openssl的x509命令簡單入門
openssl是一個強大的開源工具包,它能夠完成完成各種和ssl有關的操作。
命令說明
openssl -help
會得到如下的提示:
openssl:Error: '-help' is an invalid command.
Standard commands
asn1parse ca ciphers cms
crl crl2pkcs7 dgst dh
dhparam dsa dsaparam ec
ecparam enc engine errstr
gendh gendsa genpkey genrsa
nseq ocsp passwd pkcs12
pkcs7 pkcs8 pkey pkeyparam
pkeyutl prime rand req
rsa rsautl s_client s_server
s_time sess_id smime speed
spkac srp ts verify
version x509
Message Digest commands (see the `dgst' command for more details)
md4 md5 mdc2 rmd160
sha sha1
Cipher commands (see the `enc' command for more details)
aes-128-cbc aes-128-ecb aes-192-cbc aes-192-ecb
aes-256-cbc aes-256-ecb base64 bf
bf-cbc bf-cfb bf-ecb bf-ofb
camellia-128-cbc camellia-128-ecb camellia-192-cbc camellia-192-ecb
camellia-256-cbc camellia-256-ecb cast cast-cbc
cast5-cbc cast5-cfb cast5-ecb cast5-ofb
des des-cbc des-cfb des-ecb
des-ede des-ede-cbc des-ede-cfb des-ede-ofb
des-ede3 des-ede3-cbc des-ede3-cfb des-ede3-ofb
des-ofb des3 desx idea
idea-cbc idea-cfb idea-ecb idea-ofb
rc2 rc2-40-cbc rc2-64-cbc rc2-cbc
rc2-cfb rc2-ecb rc2-ofb rc4
rc4-40 seed seed-cbc seed-cfb
seed-ecb seed-ofb zlib
通過上面的參數可以發現openssl爲爲我們提供了大量的參數,每一個參數下面又有其對應的子參數,今天,我就熟悉一下x509參數。
通過openssl x509 -help
參數可以得到x509下面的所有子參數。x509的子參數非常多。大概有50多條。
-inform arg - input format - default PEM (one of DER, NET or PEM)
-outform arg - output format - default PEM (one of DER, NET or PEM)
-keyform arg - private key format - default PEM
-CAform arg - CA format - default PEM
-CAkeyform arg - CA key format - default PEM
-in arg - input file - default stdin
-out arg - output file - default stdout
-passin arg - private key password source
-serial - print serial number value
-subject_hash - print subject hash value
-subject_hash_old - print old-style (MD5) subject hash value
-issuer_hash - print issuer hash value
-issuer_hash_old - print old-style (MD5) issuer hash value
-hash - synonym for -subject_hash
-subject - print subject DN
-issuer - print issuer DN
-email - print email address(es)
-startdate - notBefore field
-enddate - notAfter field
-purpose - print out certificate purposes
-dates - both Before and After dates
-modulus - print the RSA key modulus
-pubkey - output the public key
-fingerprint - print the certificate fingerprint
-alias - output certificate alias
-noout - no certificate output
-ocspid - print OCSP hash values for the subject name and public key
-ocsp_uri - print OCSP Responder URL(s)
-trustout - output a "trusted" certificate
-clrtrust - clear all trusted purposes
-clrreject - clear all rejected purposes
-addtrust arg - trust certificate for a given purpose
-addreject arg - reject certificate for a given purpose
-setalias arg - set certificate alias
-days arg - How long till expiry of a signed certificate - def 30 days
-checkend arg - check whether the cert expires in the next arg seconds
exit 1 if so, 0 if not
-signkey arg - self sign cert with arg
-x509toreq - output a certification request object
-req - input is a certificate request, sign and output.
-CA arg - set the CA certificate, must be PEM format.
-CAkey arg - set the CA key, must be PEM format
missing, it is assumed to be in the CA file.
-CAcreateserial - create serial number file if it does not exist
-CAserial arg - serial file
-set_serial - serial number to use
-text - print the certificate in text form
-C - print out C code forms
-md2/-md5/-sha1/-mdc2 - digest to use
-extfile - configuration file with X509V3 extensions to add
-extensions - section from config file with X509V3 extensions to add
-clrext - delete extensions before signing and input certificate
-nameopt arg - various certificate name options
-engine e - use engine e, possibly a hardware device.
