internet\C2\A0Corporation\C2\A0for\C2\A0Assigned\C2\A0Names\C2\A0and\C2\A0Numbers, CN = www.example.org
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:86:85:0f:bb:0e:f9:ca:5f:d9:f5:e0:0a:32:2c:
33:d9:aa:0e:07:29:a8:2f:08:ad:78:bd:c2:06:bf:
f7:2d:2b:a6:a7:27:3d:53:a6:4c:c3:4b:b2:27:77:
20:d6:c1:54:49:b8:08:da:f9:70:a9:61:f6:b2:49:
9d:69:57:da:fb:6d:24:34:72:2e:47:f0:04:3f:9d:
b1:5b:e2:bc:66:31:59:32:e6:a9:7e:bf:d4:b0:d4:
64:f5:6b:ca:7b:ff:72:5b:5e:9a:d8:3f:d4:06:b2:
f3:c8:dc:8f:66:5a:46:84:66:a8:18:15:79:a7:08:
ce:05:3c:fb:39:89:ef:6d:fa:4e:71:52:7b:b7:e4:
a0:a4:9c:96:c0:61:3d:a4:0a:70:4d:c3:8e:cd:6e:
b3:32:6c:f2:c7:44:09:04:dd:a0:55:fd:23:a5:20:
78:b2:85:5e:d8:3b:ad:17:ff:85:c5:b9:74:8d:33:
b9:b8:57:6e:b5:bc:69:65:db:0b:3c:92:55:99:f4:
73:b4:64:24:ca:67:4c:28:99:cc:dc:67:3d:79:c7:
16:9c:2b:e6:ab:aa:aa:35:72:37:f6:81:2a:48:e8:
3f:4e:19:9a:bf:9e:46:aa:32:93:ff:a5:b2:5a:b4:
b1:2f:1e:69:84:92:1d:b0:b9:8d:af:f2:31:6c:95:
86:f3
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Authority Key Identifier:
keyid:74:85:80:C0:66:C7:DF:37:DE:CF:BD:29:37:AA:03:1D:BE:ED:CD:17
X509v3 Subject Key Identifier:
4C:FE:D0:12:4D:2E:21:CF:6B:FA:F2:F2:B8:4C:49:02:1D:31:91:8A
X509v3 Subject Alternative Name:
DNS:www.example.org, DNS:example.net, DNS:example.edu, DNS:example.com, DNS:example.org, DNS:www.example.com, DNS:www.example.edu, DNS:www.example.net
X509v3 Certificate Policies:
Policy: 2.23.140.1.2.2
CPS: http://www.digicert.com/CPS
X509v3 Key Usage: critical
Digital Signature, Key Encipherment
X509v3 Extended Key Usage:
TLS Web Server Authentication, TLS Web Client Authentication
X509v3 CRL Distribution Points:
Full Name:
URI:http://crl3.digicert.com/DigiCertGlobalG2TLSRSASHA2562020CA1-1.crl
Full Name:
URI:http://crl4.digicert.com/DigiCertGlobalG2TLSRSASHA2562020CA1-1.crl
Authority Information Access:
OCSP - URI:http://ocsp.digicert.com
CA Issuers - URI:http://cacerts.digicert.com/DigiCertGlobalG2TLSRSASHA2562020CA1-1.crt
X509v3 Basic Constraints: critical
CA:FALSE
CT Precertificate SCTs:
Signed Certificate Timestamp:
Version : v1 (0x0)
Log ID : 4E:75:A3:27:5C:9A:10:C3:38:5B:6C:D4:DF:3F:52:EB:
