openssl是一个强大的开源工具包,它能够完成完成各种和ssl有关的操作。
openssl -help 会得到如下的提示:
openssl:Error: '-help' is an invalid command.
Standard commands
asn1parse ca ciphers cms
crl crl2pkcs7 dgst dh
dhparam dsa dsaparam ec
ecparam enc engine errstr
gendh gendsa genpkey genrsa
nseq ocsp passwd pkcs12
pkcs7 pkcs8 pkey pkeyparam
pkeyutl prime rand req
rsa rsautl s_client s_server
s_time sess_id smime speed
spkac srp ts verify
version x509
Message Digest commands (see the `dgst' command for more details)
md4 md5 mdc2 rmd160
sha sha1
Cipher commands (see the `enc' command for more details)
aes-128-cbc aes-128-ecb aes-192-cbc aes-192-ecb
aes-256-cbc aes-256-ecb base64 bf
bf-cbc bf-cfb bf-ecb bf-ofb
camellia-128-cbc camellia-128-ecb camellia-192-cbc camellia-192-ecb
camellia-256-cbc camellia-256-ecb cast cast-cbc
cast5-cbc cast5-cfb cast5-ecb cast5-ofb
des des-cbc des-cfb des-ecb
des-ede des-ede-cbc des-ede-cfb des-ede-ofb
des-ede3 des-ede3-cbc des-ede3-cfb des-ede3-ofb
des-ofb des3 desx idea
idea-cbc idea-cfb idea-ecb idea-ofb
rc2 rc2-40-cbc rc2-64-cbc rc2-cbc
rc2-cfb rc2-ecb rc2-ofb rc4
rc4-40 seed seed-cbc seed-cfb
seed-ecb seed-ofb zlib 通过上面的参数可以发现openssl为为我们提供了大量的参数,每一个参数下面又有其对应的子参数,今天,我就熟悉一下x509参数。
通过openssl x509 -help参数可以得到x509下面的所有子参数。x509的子参数非常多。大概有50多条。
-inform arg - input format - default PEM (one of DER, NET or PEM)
-outform arg - output format - default PEM (one of DER, NET or PEM)
-keyform arg - private key format - default PEM
-CAform arg - CA format - default PEM
-CAkeyform arg - CA key format - default PEM
-in arg - input file - default stdin
-out arg - output file - default stdout
-passin arg - private key password source
-serial - print serial number value
-subject_hash - print subject hash value
-subject_hash_old - print old-style (MD5) subject hash value
-issuer_hash - print issuer hash value
-issuer_hash_old - print old-style (MD5) issuer hash value
-hash - synonym for -subject_hash
-subject - print subject DN
-issuer - print issuer DN
-email - print email address(es)
-startdate - notBefore field
-enddate - notAfter field
-purpose - print out certificate purposes
-dates - both Before and After dates
-modulus - print the RSA key modulus
-pubkey - output the public key
-fingerprint - print the certificate fingerprint
-alias - output certificate alias
-noout - no certificate output
-ocspid - print OCSP hash values for the subject name and public key
-ocsp_uri - print OCSP Responder URL(s)
-trustout - output a "trusted" certificate
-clrtrust - clear all trusted purposes
-clrreject - clear all rejected purposes
-addtrust arg - trust certificate for a given purpose
-addreject arg - reject certificate for a given purpose
-setalias arg - set certificate alias
-days arg - How long till expiry of a signed certificate - def 30 days
-checkend arg - check whether the cert expires in the next arg seconds
exit 1 if so, 0 if not
-signkey arg - self sign cert with arg
-x509toreq - output a certification request object
-req - input is a certificate request, sign and output.
-CA arg - set the CA certificate, must be PEM format.
-CAkey arg - set the CA key, must be PEM format
missing, it is assumed to be in the CA file.
-CAcreateserial - create serial number file if it does not exist
-CAserial arg - serial file
-set_serial - serial number to use
-text - print the certificate in text form
-C - print out C code forms
-md2/-md5/-sha1/-mdc2 - digest to use
-extfile - configuration file with X509V3 extensions to add
-extensions - section from config file with X509V3 extensions to add
-clrext - delete extensions before signing and input certificate
-nameopt arg - various certificate name options
-engine e - use engine e, possibly a hardware device.