-certopt arg - various certificate text options
-checkhost host - check certificate matches "host"
-checkemail email - check certificate matches "email"
-checkip ipaddr - check certificate matches "ipaddr"
inform和outform命令後面可選的參數有三個:PEM、DER、PEM。默認是PEM。用於控制輸入和輸出的文件類型。
keyform:用於設置私鑰的格式,默認格式是PEM。
CAform:用於設置CA的格式,默認格式是PEM。
CAkeyform:用於設置CA的公鑰的格式,默認格式是PEM。
in:指定輸入文件,默認是標準輸入。
out:指定輸出文件,默認是標準輸出。
passin:指定私鑰密碼的來源。
seria:顯示序列號。
subject_hash:顯示項目的hash值。
subject_hash_old:用md5方式顯示項目的hash值
issuer_hash:顯示簽發者的hash
issuer_hash_old:使用md5方式顯示項目的hash值
hash:和subject_hash命令一樣
subject:打印項目的DN
issuer:打印簽發者的DN
email:打印email地址
startdate:打印開始日期
enddate:打印結束日期
purpose:打印證書的用途
dates:打印開始日期和結束日期
modulus:打印RSA的係數
public:輸出公鑰
fingerprint:輸出證書的指紋
alias:輸出證書的別名
noout:沒證書輸出
ocspid:輸出OCSP的項目名和公鑰的hash值
ocsp_uri:輸出OCSP響應者的URL
trustout :輸出一個受信的證書
clrtrust:清除所有受信的目的
clrreject:清除所有拒絕的目的
addtrust:爲一個給定的目的信任證書
addreject:爲一個給定的目的拒絕證書
setalias:設置證書的別名
days: 設置證書的有效期時間,默認30天
checkend:檢測證書是否在arg秒後過期
signkey:用arg自簽名證書
x509toreq:輸出一個證書請求
req:輸入是一個證書請求,簽名和輸出
CA:設置CA證書,必須是PEM格式的
CAkey:設置CA的key,必須是PEM格式
CAcreateserial:如果序列號不存在時創建序列號
CAserial:連續文件
set_serial:使用序列號
text:以文本格式輸出證書
C:輸出C 代碼格式
md2/md5/sha1/mdc2:摘要
extfile:使用X509V3擴展的配置文件
extensions:使用X509V3擴展的配置文件的部分
clrext:在簽名和輸入證書之前刪除擴展
nameopt :多樣的證書名稱選擇
engine:使用引擎,可能是一個硬件設備
certopt:多樣的證書文本選擇
checkhost:通過host驗證證書
checkmail:通過email驗證證書
checkip:通過ip驗證證書
上面這麼多很多事對英文的翻譯,可能有些部分翻譯不準確。
下面是對這些參數的一些使用例子。
參數使用
我準備了一張百度的證書:
-----BEGIN CERTIFICATE-----
MIIGLjCCBRagAwIBAgIQdimqIPqKjnYkohk29K0aqjANBgkqhkiG9w0BAQUFADCB
vDELMAkGA1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMR8wHQYDVQQL
ExZWZXJpU2lnbiBUcnVzdCBOZXR3b3JrMTswOQYDVQQLEzJUZXJtcyBvZiB1c2Ug
YXQgaHR0cHM6Ly93d3cudmVyaXNpZ24uY29tL3JwYSAoYykxMDE2MDQGA1UEAxMt
VmVyaVNpZ24gQ2xhc3MgMyBJbnRlcm5hdGlvbmFsIFNlcnZlciBDQSAtIEczMB4X
DTE1MDkxNzAwMDAwMFoXDTE2MDgzMTIzNTk1OVowgagxCzAJBgNVBAYTAkNOMRAw
DgYDVQQIEwdCZWlqaW5nMRAwDgYDVQQHFAdCZWlqaW5nMTowOAYDVQQKFDFCZWlq
aW5nIEJhaWR1IE5ldGNvbSBTY2llbmNlIFRlY2hub2xvZ3kgQ28uLCBMdGQuMSUw
IwYDVQQLFBxzZXJ2aWNlIG9wZXJhdGlvbiBkZXBhcnRtZW50MRIwEAYDVQQDFAli
YWlkdS5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCocs/rdlG7
AR4WURwOZFsmWfVbgiAWPnd4YsDi9lMeCS1itCcHOl2bmjwEL2kLHmSZpvDm2GyC
fgoAcsGMJ57ysmtsBmVQoLMNKvrf+6z0MmGsp1k7LIIYwPvXAA7YCH5THt+wpOvu
MCgn68XdgsUgcy5eQFHt5idy6sAkml3C+BuwYSW+Xi+7HBHWoNHwMAfFKEpaTCQj
skBodDvtk9eHEibEAQ8KCWh0HF0YqbJr106y7DYLkrjGtp7KTlm9JnnSleFpLehK
rCxE0cYzq35v2Spy4Dtky6sb0wXbxnaK7msUKu9ZSCo9C5PdbnIuo+vQO4kNipJV
3QKJxJMuz86vAgMBAAGjggI8MIICODCB5gYDVR0RBIHeMIHbggsqLmJhaWR1LmNv
bYILKi5udW9taS5jb22CDCouaGFvMTIzLmNvbYIOKi5iZHN0YXRpYy5jb22CEHd3
dy5iYWlkdS5jb20uY26CDHd3dy5iYWlkdS5jboISc2FwaS5tYXAuYmFpZHUuY29t
ghFsb2MubWFwLmJhaWR1LmNvbYIQbG9nLmhtLmJhaWR1LmNvbYIJYmFpZHUuY29t
ghFhcGkubWFwLmJhaWR1LmNvbYIVY29uc29sZS5iY2UuYmFpZHUuY29tghNsb2dp
