インストール
OpenSSLインストール手順(Windows 11)を参考にインストール設定する。
コマンド
「C:\OpenSSL」をWorkフォルダーとする。
cd C:\OpenSSL
証明書読み込み(PEMファイル)
openssl x509 -text -in 証明書PEMファイル名.cer
コマンド結果
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
0d:ab:87:bf:37:6d:84:f3:8e:43:91:1b:25:3a:37:77
Signature Algorithm: sha256WithRSAEncryption
Issuer: C = US, O = Amazon, CN = Amazon RSA 2048 M01
Validity
Not Before: Feb 10 00:00:00 2023 GMT
Not After : Jan 2 23:59:59 2024 GMT
Subject: CN = qiita.com
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (2048 bit)
Modulus:
00:bc:6a:95:e7:31:dc:1c:5c:b7:0d:1c:b2:2b:9c:
97:f9:a5:28:6f:58:63:17:ea:68:ce:62:cb:95:83:
38:3e:09:83:83:fb:0a:48:53:9c:b3:01:e8:de:56:
e2:b6:d7:8d:14:cd:fc:1a:17:d5:35:88:c7:bf:ae:
56:b3:3d:50:83:89:88:e4:c9:42:3b:3f:3f:ff:a7:
83:16:6b:2b:45:07:be:ff:c9:90:fe:63:fa:ed:a1:
ed:19:be:36:c1:f4:f8:28:6d:c9:fb:7d:64:a3:9a:
32:a1:d3:63:3d:35:6e:d1:7a:72:6e:77:a2:84:d6:
c1:5f:ac:1a:0a:98:ea:2f:e8:2e:fb:cb:33:45:60:
35:e4:96:95:1a:d9:ca:35:1f:d9:32:40:33:34:03:
63:0f:b3:30:07:5e:57:83:46:a2:a0:8a:58:21:18:
4a:32:15:6a:62:a4:a5:5b:89:e9:54:f8:ec:b2:06:
f1:7f:ab:4e:86:2c:48:c0:22:9e:d3:51:60:fc:a4:
c3:e0:46:37:61:da:48:11:e1:2e:bf:cd:ae:1c:f8:
97:74:8f:26:75:64:65:dc:b9:bb:d0:93:d2:74:58:
a8:4e:fe:e1:af:f8:83:78:92:fe:68:ff:28:a3:d0:
81:77:47:a7:75:2c:a9:b6:46:ed:7e:5b:d7:1b:21:
bc:5b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Authority Key Identifier:
81:B8:0E:63:8A:89:12:18:E5:FA:3B:3B:50:95:9F:E6:E5:90:13:85
X509v3 Subject Key Identifier:
D8:7D:CE:74:D2:F7:46:3F:03:58:A6:27:D7:40:BC:83:8C:FF:65:82
X509v3 Subject Alternative Name:
DNS:qiita.com, DNS:*.qiita.com
X509v3 Key Usage: critical
Digital Signature, Key Encipherment
X509v3 Extended Key Usage:
TLS Web Server Authentication, TLS Web Client Authentication
X509v3 CRL Distribution Points:
Full Name:
URI:http://crl.r2m01.amazontrust.com/r2m01.crl
X509v3 Certificate Policies:
Policy: 2.23.140.1.2.1
Authority Information Access:
OCSP - URI:http://ocsp.r2m01.amazontrust.com
CA Issuers - URI:http://crt.r2m01.amazontrust.com/r2m01.cer
X509v3 Basic Constraints: critical
CA:FALSE
CT Precertificate SCTs:
Signed Certificate Timestamp:
Version : v1 (0x0)
Log ID : EE:CD:D0:64:D5:DB:1A:CE:C5:5C:B7:9D:B4:CD:13:A2:
32:87:46:7C:BC:EC:DE:C3:51:48:59:46:71:1F:B5:9B
Timestamp : Feb 10 01:54:34.710 2023 GMT
Extensions: none
Signature : ecdsa-with-SHA256
30:44:02:20:55:C4:F8:87:7E:DA:3C:D8:EF:2D:A6:7B:
13:8D:FE:06:FD:3C:EB:71:2E:C6:E2:D6:0E:26:81:67:
44:0D:2F:47:02:20:06:67:5D:AC:16:19:D6:2E:B4:15:
37:E6:33:FD:D6:88:48:E9:40:3B:D2:76:6F:F6:C8:6B:
C9:AB:9D:78:E1:CD
Signed Certificate Timestamp:
Version : v1 (0x0)
Log ID : 73:D9:9E:89:1B:4C:96:78:A0:20:7D:47:9D:E6:B2:C6:
1C:D0:51:5E:71:19:2A:8C:6B:80:10:7A:C1:77:72:B5
Timestamp : Feb 10 01:54:34.810 2023 GMT
Extensions: none
Signature : ecdsa-with-SHA256
30:44:02:20:68:F0:B9:CC:EC:03:A6:15:06:07:2D:74:
55:7E:76:2D:28:13:39:D9:52:A6:4A:61:CD:22:3B:0D:
F7:91:17:5A:02:20:24:C1:DD:02:0A:62:0B:AE:02:63:
11:A2:69:CF:6E:AA:A8:50:52:F6:B9:CC:F3:0B:F5:9B:
95:A2:6F:3B:B5:AA
Signed Certificate Timestamp:
Version : v1 (0x0)
Log ID : 48:B0:E3:6B:DA:A6:47:34:0F:E5:6A:02:FA:9D:30:EB:
1C:52:01:CB:56:DD:2C:81:D9:BB:BF:AB:39:D8:84:73
Timestamp : Feb 10 01:54:34.763 2023 GMT
Extensions: none
Signature : ecdsa-with-SHA256
30:45:02:21:00:9E:94:AA:24:31:2F:CC:19:DE:DB:71:
A2:54:25:48:2D:16:80:5D:C9:E4:09:FD:CE:28:F1:38:
E7:67:CE:F3:1B:02:20:29:5C:01:5E:7B:6C:4E:ED:83:
CB:03:7A:EA:1C:C7:C5:36:D0:F2:28:D2:20:30:90:EA:
35:98:B9:C4:26:AF:19
Signature Algorithm: sha256WithRSAEncryption
Signature Value:
8a:70:c3:7a:9c:72:15:bb:42:f5:20:9c:35:0b:d6:c3:f2:4d:
93:ce:b8:6e:9a:79:0f:17:c0:85:1c:80:7a:ff:dc:12:4f:8a:
5a:e6:9e:43:1e:de:a0:bd:f1:8f:92:c4:e8:7f:3c:5d:7d:53:
00:d1:5c:9d:cc:43:0c:82:be:88:fd:43:d5:ad:83:b9:a8:54:
12:c3:98:55:b4:b0:28:38:0d:8d:83:a2:53:7c:8a:23:10:94:
94:04:1b:47:bc:48:86:0e:6b:3c:81:a8:46:29:f7:d6:d3:b7:
b2:9f:6f:a0:e4:d9:3a:df:28:0a:e8:f5:f1:c3:30:aa:08:d6:
5c:40:b7:39:c8:61:60:8e:e8:82:88:35:fa:93:58:34:47:32:
86:e8:d2:cb:cd:19:36:15:cd:36:0d:84:4f:e1:83:94:5e:4b:
ec:8f:8c:51:a6:b6:0b:44:60:5c:e2:5d:14:a4:48:b6:47:2c:
b1:81:fd:3a:ce:99:0c:00:d8:08:22:23:31:a0:16:4a:1b:77:
73:72:cf:ce:95:ac:87:ae:fd:75:23:2e:20:2a:a4:62:3c:3e:
91:69:c7:c9:99:3b:20:5a:01:c9:29:0a:5a:5f:91:f0:0a:f0:
d6:f0:8f:9f:b8:48:b8:24:dd:57:c8:95:88:5d:23:c2:ec:23:
7f:f3:1b:9d
-----BEGIN CERTIFICATE-----
MIIFyTCCBLGgAwIBAgIQDauHvzdthPOOQ5EbJTo3dzANBgkqhkiG9w0BAQsFADA8
MQswCQYDVQQGEwJVUzEPMA0GA1UEChMGQW1hem9uMRwwGgYDVQQDExNBbWF6b24g
UlNBIDIwNDggTTAxMB4XDTIzMDIxMDAwMDAwMFoXDTI0MDEwMjIzNTk1OVowFDES
MBAGA1UEAxMJcWlpdGEuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAvGqV5zHcHFy3DRyyK5yX+aUob1hjF+pozmLLlYM4PgmDg/sKSFOcswHo3lbi
tteNFM38GhfVNYjHv65Wsz1Qg4mI5MlCOz8//6eDFmsrRQe+/8mQ/mP67aHtGb42
wfT4KG3J+31ko5oyodNjPTVu0XpybneihNbBX6waCpjqL+gu+8szRWA15JaVGtnK
NR/ZMkAzNANjD7MwB15Xg0aioIpYIRhKMhVqYqSlW4npVPjssgbxf6tOhixIwCKe
01Fg/KTD4EY3YdpIEeEuv82uHPiXdI8mdWRl3Lm70JPSdFioTv7hr/iDeJL+aP8o
o9CBd0endSyptkbtflvXGyG8WwIDAQABo4IC7TCCAukwHwYDVR0jBBgwFoAUgbgO
Y4qJEhjl+js7UJWf5uWQE4UwHQYDVR0OBBYEFNh9znTS90Y/A1imJ9dAvIOM/2WC
MCEGA1UdEQQaMBiCCXFpaXRhLmNvbYILKi5xaWl0YS5jb20wDgYDVR0PAQH/BAQD
AgWgMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjA7BgNVHR8ENDAyMDCg
LqAshipodHRwOi8vY3JsLnIybTAxLmFtYXpvbnRydXN0LmNvbS9yMm0wMS5jcmww
EwYDVR0gBAwwCjAIBgZngQwBAgEwdQYIKwYBBQUHAQEEaTBnMC0GCCsGAQUFBzAB
hiFodHRwOi8vb2NzcC5yMm0wMS5hbWF6b250cnVzdC5jb20wNgYIKwYBBQUHMAKG
Kmh0dHA6Ly9jcnQucjJtMDEuYW1hem9udHJ1c3QuY29tL3IybTAxLmNlcjAMBgNV
HRMBAf8EAjAAMIIBfAYKKwYBBAHWeQIEAgSCAWwEggFoAWYAdQDuzdBk1dsazsVc
t520zROiModGfLzs3sNRSFlGcR+1mwAAAYY5CA5WAAAEAwBGMEQCIFXE+Id+2jzY
7y2mexON/gb9POtxLsbi1g4mgWdEDS9HAiAGZ12sFhnWLrQVN+Yz/daISOlAO9J2
b/bIa8mrnXjhzQB1AHPZnokbTJZ4oCB9R53mssYc0FFecRkqjGuAEHrBd3K1AAAB
hjkIDroAAAQDAEYwRAIgaPC5zOwDphUGBy10VX52LSgTOdlSpkphzSI7DfeRF1oC
ICTB3QIKYguuAmMRomnPbqqoUFL2uczzC/WblaJvO7WqAHYASLDja9qmRzQP5WoC
+p0w6xxSActW3SyB2bu/qznYhHMAAAGGOQgOiwAABAMARzBFAiEAnpSqJDEvzBne
23GiVCVILRaAXcnkCf3OKPE452fO8xsCIClcAV57bE7tg8sDeuocx8U20PIo0iAw
kOo1mLnEJq8ZMA0GCSqGSIb3DQEBCwUAA4IBAQCKcMN6nHIVu0L1IJw1C9bD8k2T
zrhumnkPF8CFHIB6/9wST4pa5p5DHt6gvfGPksTofzxdfVMA0VydzEMMgr6I/UPV
rYO5qFQSw5hVtLAoOA2Ng6JTfIojEJSUBBtHvEiGDms8gahGKffW07eyn2+g5Nk6
3ygK6PXxwzCqCNZcQLc5yGFgjuiCiDX6k1g0RzKG6NLLzRk2Fc02DYRP4YOUXkvs
j4xRprYLRGBc4l0UpEi2Ryyxgf06zpkMANgIIiMxoBZKG3dzcs/OlayHrv11Iy4g
KqRiPD6RacfJmTsgWgHJKQpaX5HwCvDW8I+fuEi4JN1XyJWIXSPC7CN/8xud
-----END CERTIFICATE-----
証明書読み込み(DERファイル)
openssl x509 -text -inform der -in 証明書DERファイル名.cer
証明書読み込み(PEMファイルをASN.1形式で表示)
openssl asn1parse -dump -inform pem -in 証明書PEMファイル名.cer
コマンド結果
0:d=0 hl=4 l=1481 cons: SEQUENCE
4:d=1 hl=4 l=1201 cons: SEQUENCE
8:d=2 hl=2 l= 3 cons: cont [ 0 ]
10:d=3 hl=2 l= 1 prim: INTEGER :02
13:d=2 hl=2 l= 16 prim: INTEGER :0DAB87BF376D84F38E43911B253A3777
31:d=2 hl=2 l= 13 cons: SEQUENCE
33:d=3 hl=2 l= 9 prim: OBJECT :sha256WithRSAEncryption
44:d=3 hl=2 l= 0 prim: NULL
46:d=2 hl=2 l= 60 cons: SEQUENCE
48:d=3 hl=2 l= 11 cons: SET
50:d=4 hl=2 l= 9 cons: SEQUENCE
52:d=5 hl=2 l= 3 prim: OBJECT :countryName
57:d=5 hl=2 l= 2 prim: PRINTABLESTRING :US
61:d=3 hl=2 l= 15 cons: SET
63:d=4 hl=2 l= 13 cons: SEQUENCE
65:d=5 hl=2 l= 3 prim: OBJECT :organizationName
70:d=5 hl=2 l= 6 prim: PRINTABLESTRING :Amazon
78:d=3 hl=2 l= 28 cons: SET
80:d=4 hl=2 l= 26 cons: SEQUENCE
82:d=5 hl=2 l= 3 prim: OBJECT :commonName
87:d=5 hl=2 l= 19 prim: PRINTABLESTRING :Amazon RSA 2048 M01
108:d=2 hl=2 l= 30 cons: SEQUENCE
110:d=3 hl=2 l= 13 prim: UTCTIME :230210000000Z
125:d=3 hl=2 l= 13 prim: UTCTIME :240102235959Z
140:d=2 hl=2 l= 20 cons: SEQUENCE
142:d=3 hl=2 l= 18 cons: SET
144:d=4 hl=2 l= 16 cons: SEQUENCE
146:d=5 hl=2 l= 3 prim: OBJECT :commonName
151:d=5 hl=2 l= 9 prim: PRINTABLESTRING :qiita.com
162:d=2 hl=4 l= 290 cons: SEQUENCE
166:d=3 hl=2 l= 13 cons: SEQUENCE
168:d=4 hl=2 l= 9 prim: OBJECT :rsaEncryption
179:d=4 hl=2 l= 0 prim: NULL
181:d=3 hl=4 l= 271 prim: BIT STRING
0000 - 00 30 82 01 0a 02 82 01-01 00 bc 6a 95 e7 31 dc .0.........j..1.