-certopt arg - various certificate text options
-checkhost host - check certificate matches "host"
-checkemail email - check certificate matches "email"
-checkip ipaddr - check certificate matches "ipaddr"inform和outform命令后面可选的参数有三个:PEM、DER、PEM。默认是PEM。用于控制输入和输出的文件类型。
keyform:用于设置私钥的格式,默认格式是PEM。
CAform:用于设置CA的格式,默认格式是PEM。
CAkeyform:用于设置CA的公钥的格式,默认格式是PEM。
in:指定输入文件,默认是标准输入。
out:指定输出文件,默认是标准输出。
passin:指定私钥密码的来源。
seria:显示序列号。
subject_hash:显示项目的hash值。
subject_hash_old:用md5方式显示项目的hash值
issuer_hash:显示签发者的hash
issuer_hash_old:使用md5方式显示项目的hash值
hash:和subject_hash命令一样
subject:打印项目的DN
issuer:打印签发者的DN
email:打印email地址
startdate:打印开始日期
enddate:打印结束日期
purpose:打印证书的用途
dates:打印开始日期和结束日期
modulus:打印RSA的系数
public:输出公钥
fingerprint:输出证书的指纹
alias:输出证书的别名
noout:没证书输出
ocspid:输出OCSP的项目名和公钥的hash值
ocsp_uri:输出OCSP响应者的URL
trustout :输出一个受信的证书
clrtrust:清除所有受信的目的
clrreject:清除所有拒绝的目的
addtrust:为一个给定的目的信任证书
addreject:为一个给定的目的拒绝证书
setalias:设置证书的别名
days: 设置证书的有效期时间,默认30天
checkend:检测证书是否在arg秒后过期
signkey:用arg自签名证书
x509toreq:输出一个证书请求
req:输入是一个证书请求,签名和输出
CA:设置CA证书,必须是PEM格式的
CAkey:设置CA的key,必须是PEM格式
CAcreateserial:如果序列号不存在时创建序列号
CAserial:连续文件
set_serial:使用序列号
text:以文本格式输出证书
C:输出C 代码格式
md2/md5/sha1/mdc2:摘要
extfile:使用X509V3扩展的配置文件
extensions:使用X509V3扩展的配置文件的部分
clrext:在签名和输入证书之前删除扩展
nameopt :多样的证书名称选择
engine:使用引擎,可能是一个硬件设备
certopt:多样的证书文本选择
checkhost:通过host验证证书
checkmail:通过email验证证书
checkip:通过ip验证证书
上面这么多很多事对英文的翻译,可能有些部分翻译不准确。
下面是对这些参数的一些使用例子。
我准备了一张百度的证书:
-----BEGIN CERTIFICATE-----
MIIGLjCCBRagAwIBAgIQdimqIPqKjnYkohk29K0aqjANBgkqhkiG9w0BAQUFADCB
vDELMAkGA1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMR8wHQYDVQQL
ExZWZXJpU2lnbiBUcnVzdCBOZXR3b3JrMTswOQYDVQQLEzJUZXJtcyBvZiB1c2Ug
YXQgaHR0cHM6Ly93d3cudmVyaXNpZ24uY29tL3JwYSAoYykxMDE2MDQGA1UEAxMt
VmVyaVNpZ24gQ2xhc3MgMyBJbnRlcm5hdGlvbmFsIFNlcnZlciBDQSAtIEczMB4X
DTE1MDkxNzAwMDAwMFoXDTE2MDgzMTIzNTk1OVowgagxCzAJBgNVBAYTAkNOMRAw
DgYDVQQIEwdCZWlqaW5nMRAwDgYDVQQHFAdCZWlqaW5nMTowOAYDVQQKFDFCZWlq
aW5nIEJhaWR1IE5ldGNvbSBTY2llbmNlIFRlY2hub2xvZ3kgQ28uLCBMdGQuMSUw
IwYDVQQLFBxzZXJ2aWNlIG9wZXJhdGlvbiBkZXBhcnRtZW50MRIwEAYDVQQDFAli
YWlkdS5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCocs/rdlG7
AR4WURwOZFsmWfVbgiAWPnd4YsDi9lMeCS1itCcHOl2bmjwEL2kLHmSZpvDm2GyC
fgoAcsGMJ57ysmtsBmVQoLMNKvrf+6z0MmGsp1k7LIIYwPvXAA7YCH5THt+wpOvu
MCgn68XdgsUgcy5eQFHt5idy6sAkml3C+BuwYSW+Xi+7HBHWoNHwMAfFKEpaTCQj
skBodDvtk9eHEibEAQ8KCWh0HF0YqbJr106y7DYLkrjGtp7KTlm9JnnSleFpLehK
rCxE0cYzq35v2Spy4Dtky6sb0wXbxnaK7msUKu9ZSCo9C5PdbnIuo+vQO4kNipJV
3QKJxJMuz86vAgMBAAGjggI8MIICODCB5gYDVR0RBIHeMIHbggsqLmJhaWR1LmNv
bYILKi5udW9taS5jb22CDCouaGFvMTIzLmNvbYIOKi5iZHN0YXRpYy5jb22CEHd3
dy5iYWlkdS5jb20uY26CDHd3dy5iYWlkdS5jboISc2FwaS5tYXAuYmFpZHUuY29t
ghFsb2MubWFwLmJhaWR1LmNvbYIQbG9nLmhtLmJhaWR1LmNvbYIJYmFpZHUuY29t
ghFhcGkubWFwLmJhaWR1LmNvbYIVY29uc29sZS5iY2UuYmFpZHUuY29tghNsb2dp