bi5iY2UuYmFpZHUuY29tMAkGA1UdEwQCMAAwDgYDVR0PAQH/BAQDAgWgMCgGA1Ud
JQQhMB8GCCsGAQUFBwMBBggrBgEFBQcDAgYJYIZIAYb4QgQBMGEGA1UdIARaMFgw
VgYGZ4EMAQICMEwwIwYIKwYBBQUHAgEWF2h0dHBzOi8vZC5zeW1jYi5jb20vY3Bz
MCUGCCsGAQUFBwICMBkaF2h0dHBzOi8vZC5zeW1jYi5jb20vcnBhMB8GA1UdIwQY
MBaAFNebfNgioBX33a1fzimbWMO8RgC1MCsGA1UdHwQkMCIwIKAeoByGGmh0dHA6
Ly9zZS5zeW1jYi5jb20vc2UuY3JsMFcGCCsGAQUFBwEBBEswSTAfBggrBgEFBQcw
AYYTaHR0cDovL3NlLnN5bWNkLmNvbTAmBggrBgEFBQcwAoYaaHR0cDovL3NlLnN5
bWNiLmNvbS9zZS5jcnQwDQYJKoZIhvcNAQEFBQADggEBACz3im2KDp7SHu8wp//l
b9EOC8dY0zqxRsRTZ0y8RPnKqqbzzQDkXxWWvCrMuevMzqDH1gcEBpQQq2q30dJ7
pzGjdoC801F8OqBtBCxMDI6DwRdCMC/BBxYixBXuK9qfMAvXR11QNnWnYs/aEwUt
OYizq06zmORoOw5DL7FLMprDI4VOvA98Ns6OqLOZTmZfoqIRkD9vu/pgmkUNAUNn
wLDAHEiDzTX2sBH4vCBPjbV1nzYnEpCvr8Fgt+gb2HOVO/mem1tkXubf6S1WtOaP
uav+qkNsfL7jalqLGuBqSxdyLRbYS/GDzaLdMuFEKELF3ROkUai//jDakzbFHnbg
xs0=
-----END CERTIFICATE-----
in
在命令行輸入 openssl x509 -in baidu.pem
,得到的效果如下圖:
顯示的就是證書的PEM格式內容。
noout
在命令行中輸入openssl x509 -in baidu.pem -noout
界面上沒有任何輸出。
serial
在命令行中輸入 openssl x509 -in baidu.pem -noout -serial
,界面上會輸出這張證書的序列號:
subject_hash
在命令行中輸入openssl x509 -in baidu.pem -noout -subject_hash
,界面上會輸出這張證書的主題的hash值:
subject_hash_old
在命令行中輸入openssl x509 -in baidu.pem -noout -subject_hash_old
,界面上會輸出這張證書的主題的md5值:
issuer_hash
在命令行中輸入openssl x509 -in baidu.pem -noout -issuer_hash
,界面上會顯示出這張證書的簽發者的hash值:
issuer_hash_old
在命令行中輸入openssl x509 -in baidu.pem -noout -issuer_hash_old
,界面上會顯示出這張證書的簽發者的md5值:
hash
在命令行中輸入openssl x509 -in baidu.pem -noout -hash
,界面上會出現這張證書的主題的hash值:
我們可以發現使用-hash的結果和使用-subject_hash的結果是一樣的。
subject
在命令行中輸入openssl x509 -in baidu.pem -noout -subject
,界面上會出現這張證書的主題的主題內容:
issuer
在命令行中輸入openssl x509 -in baidu.pem -noout -issuer
,界面上會出現這張證書的簽發者的內容:
在命令行中輸入openssl x509 -in baidu.pem -noout -email
,如果這張證書有填寫email的話會顯示出email信息,如果沒有就不顯示。百度這張證書沒有提供email。因此,並沒有任何顯示
startdate
在命令行中輸入openssl x509 -in baidu.pem -noout -startdate
,界面上會顯示出這張證書起始時間:
enddate
在命令行中輸入openssl x509 -in baidu.pem -noout -enddate
,界面上會顯示出這張證書的結束時間:
purpose
在命令行中輸入openssl x509 -in baidu.pem -noout -purpose
,界面上會出現這張證書的用途:
dates
在命令行中輸入openssl x509 -in baidu.pem -noout -dates
,界面上會顯示證書的有效期:
modulus
在命令行中輸入openssl x509 -in baidu.pem -noout -modulus
,界面會顯示證書的RSA的公共祕鑰:
pubkey
在命令行中輸入openssl x509 -in baidu.pem -noout -pubkey
,界面會顯示證書的公鑰信息:
fingerprint
在命令行中輸入openssl x509 -in baidu.pem -noout -fingerprint
,界面會顯示證書的指紋信息:
alias
在命令行中輸入openssl x509 -in baidu.pem -noout -alias
,界面會顯示出證書的別名,如果沒有別名,則會顯示\
ocspid
在命令行中輸入openssl x509 -in baidu.pem -noout -ocspid
,如果證書中有ocspid的信息,顯示,沒有則不顯示。
ocsp_uri
在命令行中輸入 openssl x509 -in baidu.pem -noout -ocsp_uri
,界面會顯示ocsp的url地址:
test
在命令行中輸入openssl x509 -in baidu.pem -noout -text
,界面會顯示已文本形式的證書信息:
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
76:29:aa:20:fa:8a:8e:76:24:a2:19:36:f4:ad:1a:aa
Signature Algorithm: sha1WithRSAEncryption
Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 International Server CA - G3
Validity
Not Before: Sep 17 00:00:00 2015 GMT
Not After : Aug 31 23:59:59 2016 GMT
Subject: C=CN, ST=Beijing, L=Beijing, O=Beijing Baidu Netcom Science Technology Co., Ltd., OU=service operation department, CN=baidu.com
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (2048 bit)
Modulus:
00:a8:72:cf:eb:76:51:bb:01:1e:16:51:1c:0e:64:
5b:26:59:f5:5b:82:20:16:3e:77:78:62:c0:e2:f6:
53:1e:09:2d:62:b4:27:07:3a:5d:9b:9a:3c:04:2f:
69:0b:1e:64:99:a6:f0:e6:d8:6c:82:7e:0a:00:72:
c1:8c:27:9e:f2:b2:6b:6c:06:65:50:a0:b3:0d:2a:
fa:df:fb:ac:f4:32:61:ac:a7:59:3b:2c:82:18:c0:
fb:d7:00:0e:d8:08:7e:53:1e:df:b0:a4:eb:ee:30:
28:27:eb:c5:dd:82:c5:20:73:2e:5e:40:51:ed:e6:
27:72:ea:c0:24:9a:5d:c2:f8:1b:b0:61:25:be:5e:
2f:bb:1c:11:d6:a0:d1:f0:30:07:c5:28:4a:5a:4c:
24:23:b2:40:68:74:3b:ed:93:d7:87:12:26:c4:01:
0f:0a:09:68:74:1c:5d:18:a9:b2:6b:d7:4e:b2:ec:
36:0b:92:b8:c6:b6:9e:ca:4e:59:bd:26:79:d2:95:
e1:69:2d:e8:4a:ac:2c:44:d1:c6:33:ab:7e:6f:d9:
2a:72:e0:3b:64:cb:ab:1b:d3:05:db:c6:76:8a:ee:
6b:14:2a:ef:59:48:2a:3d:0b:93:dd:6e:72:2e:a3:
eb:d0:3b:89:0d:8a:92:55:dd:02:89:c4:93:2e:cf:
ce:af
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Alternative Name:
DNS:*.baidu.com, DNS:*.nuomi.com, DNS:*.hao123.com, DNS:*.bdstatic.com, DNS:www.baidu.com.cn, DNS:www.baidu.cn, DNS:sapi.map.baidu.com, DNS:loc.map.baidu.com, DNS:log.hm.baidu.com, DNS:baidu.com, DNS:api.map.baidu.com, DNS:console.bce.baidu.com, DNS:login.bce.baidu.com
X509v3 Basic Constraints:
CA:FALSE
X509v3 Key Usage: critical
Digital Signature, Key Encipherment
X509v3 Extended Key Usage:
TLS Web Server Authentication, TLS Web Client Authentication, Netscape Server Gated Crypto
X509v3 Certificate Policies:
Policy: 2.23.140.1.2.2
CPS: https://d.symcb.com/cps
User Notice:
Explicit Text: https://d.symcb.com/rpa
X509v3 Authority Key Identifier:
keyid:D7:9B:7C:D8:22:A0:15:F7:DD:AD:5F:CE:29:9B:58:C3:BC:46:00:B5
X509v3 CRL Distribution Points:
Full Name:
URI:http://se.symcb.com/se.crl
Authority Information Access:
OCSP - URI:http://se.symcd.com
CA Issuers - URI:http://se.symcb.com/se.crt
Signature Algorithm: sha1WithRSAEncryption
2c:f7:8a:6d:8a:0e:9e:d2:1e:ef:30:a7:ff:e5:6f:d1:0e:0b:
c7:58:d3:3a:b1:46:c4:53:67:4c:bc:44:f9:ca:aa:a6:f3:cd:
00:e4:5f:15:96:bc:2a:cc:b9:eb:cc:ce:a0:c7:d6:07:04:06:
94:10:ab:6a:b7:d1:d2:7b:a7:31:a3:76:80:bc:d3:51:7c:3a:
a0:6d:04:2c:4c:0c:8e:83:c1:17:42:30:2f:c1:07:16:22:c4:
15:ee:2b:da:9f:30:0b:d7:47:5d:50:36:75:a7:62:cf:da:13:
05:2d:39:88:b3:ab:4e:b3:98:e4:68:3b:0e:43:2f:b1:4b:32:
9a:c3:23:85:4e:bc:0f:7c:36:ce:8e:a8:b3:99:4e:66:5f:a2:
a2:11:90:3f:6f:bb:fa:60:9a:45:0d:01:43:67:c0:b0:c0:1c:
48:83:cd:35:f6:b0:11:f8:bc:20:4f:8d:b5:75:9f:36:27:12:
90:af:af:c1:60:b7:e8:1b:d8:73:95:3b:f9:9e:9b:5b:64:5e:
e6:df:e9:2d:56:b4:e6:8f:b9:ab:fe:aa:43:6c:7c:be:e3:6a:
5a:8b:1a:e0:6a:4b:17:72:2d:16:d8:4b:f1:83:cd:a2:dd:32:
e1:44:28:42:c5:dd:13:a4:51:a8:bf:fe:30:da:93:36:c5:1e:
76:e0:c6:cd
C
在控制檯中輸入openssl x509 -in baidu.pem -noout -C
,界面上會以C代碼的形式展示出證書的信息:
/* subject:/C=CN/ST=Beijing/L=Beijing/O=Beijing Baidu Netcom Science Technology Co., Ltd./OU=service operation department/CN=baidu.com */
/* issuer :/C=US/O=VeriSign, Inc./OU=VeriSign Trust Network/OU=Terms of use at https://www.verisign.com/rpa (c)10/CN=VeriSign Class 3 International Server CA - G3 */
unsigned char XXX_subject_name[171]={
0x30,0x81,0xA8,0x31,0x0B,0x30,0x09,0x06,0x03,0x55,0x04,0x06,0x13,0x02,0x43,0x4E,
0x31,0x10,0x30,0x0E,0x06,0x03,0x55,0x04,0x08,0x13,0x07,0x42,0x65,0x69,0x6A,0x69,
0x6E,0x67,0x31,0x10,0x30,0x0E,0x06,0x03,0x55,0x04,0x07,0x14,0x07,0x42,0x65,0x69,
0x6A,0x69,0x6E,0x67,0x31,0x3A,0x30,0x38,0x06,0x03,0x55,0x04,0x0A,0x14,0x31,0x42,
0x65,0x69,0x6A,0x69,0x6E,0x67,0x20,0x42,0x61,0x69,0x64,0x75,0x20,0x4E,0x65,0x74,
0x63,0x6F,0x6D,0x20,0x53,0x63,0x69,0x65,0x6E,0x63,0x65,0x20,0x54,0x65,0x63,0x68,
0x6E,0x6F,0x6C,0x6F,0x67,0x79,0x20,0x43,0x6F,0x2E,0x2C,0x20,0x4C,0x74,0x64,0x2E,
0x31,0x25,0x30,0x23,0x06,0x03,0x55,0x04,0x0B,0x14,0x1C,0x73,0x65,0x72,0x76,0x69,
0x63,0x65,0x20,0x6F,0x70,0x65,0x72,0x61,0x74,0x69,0x6F,0x6E,0x20,0x64,0x65,0x70,
0x61,0x72,0x74,0x6D,0x65,0x6E,0x74,0x31,0x12,0x30,0x10,0x06,0x03,0x55,0x04,0x03,
0x14,0x09,0x62,0x61,0x69,0x64,0x75,0x2E,0x63,0x6F,0x6D,
};
unsigned char XXX_public_key[294]={
0x30,0x82,0x01,0x22,0x30,0x0D,0x06,0x09,0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x01,
0x01,0x05,0x00,0x03,0x82,0x01,0x0F,0x00,0x30,0x82,0x01,0x0A,0x02,0x82,0x01,0x01,
0x00,0xA8,0x72,0xCF,0xEB,0x76,0x51,0xBB,0x01,0x1E,0x16,0x51,0x1C,0x0E,0x64,0x5B,
0x26,0x59,0xF5,0x5B,0x82,0x20,0x16,0x3E,0x77,0x78,0x62,0xC0,0xE2,0xF6,0x53,0x1E,
0x09,0x2D,0x62,0xB4,0x27,0x07,0x3A,0x5D,0x9B,0x9A,0x3C,0x04,0x2F,0x69,0x0B,0x1E,
0x64,0x99,0xA6,0xF0,0xE6,0xD8,0x6C,0x82,0x7E,0x0A,0x00,0x72,0xC1,0x8C,0x27,0x9E,
0xF2,0xB2,0x6B,0x6C,0x06,0x65,0x50,0xA0,0xB3,0x0D,0x2A,0xFA,0xDF,0xFB,0xAC,0xF4,
0x32,0x61,0xAC,0xA7,0x59,0x3B,0x2C,0x82,0x18,0xC0,0xFB,0xD7,0x00,0x0E,0xD8,0x08,
0x7E,0x53,0x1E,0xDF,0xB0,0xA4,0xEB,0xEE,0x30,0x28,0x27,0xEB,0xC5,0xDD,0x82,0xC5,
0x20,0x73,0x2E,0x5E,0x40,0x51,0xED,0xE6,0x27,0x72,0xEA,0xC0,0x24,0x9A,0x5D,0xC2,
0xF8,0x1B,0xB0,0x61,0x25,0xBE,0x5E,0x2F,0xBB,0x1C,0x11,0xD6,0xA0,0xD1,0xF0,0x30,
0x07,0xC5,0x28,0x4A,0x5A,0x4C,0x24,0x23,0xB2,0x40,0x68,0x74,0x3B,0xED,0x93,0xD7,
0x87,0x12,0x26,0xC4,0x01,0x0F,0x0A,0x09,0x68,0x74,0x1C,0x5D,0x18,0xA9,0xB2,0x6B,
0xD7,0x4E,0xB2,0xEC,0x36,0x0B,0x92,0xB8,0xC6,0xB6,0x9E,0xCA,0x4E,0x59,0xBD,0x26,
0x79,0xD2,0x95,0xE1,0x69,0x2D,0xE8,0x4A,0xAC,0x2C,0x44,0xD1,0xC6,0x33,0xAB,0x7E,
0x6F,0xD9,0x2A,0x72,0xE0,0x3B,0x64,0xCB,0xAB,0x1B,0xD3,0x05,0xDB,0xC6,0x76,0x8A,