0010 - 1c 5c b7 0d 1c b2 2b 9c-97 f9 a5 28 6f 58 63 17 .\....+....(oXc.
0020 - ea 68 ce 62 cb 95 83 38-3e 09 83 83 fb 0a 48 53 .h.b...8>.....HS
0030 - 9c b3 01 e8 de 56 e2 b6-d7 8d 14 cd fc 1a 17 d5 .....V..........
0040 - 35 88 c7 bf ae 56 b3 3d-50 83 89 88 e4 c9 42 3b 5....V.=P.....B;
0050 - 3f 3f ff a7 83 16 6b 2b-45 07 be ff c9 90 fe 63 ??....k+E......c
0060 - fa ed a1 ed 19 be 36 c1-f4 f8 28 6d c9 fb 7d 64 ......6...(m..}d
0070 - a3 9a 32 a1 d3 63 3d 35-6e d1 7a 72 6e 77 a2 84 ..2..c=5n.zrnw..
0080 - d6 c1 5f ac 1a 0a 98 ea-2f e8 2e fb cb 33 45 60 .._...../....3E`
0090 - 35 e4 96 95 1a d9 ca 35-1f d9 32 40 33 34 03 63 5......5..2@34.c
00a0 - 0f b3 30 07 5e 57 83 46-a2 a0 8a 58 21 18 4a 32 ..0.^W.F...X!.J2
00b0 - 15 6a 62 a4 a5 5b 89 e9-54 f8 ec b2 06 f1 7f ab .jb..[..T.......
00c0 - 4e 86 2c 48 c0 22 9e d3-51 60 fc a4 c3 e0 46 37 N.,H."..Q`....F7
00d0 - 61 da 48 11 e1 2e bf cd-ae 1c f8 97 74 8f 26 75 a.H.........t.&u
00e0 - 64 65 dc b9 bb d0 93 d2-74 58 a8 4e fe e1 af f8 de......tX.N....
00f0 - 83 78 92 fe 68 ff 28 a3-d0 81 77 47 a7 75 2c a9 .x..h.(...wG.u,.
0100 - b6 46 ed 7e 5b d7 1b 21-bc 5b 02 03 01 00 01 .F.~[..!.[.....
456:d=2 hl=4 l= 749 cons: cont [ 3 ]
460:d=3 hl=4 l= 745 cons: SEQUENCE
464:d=4 hl=2 l= 31 cons: SEQUENCE
466:d=5 hl=2 l= 3 prim: OBJECT :X509v3 Authority Key Identifier
471:d=5 hl=2 l= 24 prim: OCTET STRING
0000 - 30 16 80 14 81 b8 0e 63-8a 89 12 18 e5 fa 3b 3b 0......c......;;
0010 - 50 95 9f e6 e5 90 13 85- P.......
497:d=4 hl=2 l= 29 cons: SEQUENCE
499:d=5 hl=2 l= 3 prim: OBJECT :X509v3 Subject Key Identifier
504:d=5 hl=2 l= 22 prim: OCTET STRING
0000 - 04 14 d8 7d ce 74 d2 f7-46 3f 03 58 a6 27 d7 40 ...}.t..F?.X.'.@
0010 - bc 83 8c ff 65 82 ....e.
528:d=4 hl=2 l= 33 cons: SEQUENCE
530:d=5 hl=2 l= 3 prim: OBJECT :X509v3 Subject Alternative Name
535:d=5 hl=2 l= 26 prim: OCTET STRING
0000 - 30 18 82 09 71 69 69 74-61 2e 63 6f 6d 82 0b 2a 0...qiita.com..*
0010 - 2e 71 69 69 74 61 2e 63-6f 6d .qiita.com
563:d=4 hl=2 l= 14 cons: SEQUENCE
565:d=5 hl=2 l= 3 prim: OBJECT :X509v3 Key Usage
570:d=5 hl=2 l= 1 prim: BOOLEAN :255
573:d=5 hl=2 l= 4 prim: OCTET STRING
0000 - 03 02 05 a0 ....
579:d=4 hl=2 l= 29 cons: SEQUENCE
581:d=5 hl=2 l= 3 prim: OBJECT :X509v3 Extended Key Usage
586:d=5 hl=2 l= 22 prim: OCTET STRING
0000 - 30 14 06 08 2b 06 01 05-05 07 03 01 06 08 2b 06 0...+.........+.
0010 - 01 05 05 07 03 02 ......