bi5iY2UuYmFpZHUuY29tMAkGA1UdEwQCMAAwDgYDVR0PAQH/BAQDAgWgMCgGA1Ud
JQQhMB8GCCsGAQUFBwMBBggrBgEFBQcDAgYJYIZIAYb4QgQBMGEGA1UdIARaMFgw
VgYGZ4EMAQICMEwwIwYIKwYBBQUHAgEWF2h0dHBzOi8vZC5zeW1jYi5jb20vY3Bz
MCUGCCsGAQUFBwICMBkaF2h0dHBzOi8vZC5zeW1jYi5jb20vcnBhMB8GA1UdIwQY
MBaAFNebfNgioBX33a1fzimbWMO8RgC1MCsGA1UdHwQkMCIwIKAeoByGGmh0dHA6
Ly9zZS5zeW1jYi5jb20vc2UuY3JsMFcGCCsGAQUFBwEBBEswSTAfBggrBgEFBQcw
AYYTaHR0cDovL3NlLnN5bWNkLmNvbTAmBggrBgEFBQcwAoYaaHR0cDovL3NlLnN5
bWNiLmNvbS9zZS5jcnQwDQYJKoZIhvcNAQEFBQADggEBACz3im2KDp7SHu8wp//l
b9EOC8dY0zqxRsRTZ0y8RPnKqqbzzQDkXxWWvCrMuevMzqDH1gcEBpQQq2q30dJ7
pzGjdoC801F8OqBtBCxMDI6DwRdCMC/BBxYixBXuK9qfMAvXR11QNnWnYs/aEwUt
OYizq06zmORoOw5DL7FLMprDI4VOvA98Ns6OqLOZTmZfoqIRkD9vu/pgmkUNAUNn
wLDAHEiDzTX2sBH4vCBPjbV1nzYnEpCvr8Fgt+gb2HOVO/mem1tkXubf6S1WtOaP
uav+qkNsfL7jalqLGuBqSxdyLRbYS/GDzaLdMuFEKELF3ROkUai//jDakzbFHnbg
xs0=
-----END CERTIFICATE-----在命令行输入 openssl x509 -in baidu.pem ,得到的效果如下图:
显示的就是证书的PEM格式内容。
在命令行中输入openssl x509 -in baidu.pem -noout 界面上没有任何输出。
在命令行中输入 openssl x509 -in baidu.pem -noout -serial,界面上会输出这张证书的序列号:
在命令行中输入openssl x509 -in baidu.pem -noout -subject_hash,界面上会输出这张证书的主题的hash值:
在命令行中输入openssl x509 -in baidu.pem -noout -subject_hash_old,界面上会输出这张证书的主题的md5值:
在命令行中输入openssl x509 -in baidu.pem -noout -issuer_hash,界面上会显示出这张证书的签发者的hash值:
在命令行中输入openssl x509 -in baidu.pem -noout -issuer_hash_old,界面上会显示出这张证书的签发者的md5值:
在命令行中输入openssl x509 -in baidu.pem -noout -hash,界面上会出现这张证书的主题的hash值:
我们可以发现使用-hash的结果和使用-subject_hash的结果是一样的。
在命令行中输入openssl x509 -in baidu.pem -noout -subject,界面上会出现这张证书的主题的主题内容:
在命令行中输入openssl x509 -in baidu.pem -noout -issuer,界面上会出现这张证书的签发者的内容:
在命令行中输入openssl x509 -in baidu.pem -noout -email,如果这张证书有填写email的话会显示出email信息,如果没有就不显示。百度这张证书没有提供email。因此,并没有任何显示
在命令行中输入openssl x509 -in baidu.pem -noout -startdate,界面上会显示出这张证书起始时间:
在命令行中输入openssl x509 -in baidu.pem -noout -enddate,界面上会显示出这张证书的结束时间:
在命令行中输入openssl x509 -in baidu.pem -noout -purpose,界面上会出现这张证书的用途:
在命令行中输入openssl x509 -in baidu.pem -noout -dates ,界面上会显示证书的有效期:
在命令行中输入openssl x509 -in baidu.pem -noout -modulus,界面会显示证书的RSA的公共秘钥:
在命令行中输入openssl x509 -in baidu.pem -noout -pubkey ,界面会显示证书的公钥信息:
在命令行中输入openssl x509 -in baidu.pem -noout -fingerprint,界面会显示证书的指纹信息:
在命令行中输入openssl x509 -in baidu.pem -noout -alias,界面会显示出证书的别名,如果没有别名,则会显示\
在命令行中输入openssl x509 -in baidu.pem -noout -ocspid,如果证书中有ocspid的信息,显示,没有则不显示。
在命令行中输入 openssl x509 -in baidu.pem -noout -ocsp_uri,界面会显示ocsp的url地址:
在命令行中输入openssl x509 -in baidu.pem -noout -text,界面会显示已文本形式的证书信息:
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
76:29:aa:20:fa:8a:8e:76:24:a2:19:36:f4:ad:1a:aa
Signature Algorithm: sha1WithRSAEncryption
Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 International Server CA - G3
Validity
Not Before: Sep 17 00:00:00 2015 GMT
Not After : Aug 31 23:59:59 2016 GMT