1D:F0:E0:8E:1B:8D:69:C0:B1:FA:64:B1:62:9A:39:DF
Timestamp : Jan 30 19:22:50.340 2024 GMT
Extensions: none
Signature : ecdsa-with-SHA256
30:43:02:1F:40:51:0A:0C:4F:6C:10:55:C6:17:16:67:
6E:9A:F0:90:9E:F3:73:F5:25:9E:B0:9A:FE:7A:1A:C5:
5C:C8:C0:02:20:38:29:31:B1:28:E4:72:48:4D:34:4F:
9E:8C:93:E2:61:BC:70:BA:D6:8C:4B:E1:72:15:1D:11:
C5:94:BA:4D:53
Signed Certificate Timestamp:
Version : v1 (0x0)
Log ID : 7D:59:1E:12:E1:78:2A:7B:1C:61:67:7C:5E:FD:F8:D0:
87:5C:14:A0:4E:95:9E:B9:03:2F:D9:0E:8C:2E:79:B8
Timestamp : Jan 30 19:22:50.288 2024 GMT
Extensions: none
Signature : ecdsa-with-SHA256
30:45:02:20:5D:BF:96:77:A5:91:5B:7E:0A:0C:DE:D1:
A9:09:33:37:67:10:4C:42:CC:41:45:27:53:4B:A7:7C:
77:63:40:73:02:21:00:B2:E8:09:3F:66:4C:C3:7D:3B:
21:73:20:15:79:32:45:D5:2F:2B:93:7F:63:80:CC:03:
9A:ED:DF:31:D8:7E:97
Signed Certificate Timestamp:
Version : v1 (0x0)
Log ID : E6:D2:31:63:40:77:8C:C1:10:41:06:D7:71:B9:CE:C1:
D2:40:F6:96:84:86:FB:BA:87:32:1D:FD:1E:37:8E:50
Timestamp : Jan 30 19:22:50.335 2024 GMT
Extensions: none
Signature : ecdsa-with-SHA256
30:46:02:21:00:E0:AA:21:FD:58:B3:75:05:35:B6:36:
76:13:65:46:81:64:97:5E:4C:27:42:68:98:86:60:1E:
29:C5:4B:1D:E0:02:21:00:FB:24:81:85:B1:D1:A8:97:
B9:2C:B3:6A:5E:E2:56:2B:0A:03:D5:73:E8:86:66:4B:
AA:9E:3D:BA:86:A8:6B:D1
Signature Algorithm: sha256WithRSAEncryption
04:e1:6e:02:3e:0d:e3:23:46:f4:e3:96:35:05:93:35:22:02:
0b:84:5d:e2:73:86:d4:74:4f:fc:1b:27:af:3e:ca:ad:c3:ce:
46:d6:fa:0f:e2:71:f9:0d:1a:9a:13:b7:d5:08:48:bd:50:58:
b3:5e:20:63:86:29:ca:3e:cc:cc:78:26:e1:59:8f:5d:ca:8b:
bc:49:31:6f:61:bd:42:ff:61:62:e1:22:35:24:26:9b:57:eb:
e5:00:0d:ff:40:33:6c:46:c2:33:77:08:98:b2:7a:f6:43:f9:
6d:48:df:bf:fe:fa:28:1e:7b:8a:cf:2d:61:ff:6c:87:98:a4:
2c:62:9a:bb:10:8c:ff:34:48:70:66:b7:6d:72:c3:69:f9:39:
4b:68:39:56:bd:a1:b3:6d:f4:77:f3:46:5b:5c:19:ac:4f:b3:
74:6b:8c:c5:f1:89:cc:93:fe:0c:01:6f:88:17:dc:42:71:60:
e3:ed:73:30:42:9c:a9:2f:3b:a2:78:8e:c8:6f:ba:d1:13:0c:
d0:c7:5e:8c:10:fb:01:2e:37:9b:db:ac:f7:a1:ac:ba:7f:f8:
92:e7:cb:41:44:c8:15:f9:f3:c4:bb:ad:51:5f:be:de:c7:ac:
86:07:9f:40:ec:b9:0b:f6:b2:8b:cc:b5:55:33:66:ba:33:c2:
c4:f0:a2:e9最終更新日