0xEE,0x6B,0x14,0x2A,0xEF,0x59,0x48,0x2A,0x3D,0x0B,0x93,0xDD,0x6E,0x72,0x2E,0xA3,
0xEB,0xD0,0x3B,0x89,0x0D,0x8A,0x92,0x55,0xDD,0x02,0x89,0xC4,0x93,0x2E,0xCF,0xCE,
0xAF,0x02,0x03,0x01,0x00,0x01,
};
unsigned char XXX_certificate[1586]={
0x30,0x82,0x06,0x2E,0x30,0x82,0x05,0x16,0xA0,0x03,0x02,0x01,0x02,0x02,0x10,0x76,
0x29,0xAA,0x20,0xFA,0x8A,0x8E,0x76,0x24,0xA2,0x19,0x36,0xF4,0xAD,0x1A,0xAA,0x30,
0x0D,0x06,0x09,0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x01,0x05,0x05,0x00,0x30,0x81,
0xBC,0x31,0x0B,0x30,0x09,0x06,0x03,0x55,0x04,0x06,0x13,0x02,0x55,0x53,0x31,0x17,
0x30,0x15,0x06,0x03,0x55,0x04,0x0A,0x13,0x0E,0x56,0x65,0x72,0x69,0x53,0x69,0x67,
0x6E,0x2C,0x20,0x49,0x6E,0x63,0x2E,0x31,0x1F,0x30,0x1D,0x06,0x03,0x55,0x04,0x0B,
0x13,0x16,0x56,0x65,0x72,0x69,0x53,0x69,0x67,0x6E,0x20,0x54,0x72,0x75,0x73,0x74,
0x20,0x4E,0x65,0x74,0x77,0x6F,0x72,0x6B,0x31,0x3B,0x30,0x39,0x06,0x03,0x55,0x04,
0x0B,0x13,0x32,0x54,0x65,0x72,0x6D,0x73,0x20,0x6F,0x66,0x20,0x75,0x73,0x65,0x20,
0x61,0x74,0x20,0x68,0x74,0x74,0x70,0x73,0x3A,0x2F,0x2F,0x77,0x77,0x77,0x2E,0x76,
0x65,0x72,0x69,0x73,0x69,0x67,0x6E,0x2E,0x63,0x6F,0x6D,0x2F,0x72,0x70,0x61,0x20,
0x28,0x63,0x29,0x31,0x30,0x31,0x36,0x30,0x34,0x06,0x03,0x55,0x04,0x03,0x13,0x2D,
0x56,0x65,0x72,0x69,0x53,0x69,0x67,0x6E,0x20,0x43,0x6C,0x61,0x73,0x73,0x20,0x33,
0x20,0x49,0x6E,0x74,0x65,0x72,0x6E,0x61,0x74,0x69,0x6F,0x6E,0x61,0x6C,0x20,0x53,
0x65,0x72,0x76,0x65,0x72,0x20,0x43,0x41,0x20,0x2D,0x20,0x47,0x33,0x30,0x1E,0x17,
0x0D,0x31,0x35,0x30,0x39,0x31,0x37,0x30,0x30,0x30,0x30,0x30,0x30,0x5A,0x17,0x0D,
0x31,0x36,0x30,0x38,0x33,0x31,0x32,0x33,0x35,0x39,0x35,0x39,0x5A,0x30,0x81,0xA8,
0x31,0x0B,0x30,0x09,0x06,0x03,0x55,0x04,0x06,0x13,0x02,0x43,0x4E,0x31,0x10,0x30,
0x0E,0x06,0x03,0x55,0x04,0x08,0x13,0x07,0x42,0x65,0x69,0x6A,0x69,0x6E,0x67,0x31,
0x10,0x30,0x0E,0x06,0x03,0x55,0x04,0x07,0x14,0x07,0x42,0x65,0x69,0x6A,0x69,0x6E,
0x67,0x31,0x3A,0x30,0x38,0x06,0x03,0x55,0x04,0x0A,0x14,0x31,0x42,0x65,0x69,0x6A,
0x69,0x6E,0x67,0x20,0x42,0x61,0x69,0x64,0x75,0x20,0x4E,0x65,0x74,0x63,0x6F,0x6D,
0x20,0x53,0x63,0x69,0x65,0x6E,0x63,0x65,0x20,0x54,0x65,0x63,0x68,0x6E,0x6F,0x6C,
0x6F,0x67,0x79,0x20,0x43,0x6F,0x2E,0x2C,0x20,0x4C,0x74,0x64,0x2E,0x31,0x25,0x30,
0x23,0x06,0x03,0x55,0x04,0x0B,0x14,0x1C,0x73,0x65,0x72,0x76,0x69,0x63,0x65,0x20,
0x6F,0x70,0x65,0x72,0x61,0x74,0x69,0x6F,0x6E,0x20,0x64,0x65,0x70,0x61,0x72,0x74,
0x6D,0x65,0x6E,0x74,0x31,0x12,0x30,0x10,0x06,0x03,0x55,0x04,0x03,0x14,0x09,0x62,
0x61,0x69,0x64,0x75,0x2E,0x63,0x6F,0x6D,0x30,0x82,0x01,0x22,0x30,0x0D,0x06,0x09,
0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x01,0x01,0x05,0x00,0x03,0x82,0x01,0x0F,0x00,
0x30,0x82,0x01,0x0A,0x02,0x82,0x01,0x01,0x00,0xA8,0x72,0xCF,0xEB,0x76,0x51,0xBB,
0x01,0x1E,0x16,0x51,0x1C,0x0E,0x64,0x5B,0x26,0x59,0xF5,0x5B,0x82,0x20,0x16,0x3E,
0x77,0x78,0x62,0xC0,0xE2,0xF6,0x53,0x1E,0x09,0x2D,0x62,0xB4,0x27,0x07,0x3A,0x5D,