Subject: C=CN, ST=Beijing, L=Beijing, O=Beijing Baidu Netcom Science Technology Co., Ltd., OU=service operation department, CN=baidu.com
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (2048 bit)
Modulus:
00:a8:72:cf:eb:76:51:bb:01:1e:16:51:1c:0e:64:
5b:26:59:f5:5b:82:20:16:3e:77:78:62:c0:e2:f6:
53:1e:09:2d:62:b4:27:07:3a:5d:9b:9a:3c:04:2f:
69:0b:1e:64:99:a6:f0:e6:d8:6c:82:7e:0a:00:72:
c1:8c:27:9e:f2:b2:6b:6c:06:65:50:a0:b3:0d:2a:
fa:df:fb:ac:f4:32:61:ac:a7:59:3b:2c:82:18:c0:
fb:d7:00:0e:d8:08:7e:53:1e:df:b0:a4:eb:ee:30:
28:27:eb:c5:dd:82:c5:20:73:2e:5e:40:51:ed:e6:
27:72:ea:c0:24:9a:5d:c2:f8:1b:b0:61:25:be:5e:
2f:bb:1c:11:d6:a0:d1:f0:30:07:c5:28:4a:5a:4c:
24:23:b2:40:68:74:3b:ed:93:d7:87:12:26:c4:01:
0f:0a:09:68:74:1c:5d:18:a9:b2:6b:d7:4e:b2:ec:
36:0b:92:b8:c6:b6:9e:ca:4e:59:bd:26:79:d2:95:
e1:69:2d:e8:4a:ac:2c:44:d1:c6:33:ab:7e:6f:d9:
2a:72:e0:3b:64:cb:ab:1b:d3:05:db:c6:76:8a:ee:
6b:14:2a:ef:59:48:2a:3d:0b:93:dd:6e:72:2e:a3:
eb:d0:3b:89:0d:8a:92:55:dd:02:89:c4:93:2e:cf:
ce:af
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Alternative Name:
DNS:*.baidu.com, DNS:*.nuomi.com, DNS:*.hao123.com, DNS:*.bdstatic.com, DNS:www.baidu.com.cn, DNS:www.baidu.cn, DNS:sapi.map.baidu.com, DNS:loc.map.baidu.com, DNS:log.hm.baidu.com, DNS:baidu.com, DNS:api.map.baidu.com, DNS:console.bce.baidu.com, DNS:login.bce.baidu.com
X509v3 Basic Constraints:
CA:FALSE
X509v3 Key Usage: critical
Digital Signature, Key Encipherment
X509v3 Extended Key Usage:
TLS Web Server Authentication, TLS Web Client Authentication, Netscape Server Gated Crypto
X509v3 Certificate Policies:
Policy: 2.23.140.1.2.2
CPS: https://d.symcb.com/cps
User Notice:
Explicit Text: https://d.symcb.com/rpa
X509v3 Authority Key Identifier:
keyid:D7:9B:7C:D8:22:A0:15:F7:DD:AD:5F:CE:29:9B:58:C3:BC:46:00:B5
X509v3 CRL Distribution Points:
Full Name:
URI:http://se.symcb.com/se.crl
Authority Information Access:
OCSP - URI:http://se.symcd.com
CA Issuers - URI:http://se.symcb.com/se.crt
Signature Algorithm: sha1WithRSAEncryption
2c:f7:8a:6d:8a:0e:9e:d2:1e:ef:30:a7:ff:e5:6f:d1:0e:0b:
c7:58:d3:3a:b1:46:c4:53:67:4c:bc:44:f9:ca:aa:a6:f3:cd:
00:e4:5f:15:96:bc:2a:cc:b9:eb:cc:ce:a0:c7:d6:07:04:06:
94:10:ab:6a:b7:d1:d2:7b:a7:31:a3:76:80:bc:d3:51:7c:3a:
a0:6d:04:2c:4c:0c:8e:83:c1:17:42:30:2f:c1:07:16:22:c4:
15:ee:2b:da:9f:30:0b:d7:47:5d:50:36:75:a7:62:cf:da:13:
05:2d:39:88:b3:ab:4e:b3:98:e4:68:3b:0e:43:2f:b1:4b:32:
9a:c3:23:85:4e:bc:0f:7c:36:ce:8e:a8:b3:99:4e:66:5f:a2:
a2:11:90:3f:6f:bb:fa:60:9a:45:0d:01:43:67:c0:b0:c0:1c:
48:83:cd:35:f6:b0:11:f8:bc:20:4f:8d:b5:75:9f:36:27:12:
90:af:af:c1:60:b7:e8:1b:d8:73:95:3b:f9:9e:9b:5b:64:5e:
e6:df:e9:2d:56:b4:e6:8f:b9:ab:fe:aa:43:6c:7c:be:e3:6a:
5a:8b:1a:e0:6a:4b:17:72:2d:16:d8:4b:f1:83:cd:a2:dd:32:
e1:44:28:42:c5:dd:13:a4:51:a8:bf:fe:30:da:93:36:c5:1e:
76:e0:c6:cd在控制台中输入openssl x509 -in baidu.pem -noout -C,界面上会以C代码的形式展示出证书的信息:
/* subject:/C=CN/ST=Beijing/L=Beijing/O=Beijing Baidu Netcom Science Technology Co., Ltd./OU=service operation department/CN=baidu.com */
/* issuer :/C=US/O=VeriSign, Inc./OU=VeriSign Trust Network/OU=Terms of use at https://www.verisign.com/rpa (c)10/CN=VeriSign Class 3 International Server CA - G3 */
unsigned char XXX_subject_name[171]={
0x30,0x81,0xA8,0x31,0x0B,0x30,0x09,0x06,0x03,0x55,0x04,0x06,0x13,0x02,0x43,0x4E,
0x31,0x10,0x30,0x0E,0x06,0x03,0x55,0x04,0x08,0x13,0x07,0x42,0x65,0x69,0x6A,0x69,
0x6E,0x67,0x31,0x10,0x30,0x0E,0x06,0x03,0x55,0x04,0x07,0x14,0x07,0x42,0x65,0x69,
0x6A,0x69,0x6E,0x67,0x31,0x3A,0x30,0x38,0x06,0x03,0x55,0x04,0x0A,0x14,0x31,0x42,
0x65,0x69,0x6A,0x69,0x6E,0x67,0x20,0x42,0x61,0x69,0x64,0x75,0x20,0x4E,0x65,0x74,
0x63,0x6F,0x6D,0x20,0x53,0x63,0x69,0x65,0x6E,0x63,0x65,0x20,0x54,0x65,0x63,0x68,
0x6E,0x6F,0x6C,0x6F,0x67,0x79,0x20,0x43,0x6F,0x2E,0x2C,0x20,0x4C,0x74,0x64,0x2E,
0x31,0x25,0x30,0x23,0x06,0x03,0x55,0x04,0x0B,0x14,0x1C,0x73,0x65,0x72,0x76,0x69,
0x63,0x65,0x20,0x6F,0x70,0x65,0x72,0x61,0x74,0x69,0x6F,0x6E,0x20,0x64,0x65,0x70,
0x61,0x72,0x74,0x6D,0x65,0x6E,0x74,0x31,0x12,0x30,0x10,0x06,0x03,0x55,0x04,0x03,
0x14,0x09,0x62,0x61,0x69,0x64,0x75,0x2E,0x63,0x6F,0x6D,
};
unsigned char XXX_public_key[294]={
0x30,0x82,0x01,0x22,0x30,0x0D,0x06,0x09,0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x01,
0x01,0x05,0x00,0x03,0x82,0x01,0x0F,0x00,0x30,0x82,0x01,0x0A,0x02,0x82,0x01,0x01,
0x00,0xA8,0x72,0xCF,0xEB,0x76,0x51,0xBB,0x01,0x1E,0x16,0x51,0x1C,0x0E,0x64,0x5B,
0x26,0x59,0xF5,0x5B,0x82,0x20,0x16,0x3E,0x77,0x78,0x62,0xC0,0xE2,0xF6,0x53,0x1E,
0x09,0x2D,0x62,0xB4,0x27,0x07,0x3A,0x5D,0x9B,0x9A,0x3C,0x04,0x2F,0x69,0x0B,0x1E,
0x64,0x99,0xA6,0xF0,0xE6,0xD8,0x6C,0x82,0x7E,0x0A,0x00,0x72,0xC1,0x8C,0x27,0x9E,
0xF2,0xB2,0x6B,0x6C,0x06,0x65,0x50,0xA0,0xB3,0x0D,0x2A,0xFA,0xDF,0xFB,0xAC,0xF4,
0x32,0x61,0xAC,0xA7,0x59,0x3B,0x2C,0x82,0x18,0xC0,0xFB,0xD7,0x00,0x0E,0xD8,0x08,
0x7E,0x53,0x1E,0xDF,0xB0,0xA4,0xEB,0xEE,0x30,0x28,0x27,0xEB,0xC5,0xDD,0x82,0xC5,
0x20,0x73,0x2E,0x5E,0x40,0x51,0xED,0xE6,0x27,0x72,0xEA,0xC0,0x24,0x9A,0x5D,0xC2,
0xF8,0x1B,0xB0,0x61,0x25,0xBE,0x5E,0x2F,0xBB,0x1C,0x11,0xD6,0xA0,0xD1,0xF0,0x30,
0x07,0xC5,0x28,0x4A,0x5A,0x4C,0x24,0x23,0xB2,0x40,0x68,0x74,0x3B,0xED,0x93,0xD7,
0x87,0x12,0x26,0xC4,0x01,0x0F,0x0A,0x09,0x68,0x74,0x1C,0x5D,0x18,0xA9,0xB2,0x6B,
0xD7,0x4E,0xB2,0xEC,0x36,0x0B,0x92,0xB8,0xC6,0xB6,0x9E,0xCA,0x4E,0x59,0xBD,0x26,
0x79,0xD2,0x95,0xE1,0x69,0x2D,0xE8,0x4A,0xAC,0x2C,0x44,0xD1,0xC6,0x33,0xAB,0x7E,
0x6F,0xD9,0x2A,0x72,0xE0,0x3B,0x64,0xCB,0xAB,0x1B,0xD3,0x05,0xDB,0xC6,0x76,0x8A,
0xEE,0x6B,0x14,0x2A,0xEF,0x59,0x48,0x2A,0x3D,0x0B,0x93,0xDD,0x6E,0x72,0x2E,0xA3,