610:d=4 hl=2 l= 59 cons: SEQUENCE
612:d=5 hl=2 l= 3 prim: OBJECT :X509v3 CRL Distribution Points
617:d=5 hl=2 l= 52 prim: OCTET STRING
0000 - 30 32 30 30 a0 2e a0 2c-86 2a 68 74 74 70 3a 2f 0200...,.*http:/
0010 - 2f 63 72 6c 2e 72 32 6d-30 31 2e 61 6d 61 7a 6f /crl.r2m01.amazo
0020 - 6e 74 72 75 73 74 2e 63-6f 6d 2f 72 32 6d 30 31 ntrust.com/r2m01
0030 - 2e 63 72 6c .crl
671:d=4 hl=2 l= 19 cons: SEQUENCE
673:d=5 hl=2 l= 3 prim: OBJECT :X509v3 Certificate Policies
678:d=5 hl=2 l= 12 prim: OCTET STRING
0000 - 30 0a 30 08 06 06 67 81-0c 01 02 01 0.0...g.....
692:d=4 hl=2 l= 117 cons: SEQUENCE
694:d=5 hl=2 l= 8 prim: OBJECT :Authority Information Access
704:d=5 hl=2 l= 105 prim: OCTET STRING
0000 - 30 67 30 2d 06 08 2b 06-01 05 05 07 30 01 86 21 0g0-..+.....0..!
0010 - 68 74 74 70 3a 2f 2f 6f-63 73 70 2e 72 32 6d 30 http://ocsp.r2m0
0020 - 31 2e 61 6d 61 7a 6f 6e-74 72 75 73 74 2e 63 6f 1.amazontrust.co
0030 - 6d 30 36 06 08 2b 06 01-05 05 07 30 02 86 2a 68 m06..+.....0..*h
0040 - 74 74 70 3a 2f 2f 63 72-74 2e 72 32 6d 30 31 2e ttp://crt.r2m01.
0050 - 61 6d 61 7a 6f 6e 74 72-75 73 74 2e 63 6f 6d 2f amazontrust.com/
0060 - 72 32 6d 30 31 2e 63 65-72 r2m01.cer
811:d=4 hl=2 l= 12 cons: SEQUENCE
813:d=5 hl=2 l= 3 prim: OBJECT :X509v3 Basic Constraints
818:d=5 hl=2 l= 1 prim: BOOLEAN :255
821:d=5 hl=2 l= 2 prim: OCTET STRING
0000 - 30 00 0.
825:d=4 hl=4 l= 380 cons: SEQUENCE
829:d=5 hl=2 l= 10 prim: OBJECT :CT Precertificate SCTs
841:d=5 hl=4 l= 364 prim: OCTET STRING
0000 - 04 82 01 68 01 66 00 75-00 ee cd d0 64 d5 db 1a ...h.f.u....d...
0010 - ce c5 5c b7 9d b4 cd 13-a2 32 87 46 7c bc ec de ..\......2.F|...
0020 - c3 51 48 59 46 71 1f b5-9b 00 00 01 86 39 08 0e .QHYFq.......9..
0030 - 56 00 00 04 03 00 46 30-44 02 20 55 c4 f8 87 7e V.....F0D. U...~
0040 - da 3c d8 ef 2d a6 7b 13-8d fe 06 fd 3c eb 71 2e .<..-.{.....<.q.
0050 - c6 e2 d6 0e 26 81 67 44-0d 2f 47 02 20 06 67 5d ....&.gD./G. .g]
0060 - ac 16 19 d6 2e b4 15 37-e6 33 fd d6 88 48 e9 40 .......7.3...H.@
0070 - 3b d2 76 6f f6 c8 6b c9-ab 9d 78 e1 cd 00 75 00 ;.vo..k...x...u.
0080 - 73 d9 9e 89 1b 4c 96 78-a0 20 7d 47 9d e6 b2 c6 s....L.x. }G....
0090 - 1c d0 51 5e 71 19 2a 8c-6b 80 10 7a c1 77 72 b5 ..Q^q.*.k..z.wr.
00a0 - 00 00 01 86 39 08 0e ba-00 00 04 03 00 46 30 44 ....9........F0D
00b0 - 02 20 68 f0 b9 cc ec 03-a6 15 06 07 2d 74 55 7e . h.........-tU~
00c0 - 76 2d 28 13 39 d9 52 a6-4a 61 cd 22 3b 0d f7 91 v-(.9.R.Ja.";...
00d0 - 17 5a 02 20 24 c1 dd 02-0a 62 0b ae 02 63 11 a2 .Z. $....b...c..
00e0 - 69 cf 6e aa a8 50 52 f6-b9 cc f3 0b f5 9b 95 a2 i.n..PR.........
00f0 - 6f 3b b5 aa 00 76 00 48-b0 e3 6b da a6 47 34 0f o;...v.H..k..G4.
0100 - e5 6a 02 fa 9d 30 eb 1c-52 01 cb 56 dd 2c 81 d9 .j...0..R..V.,..
0110 - bb bf ab 39 d8 84 73 00-00 01 86 39 08 0e 8b 00 ...9..s....9....
0120 - 00 04 03 00 47 30 45 02-21 00 9e 94 aa 24 31 2f ....G0E.!....$1/
0130 - cc 19 de db 71 a2 54 25-48 2d 16 80 5d c9 e4 09 ....q.T%H-..]...
0140 - fd ce 28 f1 38 e7 67 ce-f3 1b 02 20 29 5c 01 5e ..(.8.g.... )\.^
0150 - 7b 6c 4e ed 83 cb 03 7a-ea 1c c7 c5 36 d0 f2 28 {lN....z....6..(
0160 - d2 20 30 90 ea 35 98 b9-c4 26 af 19 . 0..5...&..
1209:d=1 hl=2 l= 13 cons: SEQUENCE
1211:d=2 hl=2 l= 9 prim: OBJECT :sha256WithRSAEncryption
1222:d=2 hl=2 l= 0 prim: NULL
1224:d=1 hl=4 l= 257 prim: BIT STRING
0000 - 00 8a 70 c3 7a 9c 72 15-bb 42 f5 20 9c 35 0b d6 ..p.z.r..B. .5..
0010 - c3 f2 4d 93 ce b8 6e 9a-79 0f 17 c0 85 1c 80 7a ..M...n.y......z
0020 - ff dc 12 4f 8a 5a e6 9e-43 1e de a0 bd f1 8f 92 ...O.Z..C.......
0030 - c4 e8 7f 3c 5d 7d 53 00-d1 5c 9d cc 43 0c 82 be ...<]}S..\..C...
0040 - 88 fd 43 d5 ad 83 b9 a8-54 12 c3 98 55 b4 b0 28 ..C.....T...U..(
0050 - 38 0d 8d 83 a2 53 7c 8a-23 10 94 94 04 1b 47 bc 8....S|.#.....G.