0x9B,0x9A,0x3C,0x04,0x2F,0x69,0x0B,0x1E,0x64,0x99,0xA6,0xF0,0xE6,0xD8,0x6C,0x82,
0x7E,0x0A,0x00,0x72,0xC1,0x8C,0x27,0x9E,0xF2,0xB2,0x6B,0x6C,0x06,0x65,0x50,0xA0,
0xB3,0x0D,0x2A,0xFA,0xDF,0xFB,0xAC,0xF4,0x32,0x61,0xAC,0xA7,0x59,0x3B,0x2C,0x82,
0x18,0xC0,0xFB,0xD7,0x00,0x0E,0xD8,0x08,0x7E,0x53,0x1E,0xDF,0xB0,0xA4,0xEB,0xEE,
0x30,0x28,0x27,0xEB,0xC5,0xDD,0x82,0xC5,0x20,0x73,0x2E,0x5E,0x40,0x51,0xED,0xE6,
0x27,0x72,0xEA,0xC0,0x24,0x9A,0x5D,0xC2,0xF8,0x1B,0xB0,0x61,0x25,0xBE,0x5E,0x2F,
0xBB,0x1C,0x11,0xD6,0xA0,0xD1,0xF0,0x30,0x07,0xC5,0x28,0x4A,0x5A,0x4C,0x24,0x23,
0xB2,0x40,0x68,0x74,0x3B,0xED,0x93,0xD7,0x87,0x12,0x26,0xC4,0x01,0x0F,0x0A,0x09,
0x68,0x74,0x1C,0x5D,0x18,0xA9,0xB2,0x6B,0xD7,0x4E,0xB2,0xEC,0x36,0x0B,0x92,0xB8,
0xC6,0xB6,0x9E,0xCA,0x4E,0x59,0xBD,0x26,0x79,0xD2,0x95,0xE1,0x69,0x2D,0xE8,0x4A,
0xAC,0x2C,0x44,0xD1,0xC6,0x33,0xAB,0x7E,0x6F,0xD9,0x2A,0x72,0xE0,0x3B,0x64,0xCB,
0xAB,0x1B,0xD3,0x05,0xDB,0xC6,0x76,0x8A,0xEE,0x6B,0x14,0x2A,0xEF,0x59,0x48,0x2A,
0x3D,0x0B,0x93,0xDD,0x6E,0x72,0x2E,0xA3,0xEB,0xD0,0x3B,0x89,0x0D,0x8A,0x92,0x55,
0xDD,0x02,0x89,0xC4,0x93,0x2E,0xCF,0xCE,0xAF,0x02,0x03,0x01,0x00,0x01,0xA3,0x82,
0x02,0x3C,0x30,0x82,0x02,0x38,0x30,0x81,0xE6,0x06,0x03,0x55,0x1D,0x11,0x04,0x81,
0xDE,0x30,0x81,0xDB,0x82,0x0B,0x2A,0x2E,0x62,0x61,0x69,0x64,0x75,0x2E,0x63,0x6F,
0x6D,0x82,0x0B,0x2A,0x2E,0x6E,0x75,0x6F,0x6D,0x69,0x2E,0x63,0x6F,0x6D,0x82,0x0C,
0x2A,0x2E,0x68,0x61,0x6F,0x31,0x32,0x33,0x2E,0x63,0x6F,0x6D,0x82,0x0E,0x2A,0x2E,
0x62,0x64,0x73,0x74,0x61,0x74,0x69,0x63,0x2E,0x63,0x6F,0x6D,0x82,0x10,0x77,0x77,
0x77,0x2E,0x62,0x61,0x69,0x64,0x75,0x2E,0x63,0x6F,0x6D,0x2E,0x63,0x6E,0x82,0x0C,
0x77,0x77,0x77,0x2E,0x62,0x61,0x69,0x64,0x75,0x2E,0x63,0x6E,0x82,0x12,0x73,0x61,
0x70,0x69,0x2E,0x6D,0x61,0x70,0x2E,0x62,0x61,0x69,0x64,0x75,0x2E,0x63,0x6F,0x6D,
0x82,0x11,0x6C,0x6F,0x63,0x2E,0x6D,0x61,0x70,0x2E,0x62,0x61,0x69,0x64,0x75,0x2E,
0x63,0x6F,0x6D,0x82,0x10,0x6C,0x6F,0x67,0x2E,0x68,0x6D,0x2E,0x62,0x61,0x69,0x64,
0x75,0x2E,0x63,0x6F,0x6D,0x82,0x09,0x62,0x61,0x69,0x64,0x75,0x2E,0x63,0x6F,0x6D,
0x82,0x11,0x61,0x70,0x69,0x2E,0x6D,0x61,0x70,0x2E,0x62,0x61,0x69,0x64,0x75,0x2E,
0x63,0x6F,0x6D,0x82,0x15,0x63,0x6F,0x6E,0x73,0x6F,0x6C,0x65,0x2E,0x62,0x63,0x65,
0x2E,0x62,0x61,0x69,0x64,0x75,0x2E,0x63,0x6F,0x6D,0x82,0x13,0x6C,0x6F,0x67,0x69,
0x6E,0x2E,0x62,0x63,0x65,0x2E,0x62,0x61,0x69,0x64,0x75,0x2E,0x63,0x6F,0x6D,0x30,
0x09,0x06,0x03,0x55,0x1D,0x13,0x04,0x02,0x30,0x00,0x30,0x0E,0x06,0x03,0x55,0x1D,
0x0F,0x01,0x01,0xFF,0x04,0x04,0x03,0x02,0x05,0xA0,0x30,0x28,0x06,0x03,0x55,0x1D,
0x25,0x04,0x21,0x30,0x1F,0x06,0x08,0x2B,0x06,0x01,0x05,0x05,0x07,0x03,0x01,0x06,
0x08,0x2B,0x06,0x01,0x05,0x05,0x07,0x03,0x02,0x06,0x09,0x60,0x86,0x48,0x01,0x86,
0xF8,0x42,0x04,0x01,0x30,0x61,0x06,0x03,0x55,0x1D,0x20,0x04,0x5A,0x30,0x58,0x30,