0xEB,0xD0,0x3B,0x89,0x0D,0x8A,0x92,0x55,0xDD,0x02,0x89,0xC4,0x93,0x2E,0xCF,0xCE,
0xAF,0x02,0x03,0x01,0x00,0x01,
};
unsigned char XXX_certificate[1586]={
0x30,0x82,0x06,0x2E,0x30,0x82,0x05,0x16,0xA0,0x03,0x02,0x01,0x02,0x02,0x10,0x76,
0x29,0xAA,0x20,0xFA,0x8A,0x8E,0x76,0x24,0xA2,0x19,0x36,0xF4,0xAD,0x1A,0xAA,0x30,
0x0D,0x06,0x09,0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x01,0x05,0x05,0x00,0x30,0x81,
0xBC,0x31,0x0B,0x30,0x09,0x06,0x03,0x55,0x04,0x06,0x13,0x02,0x55,0x53,0x31,0x17,
0x30,0x15,0x06,0x03,0x55,0x04,0x0A,0x13,0x0E,0x56,0x65,0x72,0x69,0x53,0x69,0x67,
0x6E,0x2C,0x20,0x49,0x6E,0x63,0x2E,0x31,0x1F,0x30,0x1D,0x06,0x03,0x55,0x04,0x0B,
0x13,0x16,0x56,0x65,0x72,0x69,0x53,0x69,0x67,0x6E,0x20,0x54,0x72,0x75,0x73,0x74,
0x20,0x4E,0x65,0x74,0x77,0x6F,0x72,0x6B,0x31,0x3B,0x30,0x39,0x06,0x03,0x55,0x04,
0x0B,0x13,0x32,0x54,0x65,0x72,0x6D,0x73,0x20,0x6F,0x66,0x20,0x75,0x73,0x65,0x20,
0x61,0x74,0x20,0x68,0x74,0x74,0x70,0x73,0x3A,0x2F,0x2F,0x77,0x77,0x77,0x2E,0x76,
0x65,0x72,0x69,0x73,0x69,0x67,0x6E,0x2E,0x63,0x6F,0x6D,0x2F,0x72,0x70,0x61,0x20,
0x28,0x63,0x29,0x31,0x30,0x31,0x36,0x30,0x34,0x06,0x03,0x55,0x04,0x03,0x13,0x2D,
0x56,0x65,0x72,0x69,0x53,0x69,0x67,0x6E,0x20,0x43,0x6C,0x61,0x73,0x73,0x20,0x33,
0x20,0x49,0x6E,0x74,0x65,0x72,0x6E,0x61,0x74,0x69,0x6F,0x6E,0x61,0x6C,0x20,0x53,
0x65,0x72,0x76,0x65,0x72,0x20,0x43,0x41,0x20,0x2D,0x20,0x47,0x33,0x30,0x1E,0x17,
0x0D,0x31,0x35,0x30,0x39,0x31,0x37,0x30,0x30,0x30,0x30,0x30,0x30,0x5A,0x17,0x0D,
0x31,0x36,0x30,0x38,0x33,0x31,0x32,0x33,0x35,0x39,0x35,0x39,0x5A,0x30,0x81,0xA8,
0x31,0x0B,0x30,0x09,0x06,0x03,0x55,0x04,0x06,0x13,0x02,0x43,0x4E,0x31,0x10,0x30,
0x0E,0x06,0x03,0x55,0x04,0x08,0x13,0x07,0x42,0x65,0x69,0x6A,0x69,0x6E,0x67,0x31,
0x10,0x30,0x0E,0x06,0x03,0x55,0x04,0x07,0x14,0x07,0x42,0x65,0x69,0x6A,0x69,0x6E,
0x67,0x31,0x3A,0x30,0x38,0x06,0x03,0x55,0x04,0x0A,0x14,0x31,0x42,0x65,0x69,0x6A,
0x69,0x6E,0x67,0x20,0x42,0x61,0x69,0x64,0x75,0x20,0x4E,0x65,0x74,0x63,0x6F,0x6D,
0x20,0x53,0x63,0x69,0x65,0x6E,0x63,0x65,0x20,0x54,0x65,0x63,0x68,0x6E,0x6F,0x6C,
0x6F,0x67,0x79,0x20,0x43,0x6F,0x2E,0x2C,0x20,0x4C,0x74,0x64,0x2E,0x31,0x25,0x30,
0x23,0x06,0x03,0x55,0x04,0x0B,0x14,0x1C,0x73,0x65,0x72,0x76,0x69,0x63,0x65,0x20,
0x6F,0x70,0x65,0x72,0x61,0x74,0x69,0x6F,0x6E,0x20,0x64,0x65,0x70,0x61,0x72,0x74,
0x6D,0x65,0x6E,0x74,0x31,0x12,0x30,0x10,0x06,0x03,0x55,0x04,0x03,0x14,0x09,0x62,
0x61,0x69,0x64,0x75,0x2E,0x63,0x6F,0x6D,0x30,0x82,0x01,0x22,0x30,0x0D,0x06,0x09,
0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x01,0x01,0x05,0x00,0x03,0x82,0x01,0x0F,0x00,
0x30,0x82,0x01,0x0A,0x02,0x82,0x01,0x01,0x00,0xA8,0x72,0xCF,0xEB,0x76,0x51,0xBB,
0x01,0x1E,0x16,0x51,0x1C,0x0E,0x64,0x5B,0x26,0x59,0xF5,0x5B,0x82,0x20,0x16,0x3E,
0x77,0x78,0x62,0xC0,0xE2,0xF6,0x53,0x1E,0x09,0x2D,0x62,0xB4,0x27,0x07,0x3A,0x5D,