0060 - 48 86 0e 6b 3c 81 a8 46-29 f7 d6 d3 b7 b2 9f 6f H..k<..F)......o
0070 - a0 e4 d9 3a df 28 0a e8-f5 f1 c3 30 aa 08 d6 5c ...:.(.....0...\
0080 - 40 b7 39 c8 61 60 8e e8-82 88 35 fa 93 58 34 47 @.9.a`....5..X4G
0090 - 32 86 e8 d2 cb cd 19 36-15 cd 36 0d 84 4f e1 83 2......6..6..O..
00a0 - 94 5e 4b ec 8f 8c 51 a6-b6 0b 44 60 5c e2 5d 14 .^K...Q...D`\.].
00b0 - a4 48 b6 47 2c b1 81 fd-3a ce 99 0c 00 d8 08 22 .H.G,...:......"
00c0 - 23 31 a0 16 4a 1b 77 73-72 cf ce 95 ac 87 ae fd #1..J.wsr.......
00d0 - 75 23 2e 20 2a a4 62 3c-3e 91 69 c7 c9 99 3b 20 u#. *.b<>.i...;
00e0 - 5a 01 c9 29 0a 5a 5f 91-f0 0a f0 d6 f0 8f 9f b8 Z..).Z_.........
00f0 - 48 b8 24 dd 57 c8 95 88-5d 23 c2 ec 23 7f f3 1b H.$.W...]#..#...
0100 - 9d .
証明書読み込み(DERファイルをASN.1形式で表示)
openssl asn1parse -dump -inform der -in 証明書DERファイル名.cer
証明書変換(PEM→DERファイル)
openssl x509 -in 証明書PEMファイル名.cer -outform der -out 変換後証明書DERファイル名.cer
証明書変換(DER→PEMファイル)
openssl x509 -inform der -in 証明書DERファイル名.cer -outform pem -out 変換後証明書PEMファイル名.cer
ウェブサーバーに接続し証明書取得
「-CAfile」でルート証明書を指定すると結果に
「Verify return code: 20 (unable to get local issuer certificate)」が表示されない。
openssl s_client -connect www1.example.com:443 -showcerts
openssl s_client -connect www1.example.com:443 -showcerts -CAfile C:\OpenSSL\RCA-PEM.cer
depth=1が中間CA証明書。
depth=0がTLSサーバー証明書。
コマンド結果
openssl s_client -connect www1.example.com:443 -showcerts
CONNECTED(000001B0)
depth=1 C = JP, ST = Tokyo, O = CA, CN = SCA01
verify error:num=20:unable to get local issuer certificate
verify return:1
depth=0 C = JP, ST = Tokyo, O = CA, CN = *.example.com
verify return:1
---
Certificate chain
0 s:C = JP, ST = Tokyo, O = CA, CN = *.example.com
i:C = JP, ST = Tokyo, O = CA, CN = SCA01
a:PKEY: rsaEncryption, 2048 (bit); sigalg: RSA-SHA256
v:NotBefore: May 27 02:00:39 2022 GMT; NotAfter: Aug 29 02:00:39 2024 GMT
-----BEGIN CERTIFICATE-----
MIIFQzCCAyugAwIBAgIUc/97bpnhRvhnS9tyxlMZ5fQ6QIUwDQYJKoZIhvcNAQEL
BQAwOjELMAkGA1UEBhMCSlAxDjAMBgNVBAgMBVRva3lvMQswCQYDVQQKDAJDQTEO
MAwGA1UEAwwFU0NBMDEwHhcNMjIwNTI3MDIwMDM5WhcNMjQwODI5MDIwMDM5WjBC
MQswCQYDVQQGEwJKUDEOMAwGA1UECAwFVG9reW8xCzAJBgNVBAoMAkNBMRYwFAYD
VQQDDA0qLmV4YW1wbGUuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEA38Z7SSPukxTrYK53WKqO+JHJn7qPAnJ9l7F41/duJ8VxuytaiBrtAiC3hhFc
fD2L2WlL1m4ltWpY7h3Ai1gB9sxwTIXq5kAghvkvVeI5kF5qhvcoUyu2uQRDNheL
/dX+mxl7QWatA62IOQ3zwVDD7mCIFINZTa9EGm23B8mf5IvzsoAKzjsdT4iFh6WE
iHJrb5YnhKd4SN/xIAS2kds8aFtV0j0QujVo+5bC5SwKMzrbsZYajq7k6juT3fzb
cK/SkaWbXOpkhi2DI/WrR3z85N2PfIbyIGPNHImPavdNKPoL/FP8zsutIz4Xv5um
6Wymjj4/jTzLz6G+KlTy2UYrIQIDAQABo4IBNzCCATMwDgYDVR0PAQH/BAQDAgWg
MB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjA1BgNVHR8ELjAsMCqgKKAm
hiRodHRwOi8vd3d3MS5leGFtcGxlLmNvbS9TQ0EwMWNybC5jcmwwPQYIKwYBBQUH
AQEEMTAvMC0GCCsGAQUFBzAChiFodHRwOi8vd3d3MS5leGFtcGxlLmNvbS9TQ0Ew
MS5jcnQwHgYDVR0RBBcwFYINKi5leGFtcGxlLmNvbYcEwKgAoDAsBglghkgBhvhC
AQ0EHxYdT3BlblNTTCBHZW5lcmF0ZWQgQ2VydGlmaWNhdGUwHQYDVR0OBBYEFHD/
ZeIvoFI74mBHhB3MWKVg0z/wMB8GA1UdIwQYMBaAFJlFGFWi3lod1aR2JbTDPVZx
/Z0+MA0GCSqGSIb3DQEBCwUAA4ICAQCk+2OY4ApJcsuSC7HXcn6sXvmQiPMVdZM1
O3wqo6lZ9zQl8kk0J887OBJrekS6ss0uZs2a7H6Cf+EioYU9a83GxV2JLawjG3Py
IoLdjMyAHabiESp68JCy/RxJ6n6cEiKEI1pSVgkqPmkEJHrTm7PCPP7Nb1cjFRPG
Rocu13TyBXyuMTqrqSDOauMTF/sZgtQmTOr7LY6TOJl90t4Hx5Y43HUaUQjG+0KN
jWfFOjwDP9KW6dDN0jK42pEH16zLTUvyBmg38Wl/G+WPHmTd1+ywejRKjFrVGgMV
pIPGuCzXr0kAk9CWQE5LHR/H+W0uDaGLOrbISuYJ1qqQvneUCLZmBqKBAEXzhdPQ
9uAvdagVxMfsJno5DGWfxR3eJVPp3PA3v82IC139Qy5gdl/MsBjJHzKbgc+5nIZk
fH780KJLqUR6fbHW34lsVS81ksosY6l1HMHtkdTqQAo9OKf+BWcxi5JVEpfiOoPP
iB0OsfzvtPsgGprqI9lyJV6a60SH2q02OVvPn2UVaffzwc86c6MzDn2oRHryF4Rd