0x56,0x06,0x06,0x67,0x81,0x0C,0x01,0x02,0x02,0x30,0x4C,0x30,0x23,0x06,0x08,0x2B,
0x06,0x01,0x05,0x05,0x07,0x02,0x01,0x16,0x17,0x68,0x74,0x74,0x70,0x73,0x3A,0x2F,
0x2F,0x64,0x2E,0x73,0x79,0x6D,0x63,0x62,0x2E,0x63,0x6F,0x6D,0x2F,0x63,0x70,0x73,
0x30,0x25,0x06,0x08,0x2B,0x06,0x01,0x05,0x05,0x07,0x02,0x02,0x30,0x19,0x1A,0x17,
0x68,0x74,0x74,0x70,0x73,0x3A,0x2F,0x2F,0x64,0x2E,0x73,0x79,0x6D,0x63,0x62,0x2E,
0x63,0x6F,0x6D,0x2F,0x72,0x70,0x61,0x30,0x1F,0x06,0x03,0x55,0x1D,0x23,0x04,0x18,
0x30,0x16,0x80,0x14,0xD7,0x9B,0x7C,0xD8,0x22,0xA0,0x15,0xF7,0xDD,0xAD,0x5F,0xCE,
0x29,0x9B,0x58,0xC3,0xBC,0x46,0x00,0xB5,0x30,0x2B,0x06,0x03,0x55,0x1D,0x1F,0x04,
0x24,0x30,0x22,0x30,0x20,0xA0,0x1E,0xA0,0x1C,0x86,0x1A,0x68,0x74,0x74,0x70,0x3A,
0x2F,0x2F,0x73,0x65,0x2E,0x73,0x79,0x6D,0x63,0x62,0x2E,0x63,0x6F,0x6D,0x2F,0x73,
0x65,0x2E,0x63,0x72,0x6C,0x30,0x57,0x06,0x08,0x2B,0x06,0x01,0x05,0x05,0x07,0x01,
0x01,0x04,0x4B,0x30,0x49,0x30,0x1F,0x06,0x08,0x2B,0x06,0x01,0x05,0x05,0x07,0x30,
0x01,0x86,0x13,0x68,0x74,0x74,0x70,0x3A,0x2F,0x2F,0x73,0x65,0x2E,0x73,0x79,0x6D,
0x63,0x64,0x2E,0x63,0x6F,0x6D,0x30,0x26,0x06,0x08,0x2B,0x06,0x01,0x05,0x05,0x07,
0x30,0x02,0x86,0x1A,0x68,0x74,0x74,0x70,0x3A,0x2F,0x2F,0x73,0x65,0x2E,0x73,0x79,
0x6D,0x63,0x62,0x2E,0x63,0x6F,0x6D,0x2F,0x73,0x65,0x2E,0x63,0x72,0x74,0x30,0x0D,
0x06,0x09,0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x01,0x05,0x05,0x00,0x03,0x82,0x01,
0x01,0x00,0x2C,0xF7,0x8A,0x6D,0x8A,0x0E,0x9E,0xD2,0x1E,0xEF,0x30,0xA7,0xFF,0xE5,
0x6F,0xD1,0x0E,0x0B,0xC7,0x58,0xD3,0x3A,0xB1,0x46,0xC4,0x53,0x67,0x4C,0xBC,0x44,
0xF9,0xCA,0xAA,0xA6,0xF3,0xCD,0x00,0xE4,0x5F,0x15,0x96,0xBC,0x2A,0xCC,0xB9,0xEB,
0xCC,0xCE,0xA0,0xC7,0xD6,0x07,0x04,0x06,0x94,0x10,0xAB,0x6A,0xB7,0xD1,0xD2,0x7B,
0xA7,0x31,0xA3,0x76,0x80,0xBC,0xD3,0x51,0x7C,0x3A,0xA0,0x6D,0x04,0x2C,0x4C,0x0C,
0x8E,0x83,0xC1,0x17,0x42,0x30,0x2F,0xC1,0x07,0x16,0x22,0xC4,0x15,0xEE,0x2B,0xDA,
0x9F,0x30,0x0B,0xD7,0x47,0x5D,0x50,0x36,0x75,0xA7,0x62,0xCF,0xDA,0x13,0x05,0x2D,
0x39,0x88,0xB3,0xAB,0x4E,0xB3,0x98,0xE4,0x68,0x3B,0x0E,0x43,0x2F,0xB1,0x4B,0x32,
0x9A,0xC3,0x23,0x85,0x4E,0xBC,0x0F,0x7C,0x36,0xCE,0x8E,0xA8,0xB3,0x99,0x4E,0x66,
0x5F,0xA2,0xA2,0x11,0x90,0x3F,0x6F,0xBB,0xFA,0x60,0x9A,0x45,0x0D,0x01,0x43,0x67,
0xC0,0xB0,0xC0,0x1C,0x48,0x83,0xCD,0x35,0xF6,0xB0,0x11,0xF8,0xBC,0x20,0x4F,0x8D,
0xB5,0x75,0x9F,0x36,0x27,0x12,0x90,0xAF,0xAF,0xC1,0x60,0xB7,0xE8,0x1B,0xD8,0x73,
0x95,0x3B,0xF9,0x9E,0x9B,0x5B,0x64,0x5E,0xE6,0xDF,0xE9,0x2D,0x56,0xB4,0xE6,0x8F,
0xB9,0xAB,0xFE,0xAA,0x43,0x6C,0x7C,0xBE,0xE3,0x6A,0x5A,0x8B,0x1A,0xE0,0x6A,0x4B,
0x17,0x72,0x2D,0x16,0xD8,0x4B,0xF1,0x83,0xCD,0xA2,0xDD,0x32,0xE1,0x44,0x28,0x42,
0xC5,0xDD,0x13,0xA4,0x51,0xA8,0xBF,0xFE,0x30,0xDA,0x93,0x36,0xC5,0x1E,0x76,0xE0,
0xC6,0xCD,
};
checkXXX
checkhost 驗證域名是否在證書信息中,checkemail驗證email是否在證書信息中,checkup 驗證輸入的ip是否在證書的ip域中。
還有很多的命令沒有了解,比如req這些,這些命令好像和生成證書有關。下次再瞭解說明。