0x9B,0x9A,0x3C,0x04,0x2F,0x69,0x0B,0x1E,0x64,0x99,0xA6,0xF0,0xE6,0xD8,0x6C,0x82,
0x7E,0x0A,0x00,0x72,0xC1,0x8C,0x27,0x9E,0xF2,0xB2,0x6B,0x6C,0x06,0x65,0x50,0xA0,
0xB3,0x0D,0x2A,0xFA,0xDF,0xFB,0xAC,0xF4,0x32,0x61,0xAC,0xA7,0x59,0x3B,0x2C,0x82,
0x18,0xC0,0xFB,0xD7,0x00,0x0E,0xD8,0x08,0x7E,0x53,0x1E,0xDF,0xB0,0xA4,0xEB,0xEE,
0x30,0x28,0x27,0xEB,0xC5,0xDD,0x82,0xC5,0x20,0x73,0x2E,0x5E,0x40,0x51,0xED,0xE6,
0x27,0x72,0xEA,0xC0,0x24,0x9A,0x5D,0xC2,0xF8,0x1B,0xB0,0x61,0x25,0xBE,0x5E,0x2F,
0xBB,0x1C,0x11,0xD6,0xA0,0xD1,0xF0,0x30,0x07,0xC5,0x28,0x4A,0x5A,0x4C,0x24,0x23,
0xB2,0x40,0x68,0x74,0x3B,0xED,0x93,0xD7,0x87,0x12,0x26,0xC4,0x01,0x0F,0x0A,0x09,
0x68,0x74,0x1C,0x5D,0x18,0xA9,0xB2,0x6B,0xD7,0x4E,0xB2,0xEC,0x36,0x0B,0x92,0xB8,
0xC6,0xB6,0x9E,0xCA,0x4E,0x59,0xBD,0x26,0x79,0xD2,0x95,0xE1,0x69,0x2D,0xE8,0x4A,
0xAC,0x2C,0x44,0xD1,0xC6,0x33,0xAB,0x7E,0x6F,0xD9,0x2A,0x72,0xE0,0x3B,0x64,0xCB,
0xAB,0x1B,0xD3,0x05,0xDB,0xC6,0x76,0x8A,0xEE,0x6B,0x14,0x2A,0xEF,0x59,0x48,0x2A,
0x3D,0x0B,0x93,0xDD,0x6E,0x72,0x2E,0xA3,0xEB,0xD0,0x3B,0x89,0x0D,0x8A,0x92,0x55,
0xDD,0x02,0x89,0xC4,0x93,0x2E,0xCF,0xCE,0xAF,0x02,0x03,0x01,0x00,0x01,0xA3,0x82,
0x02,0x3C,0x30,0x82,0x02,0x38,0x30,0x81,0xE6,0x06,0x03,0x55,0x1D,0x11,0x04,0x81,
0xDE,0x30,0x81,0xDB,0x82,0x0B,0x2A,0x2E,0x62,0x61,0x69,0x64,0x75,0x2E,0x63,0x6F,
0x6D,0x82,0x0B,0x2A,0x2E,0x6E,0x75,0x6F,0x6D,0x69,0x2E,0x63,0x6F,0x6D,0x82,0x0C,
0x2A,0x2E,0x68,0x61,0x6F,0x31,0x32,0x33,0x2E,0x63,0x6F,0x6D,0x82,0x0E,0x2A,0x2E,
0x62,0x64,0x73,0x74,0x61,0x74,0x69,0x63,0x2E,0x63,0x6F,0x6D,0x82,0x10,0x77,0x77,
0x77,0x2E,0x62,0x61,0x69,0x64,0x75,0x2E,0x63,0x6F,0x6D,0x2E,0x63,0x6E,0x82,0x0C,
0x77,0x77,0x77,0x2E,0x62,0x61,0x69,0x64,0x75,0x2E,0x63,0x6E,0x82,0x12,0x73,0x61,
0x70,0x69,0x2E,0x6D,0x61,0x70,0x2E,0x62,0x61,0x69,0x64,0x75,0x2E,0x63,0x6F,0x6D,
0x82,0x11,0x6C,0x6F,0x63,0x2E,0x6D,0x61,0x70,0x2E,0x62,0x61,0x69,0x64,0x75,0x2E,
0x63,0x6F,0x6D,0x82,0x10,0x6C,0x6F,0x67,0x2E,0x68,0x6D,0x2E,0x62,0x61,0x69,0x64,
0x75,0x2E,0x63,0x6F,0x6D,0x82,0x09,0x62,0x61,0x69,0x64,0x75,0x2E,0x63,0x6F,0x6D,
0x82,0x11,0x61,0x70,0x69,0x2E,0x6D,0x61,0x70,0x2E,0x62,0x61,0x69,0x64,0x75,0x2E,
0x63,0x6F,0x6D,0x82,0x15,0x63,0x6F,0x6E,0x73,0x6F,0x6C,0x65,0x2E,0x62,0x63,0x65,
0x2E,0x62,0x61,0x69,0x64,0x75,0x2E,0x63,0x6F,0x6D,0x82,0x13,0x6C,0x6F,0x67,0x69,
0x6E,0x2E,0x62,0x63,0x65,0x2E,0x62,0x61,0x69,0x64,0x75,0x2E,0x63,0x6F,0x6D,0x30,
0x09,0x06,0x03,0x55,0x1D,0x13,0x04,0x02,0x30,0x00,0x30,0x0E,0x06,0x03,0x55,0x1D,
0x0F,0x01,0x01,0xFF,0x04,0x04,0x03,0x02,0x05,0xA0,0x30,0x28,0x06,0x03,0x55,0x1D,
0x25,0x04,0x21,0x30,0x1F,0x06,0x08,0x2B,0x06,0x01,0x05,0x05,0x07,0x03,0x01,0x06,
0x08,0x2B,0x06,0x01,0x05,0x05,0x07,0x03,0x02,0x06,0x09,0x60,0x86,0x48,0x01,0x86,
0xF8,0x42,0x04,0x01,0x30,0x61,0x06,0x03,0x55,0x1D,0x20,0x04,0x5A,0x30,0x58,0x30,
0x56,0x06,0x06,0x67,0x81,0x0C,0x01,0x02,0x02,0x30,0x4C,0x30,0x23,0x06,0x08,0x2B,