O67O7mJfWx+4KGXIx/QEHrJAG0WQZ428wxqY1OwYh/bPnJBFtoj/KcfDkL20ZLSs
u97ZbBP5SMTV7LUekHZnTb/U/A+ZP04VAjRBQ+H/6hGfbG9frptjHAragMUuFgU2
/tfAWUKbpA==
-----END CERTIFICATE-----
1 s:C = JP, ST = Tokyo, O = CA, CN = SCA01
i:C = JP, ST = Tokyo, O = CA, CN = RCA
a:PKEY: rsaEncryption, 4096 (bit); sigalg: RSA-SHA256
v:NotBefore: May 27 01:57:18 2022 GMT; NotAfter: May 23 01:57:18 2037 GMT
-----BEGIN CERTIFICATE-----
MIIF1zCCA7+gAwIBAgIUQ1pa3A8Dpdw6VDAfFDnF3ukYwy0wDQYJKoZIhvcNAQEL
BQAwODELMAkGA1UEBhMCSlAxDjAMBgNVBAgMBVRva3lvMQswCQYDVQQKDAJDQTEM
MAoGA1UEAwwDUkNBMB4XDTIyMDUyNzAxNTcxOFoXDTM3MDUyMzAxNTcxOFowOjEL
MAkGA1UEBhMCSlAxDjAMBgNVBAgMBVRva3lvMQswCQYDVQQKDAJDQTEOMAwGA1UE
AwwFU0NBMDEwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQDOwOoVhC/x
kNtSLSsZVp7vvbvpVBgXnvneV9UtSCFkT80PYsJFgVL7InGEOeZiR9IFc06HobxM
3oOwf5cL7EtDFebQurW3korlylzxUrE9S7T0keSoR+ObFw/KUXJAEBwdb/7Zog0M
xo0ffGuY1E0tNki8HGKz+k/PLK9svR0nCARJdhwG5stO3yF9X+0s3pH2ekw7BlU8
kBrRP0ROIzGbWkFGr4eifLu/32Tx6DK4gpk+YYUXh5tMMP0WR/BJ7VDZccJdBU1K
+Cf0c+hJI5+eptBJfL9IkYJ9zBtJ2zFl5ypxw/iXCjp8zcEGDxolohpEJqxu43HU
Q78Kb4dVQNwVwbXgDGcKIdvErwRStF+AQef8etnprFf8WUdiaA7KU4lVi4CsMK/I
TZ5s4U9/7c7QUcj30QbKzL7Aohf7nK73klOjgOP+Km9SFviDUFM+8k6G9npvPglN
VnOkr8mnspchNITwcuRB3UrLYZ0oq7xYG3d+22jho8aojsAUjyoNBvYejFt5p8mG
pTtgjup9FRzpomhStygqFnLbeHXL161Qf44Rqdn0mvuVB/G6No/+FzTrswCv1cbw
h6U5mnqsnLo0noPHMNXX0fHvtNAYtVQZlcOV5aJmOd8vxPOu/gKEucKboBgncVlu
VlSPm//Xy9F417ytCFeGiWUr/uJiv5WQOQIDAQABo4HWMIHTMB0GA1UdDgQWBBSZ
RRhVot5aHdWkdiW0wz1Wcf2dPjAfBgNVHSMEGDAWgBQ3PhtJPK5xciE+D1epcrk2
fQDuvjAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIBhjAzBgNVHR8ELDAq
MCigJqAkhiJodHRwOi8vd3d3MS5leGFtcGxlLmNvbS9SQ0FjcmwuY3JsMDsGCCsG
AQUFBwEBBC8wLTArBggrBgEFBQcwAoYfaHR0cDovL3d3dzEuZXhhbXBsZS5jb20v
UkNBLmNydDANBgkqhkiG9w0BAQsFAAOCAgEAWdwhU71A+t+mtp12Ud0JUhNqNDRV
MeUNdiss6+PD3KOGHTht/MZDjhiyEbLt6nJl4Oh9QZ31vnHR6MzV9Ydr5cLXV7Aj
6GGUP2PbfIYIrodalcZaYL1Brj6ZOl6q0ax8hmcLpCujSQrQLy83ojB/SciW9JKW
uA/rb+Nl3oLzJ4dz0B+5qkdln6AJ/puR1krcdm4lP1JM1msICoQmbm9lge8LcTRP
CmKGZplZCv2H6EKnrC3c7EqyJmt9dNqV+uraE7eu9cYIyoY9w+gx68iv8NgaMYgy
iiJ6JwREbK9si7vL8BX+oVlRyQxsRroqJtMKydhjFJetZwP3ChOPKG4Sq2RWVX5S
RDzMSo5FYVbOC/4WcKQ4bcRbFFwkPWZX4GcURGSpTNato++oqgoCwUELCWoPLqle
jMwmHg1YGi6OioM8VzJeX/TUTspXMtw2UlIP1QGqi++l+kHQ7ZZVwObCTIulMb5X
StqJYmaaAgDBdMhasGtOA4EMNHao3ifvAw5Rc68M3R4KX+IUGno2ug5h3JBIqTjp
9FpLx4cbn+UzhN+9LZ0VUUoR+J87vqRbz1+PAi8F62PWFy7GSe564F4ml3UOXFl9
oidawqJMPQw9zh00lVE5R79TLQvMjUlPaOtfzmzxFUYXMvU8/9rXBm/Grs4Xngli
BzpVwsQgvtHowig=
-----END CERTIFICATE-----
---
Server certificate
subject=C = JP, ST = Tokyo, O = CA, CN = *.example.com
issuer=C = JP, ST = Tokyo, O = CA, CN = SCA01
---
No client certificate CA names sent
Peer signing digest: SHA256
Peer signature type: RSA-PSS
Server Temp Key: X25519, 253 bits
---
SSL handshake has read 3411 bytes and written 402 bytes
Verification error: unable to get local issuer certificate
---
New, TLSv1.3, Cipher is TLS_AES_256_GCM_SHA384
Server public key is 2048 bit
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
Early data was not sent
Verify return code: 20 (unable to get local issuer certificate)
---
---
Post-Handshake New Session Ticket arrived:
SSL-Session:
Protocol : TLSv1.3
Cipher : TLS_AES_256_GCM_SHA384
Session-ID: 7CCC1AE5343957964C9CF9E007A8755D488C8C9BF26F0E53B54B8E455DD07B34
Session-ID-ctx:
Resumption PSK: C61050CA4853E39F88DB182E706D814326C4C178A65563079B18E327E924A9F48CBA5F55E641B795338478B47E148D1D
PSK identity: None
PSK identity hint: None
SRP username: None
TLS session ticket lifetime hint: 300 (seconds)
TLS session ticket:
0000 - d5 b1 53 57 f5 a1 93 f3-2f 91 bb f2 d7 ac 70 9b ..SW..../.....p.
