Como copiar um certificado de site em um arquivo no windows

1

Eu estou procurando um comando para copiar o certificado do site no modo de texto, para que eu possa compará-lo com o que eu tenho. Por favor me ajude com isso.

Por exemplo, eu tenho um IP do meu servidor 10.112.***.***. Para obter o certificado do endereço do meu servidor: 10.112.***.***:443como fazemos isso com o comando no windows?

Joshi
fonte

Respostas:

0

Para obter o certificado do meu endereço de servidor: 10.112. . : 443 como fazemos isso com o comando no windows?

Instale o Win32 OpenSSL da Shining Light Production . Os comandos são os mesmos, independentemente do sistema operacional. Então (de uma caixa do OS X):

$ openssl s_client -connect www.google.com:443 -tls1 -servername www.google.com | \
  openssl x509 -text -noout

depth=2 C = US, O = GeoTrust Inc., CN = GeoTrust Global CA
verify error:num=20:unable to get local issuer certificate
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 2625022969251558231 (0x246df47b897af357)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: C = US, O = Google Inc, CN = Google Internet Authority G2
        Validity
            Not Before: Jun 30 15:20:05 2016 GMT
            Not After : Sep 22 14:53:00 2016 GMT
        Subject: C = US, ST = California, L = Mountain View, O = Google Inc, CN = www.google.com
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                Public-Key: (2048 bit)
                Modulus:
                    00:ac:49:83:56:dc:06:b5:1b:77:7f:49:25:81:1e:
                    20:be:ea:06:6f:d5:61:a1:d8:f1:7c:ec:f6:15:53:
                    cf:35:42:13:3e:40:49:80:00:0e:85:b7:91:25:96:
                    59:2d:c9:9e:5f:95:e6:24:6b:c8:7d:0c:a6:fa:0e:
                    8f:a2:6a:0c:b1:14:3b:70:85:c4:b2:14:d2:2d:39:
                    31:74:06:f6:08:e9:bb:89:50:e9:fb:bd:ce:45:40:
                    45:b5:31:58:a4:3a:74:61:fc:53:ba:6a:06:f8:4c:
                    de:b8:72:34:1e:02:6b:09:43:65:7b:5f:c6:2f:ee:
                    ef:8f:e0:b4:b7:9d:d7:dc:24:b1:0a:51:21:1a:80:
                    f3:f1:cc:2f:9e:21:79:49:62:a2:22:b5:b2:e0:9f:
                    38:ca:e1:a2:ba:0c:9e:6d:d4:19:50:e9:40:7d:8e:
                    93:91:63:55:bc:1e:e1:7c:82:b5:dd:e2:79:85:93:
                    dd:54:67:f4:92:c9:a0:22:d2:46:0e:f0:0e:b4:43:
                    0d:ff:9a:a2:12:53:6c:7d:1a:c0:82:54:a3:36:1c:
                    40:43:bf:bc:ce:19:51:40:96:fa:35:e8:12:f6:3f:
                    45:c9:7c:ac:5f:25:ff:62:3d:dd:66:c4:87:7f:3c:
                    fc:45:ff:db:11:dc:59:eb:27:91:10:d0:6e:e0:fd:
                    2a:59
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Extended Key Usage: 
                TLS Web Server Authentication, TLS Web Client Authentication
            X509v3 Subject Alternative Name: 
                DNS:www.google.com
            Authority Information Access: 
                CA Issuers - URI:http://pki.google.com/GIAG2.crt
                OCSP - URI:http://clients1.google.com/ocsp

            X509v3 Subject Key Identifier: 
                48:59:57:0D:D3:48:20:96:1B:7D:7A:3F:69:1D:DF:E4:5E:C4:21:6B
            X509v3 Basic Constraints: critical
                CA:FALSE
            X509v3 Authority Key Identifier: 
                keyid:4A:DD:06:16:1B:BC:F6:68:B5:76:F5:81:B6:BB:62:1A:BA:5A:81:2F

            X509v3 Certificate Policies: 
                Policy: 1.3.6.1.4.1.11129.2.5.1
                Policy: 2.23.140.1.2.2

            X509v3 CRL Distribution Points: 

                Full Name:
                  URI:http://pki.google.com/GIAG2.crl

    Signature Algorithm: sha256WithRSAEncryption
         1d:0e:32:85:6e:d6:db:3b:a3:7e:f3:19:22:33:38:57:50:61:
         45:89:2e:30:f1:26:2f:b4:29:45:b6:9d:86:94:63:fa:b8:dc:
         3c:08:2a:27:01:14:46:bc:a4:d7:ba:a3:63:1e:9f:4a:0e:88:
         79:0a:6b:c6:4b:11:04:73:bd:79:a8:48:36:1f:38:a4:fa:4a:
         ae:e5:71:f9:0d:00:8b:c4:3d:6a:44:2e:85:e2:dd:05:fc:61:
         a7:92:bf:71:38:ad:ae:5f:06:c0:dc:53:da:ec:a4:85:bb:00:
         2f:30:7b:d0:33:fd:01:c0:ed:9e:69:fe:5a:22:ab:cb:bb:07:
         0d:0b:a7:eb:ef:45:0f:5f:7f:c9:d4:27:0a:27:94:f5:c4:de:
         74:31:ef:7b:ac:ca:c4:20:0a:6d:9b:55:80:5f:ff:4a:8d:66:
         e9:ae:aa:c7:7b:29:76:c8:99:de:e6:66:71:2f:cd:dd:79:45:
         49:a8:28:db:0e:20:78:f2:18:df:3e:22:13:8f:07:05:bf:95:
         21:bd:d3:0d:1c:a8:ca:39:04:a7:d9:e5:57:ef:48:b7:18:f5:
         dc:25:76:2c:b0:fb:25:b2:cf:31:fe:71:a9:53:b9:d6:37:a5:
         65:f6:0c:da:7e:3f:e4:87:78:7f:05:63:5d:67:a3:ad:50:47:
         32:c8:a3:fb

Se o texto acima satisfaz você, então simplesmente emita:

$ openssl s_client -connect www.google.com:443 -tls1 -servername www.google.com | \
  openssl x509 -text -noout > certificate.txt

Se você quiser salvá-lo em um arquivo no formato ASN.1 / DER ou PEM, em vez de exibi-lo ( -text -noout), verifique algumas das outras openssl x509opções .

jww
fonte
Eu preciso do texto que começa com ------ BEGIN CERTIFICATE -------- e termina com ------ END CERTIFICATE ---------
Joshi
@Joshi - Depois de salvar o certificado, consulte Convertendo usando o OpenSSL para convertê-lo entre ASN.1 / DER e PEM. Ou melhor, use openssl x509para salvá-lo no PEM para que não seja necessária conversão.
jww