0x06,0x01,0x05,0x05,0x07,0x02,0x01,0x16,0x17,0x68,0x74,0x74,0x70,0x73,0x3A,0x2F,
0x2F,0x64,0x2E,0x73,0x79,0x6D,0x63,0x62,0x2E,0x63,0x6F,0x6D,0x2F,0x63,0x70,0x73,
0x30,0x25,0x06,0x08,0x2B,0x06,0x01,0x05,0x05,0x07,0x02,0x02,0x30,0x19,0x1A,0x17,
0x68,0x74,0x74,0x70,0x73,0x3A,0x2F,0x2F,0x64,0x2E,0x73,0x79,0x6D,0x63,0x62,0x2E,
0x63,0x6F,0x6D,0x2F,0x72,0x70,0x61,0x30,0x1F,0x06,0x03,0x55,0x1D,0x23,0x04,0x18,
0x30,0x16,0x80,0x14,0xD7,0x9B,0x7C,0xD8,0x22,0xA0,0x15,0xF7,0xDD,0xAD,0x5F,0xCE,
0x29,0x9B,0x58,0xC3,0xBC,0x46,0x00,0xB5,0x30,0x2B,0x06,0x03,0x55,0x1D,0x1F,0x04,
0x24,0x30,0x22,0x30,0x20,0xA0,0x1E,0xA0,0x1C,0x86,0x1A,0x68,0x74,0x74,0x70,0x3A,
0x2F,0x2F,0x73,0x65,0x2E,0x73,0x79,0x6D,0x63,0x62,0x2E,0x63,0x6F,0x6D,0x2F,0x73,
0x65,0x2E,0x63,0x72,0x6C,0x30,0x57,0x06,0x08,0x2B,0x06,0x01,0x05,0x05,0x07,0x01,
0x01,0x04,0x4B,0x30,0x49,0x30,0x1F,0x06,0x08,0x2B,0x06,0x01,0x05,0x05,0x07,0x30,
0x01,0x86,0x13,0x68,0x74,0x74,0x70,0x3A,0x2F,0x2F,0x73,0x65,0x2E,0x73,0x79,0x6D,
0x63,0x64,0x2E,0x63,0x6F,0x6D,0x30,0x26,0x06,0x08,0x2B,0x06,0x01,0x05,0x05,0x07,
0x30,0x02,0x86,0x1A,0x68,0x74,0x74,0x70,0x3A,0x2F,0x2F,0x73,0x65,0x2E,0x73,0x79,
0x6D,0x63,0x62,0x2E,0x63,0x6F,0x6D,0x2F,0x73,0x65,0x2E,0x63,0x72,0x74,0x30,0x0D,
0x06,0x09,0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x01,0x05,0x05,0x00,0x03,0x82,0x01,
0x01,0x00,0x2C,0xF7,0x8A,0x6D,0x8A,0x0E,0x9E,0xD2,0x1E,0xEF,0x30,0xA7,0xFF,0xE5,
0x6F,0xD1,0x0E,0x0B,0xC7,0x58,0xD3,0x3A,0xB1,0x46,0xC4,0x53,0x67,0x4C,0xBC,0x44,
0xF9,0xCA,0xAA,0xA6,0xF3,0xCD,0x00,0xE4,0x5F,0x15,0x96,0xBC,0x2A,0xCC,0xB9,0xEB,
0xCC,0xCE,0xA0,0xC7,0xD6,0x07,0x04,0x06,0x94,0x10,0xAB,0x6A,0xB7,0xD1,0xD2,0x7B,
0xA7,0x31,0xA3,0x76,0x80,0xBC,0xD3,0x51,0x7C,0x3A,0xA0,0x6D,0x04,0x2C,0x4C,0x0C,
0x8E,0x83,0xC1,0x17,0x42,0x30,0x2F,0xC1,0x07,0x16,0x22,0xC4,0x15,0xEE,0x2B,0xDA,
0x9F,0x30,0x0B,0xD7,0x47,0x5D,0x50,0x36,0x75,0xA7,0x62,0xCF,0xDA,0x13,0x05,0x2D,
0x39,0x88,0xB3,0xAB,0x4E,0xB3,0x98,0xE4,0x68,0x3B,0x0E,0x43,0x2F,0xB1,0x4B,0x32,
0x9A,0xC3,0x23,0x85,0x4E,0xBC,0x0F,0x7C,0x36,0xCE,0x8E,0xA8,0xB3,0x99,0x4E,0x66,
0x5F,0xA2,0xA2,0x11,0x90,0x3F,0x6F,0xBB,0xFA,0x60,0x9A,0x45,0x0D,0x01,0x43,0x67,
0xC0,0xB0,0xC0,0x1C,0x48,0x83,0xCD,0x35,0xF6,0xB0,0x11,0xF8,0xBC,0x20,0x4F,0x8D,
0xB5,0x75,0x9F,0x36,0x27,0x12,0x90,0xAF,0xAF,0xC1,0x60,0xB7,0xE8,0x1B,0xD8,0x73,
0x95,0x3B,0xF9,0x9E,0x9B,0x5B,0x64,0x5E,0xE6,0xDF,0xE9,0x2D,0x56,0xB4,0xE6,0x8F,
0xB9,0xAB,0xFE,0xAA,0x43,0x6C,0x7C,0xBE,0xE3,0x6A,0x5A,0x8B,0x1A,0xE0,0x6A,0x4B,
0x17,0x72,0x2D,0x16,0xD8,0x4B,0xF1,0x83,0xCD,0xA2,0xDD,0x32,0xE1,0x44,0x28,0x42,
0xC5,0xDD,0x13,0xA4,0x51,0xA8,0xBF,0xFE,0x30,0xDA,0x93,0x36,0xC5,0x1E,0x76,0xE0,
0xC6,0xCD,
};checkhost 验证域名是否在证书信息中,checkemail验证email是否在证书信息中,checkup 验证输入的ip是否在证书的ip域中。
还有很多的命令没有了解,比如req这些,这些命令好像和生成证书有关。下次再了解说明。