0010 - 13 fa e5 f6 b7 59 72 e1-c0 a0 47 2d c4 3f 05 d2 .....Yr...G-.?..
0020 - 70 1f 71 74 04 58 22 95-dd 4a d0 72 fb 5e 87 fd p.qt.X"..J.r.^..
0030 - e6 3a 45 80 08 45 ba 85-cd e7 a0 94 ca 68 85 f6 .:E..E.......h..
0040 - 19 04 30 c7 25 81 49 0a-f5 02 09 08 65 00 46 ea ..0.%.I.....e.F.
0050 - 82 5c 2b 79 b8 a0 3f 09-97 31 db d0 e8 bf bd 6d .\+y..?..1.....m
0060 - c3 76 cb 11 69 0a 53 81-7c 09 08 8f 35 27 4a 12 .v..i.S.|...5'J.
0070 - 37 c1 78 4b c5 63 db 4b-03 ed d8 6a 0d 41 47 e6 7.xK.c.K...j.AG.
0080 - 44 0c df 0f 58 7d 12 7e-b5 5a 68 bc 16 bb 36 71 D...X}.~.Zh...6q
0090 - fe f3 80 9a d3 f7 89 37-26 d5 5d 47 23 24 a0 7a .......7&.]G#$.z
00a0 - 2b c8 17 49 ba 87 87 19-38 a8 46 73 3e 5b 25 32 +..I....8.Fs>[%2
00b0 - d7 6c 2c 25 26 4f b4 60-37 af 96 3b 24 e6 49 bf .l,%&O.`7..;$.I.
00c0 - 1b fa 99 b9 78 19 0e 9c-63 b9 57 16 c5 c5 91 93 ....x...c.W.....
00d0 - d2 a8 e0 ab bc d3 27 af-f3 e8 0a b8 6d 23 ba 76 ......'.....m#.v
Start Time: 1656361261
Timeout : 7200 (sec)
Verify return code: 20 (unable to get local issuer certificate)
Extended master secret: no
Max Early Data: 0
---
read R BLOCK
---
Post-Handshake New Session Ticket arrived:
SSL-Session:
Protocol : TLSv1.3
Cipher : TLS_AES_256_GCM_SHA384
Session-ID: 21E0B3BF719EE05469583A317F4FC290229033678C53B7CA6EFDE67B6964C2E7
Session-ID-ctx:
Resumption PSK: B0CB7D04EBA1FCD379B9362AC23D6442067CA36C63ACDC12EAB71DC2AC359DDBF95F3BAC77006D58F1E7A0130B815378
PSK identity: None
PSK identity hint: None
SRP username: None
TLS session ticket lifetime hint: 300 (seconds)
TLS session ticket:
0000 - d5 b1 53 57 f5 a1 93 f3-2f 91 bb f2 d7 ac 70 9b ..SW..../.....p.
0010 - fb 16 39 98 c0 6b 7e 9f-fc 0a 17 70 36 ae 1a cb ..9..k~....p6...
0020 - 9c ac 5f 44 ce 15 0c d0-06 65 a1 58 b3 d3 20 e5 .._D.....e.X.. .
0030 - 13 d7 c5 7f 02 54 5e 22-74 ae 81 19 78 11 9c 6b .....T^"t...x..k
0040 - dc a4 0a 19 d8 28 c1 cc-0a 86 83 54 03 e2 fb 87 .....(.....T....
0050 - 3a 69 f7 65 10 ae 72 0d-77 84 c6 d6 86 55 67 84 :i.e..r.w....Ug.
0060 - 8d 2e 01 89 0e 64 62 4a-c3 25 9c b4 41 32 75 0e .....dbJ.%..A2u.
0070 - fa 0b 69 66 b1 ee c1 0a-8d ec ac 41 c4 e9 30 a6 ..if.......A..0.
0080 - de 02 ea 2f c7 88 f9 5e-a5 54 89 cd 20 c2 35 53 .../...^.T.. .5S
0090 - 34 83 39 53 27 e6 b0 a2-51 75 6a f3 df ae 07 79 4.9S'...Quj....y
00a0 - fa 16 d2 1f 90 eb 03 59-dc c8 5e fe 01 73 ba 84 .......Y..^..s..
00b0 - 9c 27 c0 28 ff b3 8a 53-96 95 a5 fe 44 d1 61 d1 .'.(...S....D.a.
00c0 - eb fb a8 fa 45 98 ac f2-81 ce 72 a5 5e ba 8c ce ....E.....r.^...
00d0 - c4 b4 e7 71 1f 14 ae 8a-d1 31 bf 52 5b a5 15 25 ...q.....1.R[..%
Start Time: 1656361261
Timeout : 7200 (sec)
Verify return code: 20 (unable to get local issuer certificate)
Extended master secret: no
Max Early Data: 0
---
read R BLOCK
OpenSSL:/docs/man1.1.1/man1/openssl-s_client.htmlhttps://www.openssl.org
鍵ペア生成
RSA-2048、RSA-3072、RSA-4096、prime256v1、secp256k1、secp384r1
openssl genrsa 2048 > cert2048.key
openssl genrsa 3072 > cert3072.key
openssl genrsa 4096 > cert4096.key
openssl ecparam -name prime256v1 -genkey -out certprime256v1.key
openssl ecparam -name secp256k1 -genkey -out certecc256.key
openssl ecparam -name secp384r1 -genkey -out certecc384.key
OpenSSL:https://www.openssl.org/docs/man1.1.1/man1/openssl-genrsa.html
OpenSSL:https://www.openssl.org/docs/man1.1.1/man1/ecparam.html
鍵ペア表示
openssl rsa -noout -text -in cert2048.key
openssl rsa -noout -text -in cert3072.key
openssl rsa -noout -text -in cert4096.key
openssl ec -text -in certprime256v1.key
openssl ec -text -in certecc256.key
openssl ec -text -in certecc384.key
OpenSSL:https://www.openssl.org/docs/man1.1.1/man1/rsa.html
OpenSSL:https://www.openssl.org/docs/man1.1.1/man1/ec.html
RSA鍵ペア表示コマンド結果
名称 | 説明 | 種別 |
---|---|---|
modulus | モジュラスn(n=pq) | Public Key(公開鍵) |
publicExponent | 公開指数e=65537 | Public Key(公開鍵) |
privateExponent | 非公開指数d=e^(-1) mod (p-1)(q-1) | Private Key(秘密鍵) |
prime1 | nの素因数p | Private Key(秘密鍵) |
prime2 | nの素因数q | Private Key(秘密鍵) |
exponent1 | d mod (p-1) | – |
exponent2 | d mod (q-1) | – |
coefficient | 中国剰余定理の係数 q^(-1) mod p | – |
コマンド結果
RSA Private-Key: (2048 bit, 2 primes)
modulus:
00:e5:0f:0f:87:93:b3:65:7e:9f:83:4a:72:8a:62:
38:a8:7f:72:1b:e4:04:77:d3:e9:b1:42:91:47:7f:
7b:1c:0d:5a:e4:4c:1e:55:c3:8e:7b:87:63:92:6e:
54:14:a8:25:81:c0:9c:4d:9b:8b:cb:cb:85:c6:e4:
71:0d:7a:72:c5:2a:ee:7a:c9:a9:2e:d0:27:71:5e:
8e:5d:1b:52:89:7b:ab:3c:b6:4d:71:f1:55:50:5c:
5f:77:a0:a7:9c:80:44:58:de:74:ac:0a:fe:f7:55:
11:d9:77:29:6c:78:d5:06:a3:55:8e:f1:26:10:93:
ea:76:05:28:8b:91:75:fc:3c:1c:23:1a:7c:af:9a:
94:fa:c9:aa:c8:39:53:0c:8d:af:76:8e:56:b7:67:
34:1d:cf:d3:ec:1a:b1:39:47:37:4c:2f:27:67:a7:
84:b7:89:0b:25:c2:54:39:e6:bd:1b:25:87:8a:1a:
ac:ea:2a:92:6e:cf:0a:9e:0b:dc:3e:ee:1b:73:bd:
aa:9b:78:ec:b3:c6:18:d2:b3:0e:a7:6f:d0:a4:6a:
15:b0:a3:1c:0a:b3:0c:be:f0:74:fc:cc:22:98:44:
a0:e7:33:0d:14:f6:03:af:b7:68:76:6a:81:cc:51:
28:1a:89:5e:e9:a5:0b:64:ab:85:e7:32:30:64:8b:
85:d1
publicExponent: 65537 (0x10001)
privateExponent:
4b:0b:1f:1c:5c:e0:76:4d:00:b7:83:c9:78:da:eb:
13:11:05:f2:6b:46:a7:77:6e:e5:9b:18:7b:a3:21:
53:34:70:e5:c0:a6:63:94:b8:f6:71:89:c6:ac:8c:
b1:63:d1:3d:ec:3b:89:15:7f:bc:59:c6:4f:3e:02:
67:d7:09:08:dd:a2:d9:e9:7d:9b:0f:a9:0c:74:5d:
11:d5:e4:b9:94:21:aa:b7:53:32:14:4d:ce:11:25:
59:cc:f1:7c:cd:6d:16:ec:72:ae:f6:bf:47:8a:c0:
59:4d:b7:ed:88:bc:c9:fa:f3:09:ec:a9:7a:de:ea:
fe:95:7c:0e:15:ae:e0:de:b5:ee:6b:17:07:d8:87:
cf:ce:49:6a:ee:02:6a:7f:e0:78:53:3d:b3:5b:20:
b7:18:58:7b:45:2e:a1:b7:dc:cc:bf:81:92:c9:90:
1c:44:ae:13:b0:03:21:ae:5a:64:d3:28:39:60:aa:
92:01:e7:ac:64:6c:83:49:92:0c:03:c5:b7:f9:bf:
d3:ec:6a:74:05:52:f6:de:8c:f5:f0:55:ea:79:69:
1b:ea:14:8a:63:42:ec:ee:f6:5f:0a:ec:5f:7d:ff:
82:f0:88:01:a6:96:4e:0c:73:fe:ae:8a:5c:9b:16:
a7:52:18:4f:9f:75:98:60:52:f9:95:ab:43:cf:d5:
91
prime1:
00:f5:30:2f:64:80:d1:5d:a0:9d:36:51:ea:b6:36:
09:33:d4:29:d6:33:55:f1:88:1e:c3:58:34:26:8a:
90:c1:ac:d9:05:35:18:39:9f:b4:17:0d:85:f3:dd:
75:1d:02:27:14:2a:76:8f:99:07:48:f6:a5:46:28:
32:c4:2d:5c:0a:b0:17:8d:d2:4e:cc:7c:6f:4f:44:
37:b1:92:4b:ac:1e:11:1d:a7:3a:0a:30:d6:8d:9b:
6e:f5:60:ad:80:59:ee:27:6e:43:a7:16:74:77:ea:
6f:78:48:f8:b9:97:a3:6a:21:63:d3:b6:07:ec:c3:
90:a7:68:79:c1:d5:31:a3:3d
prime2:
00:ef:28:cc:63:21:c2:63:6d:82:fd:65:58:ef:13:
c0:37:c4:11:16:86:52:ab:4d:63:b6:87:07:14:b7:
87:a7:c0:68:49:df:ba:87:0e:61:1d:ea:97:e3:56:
ed:fb:63:ef:8b:d8:63:1f:5f:21:3d:72:88:c8:8d:
ab:57:5c:76:22:08:27:37:b9:50:df:0d:2b:78:95:
b3:7c:ca:c6:06:16:65:e6:01:56:15:32:21:4d:06:
14:c1:ac:ea:6d:fd:e0:97:57:25:0a:78:78:cb:84:
01:51:40:e2:74:56:55:04:fe:77:a3:6e:c1:3e:71:
26:c0:91:b7:d6:67:71:86:25
exponent1:
00:c6:a4:cb:40:b9:bc:e6:06:02:58:c7:f5:48:ba:
6e:aa:36:f1:ce:40:b9:18:7e:17:ae:5b:ff:a4:5a:
0e:fd:5a:74:58:eb:b3:3c:bc:4e:c3:7e:89:50:11:
d3:98:34:ee:44:40:42:de:04:35:0a:c0:09:16:d5:
ea:8b:55:d4:84:34:36:61:08:4a:1f:11:91:7c:be:
e0:00:55:6e:49:7b:f2:91:fb:b1:e2:1f:bf:33:eb:
01:f2:7a:e9:16:5b:c5:be:dc:6e:a3:28:66:23:e1:
23:7e:68:60:5a:bc:a8:00:8c:1c:bc:a1:75:ba:34:
97:35:8a:47:5a:ea:c6:d4:61
exponent2:
00:c1:e4:f4:d7:c6:0e:00:68:4f:d3:ba:b0:00:9c:
a5:b1:50:8f:7e:10:86:c3:85:29:bb:58:fb:bf:ab:
10:1b:4b:de:01:4e:96:be:5a:45:18:69:12:9d:68:
e3:e6:75:5e:47:a5:b6:af:3f:84:06:7a:6e:35:12:
ce:80:34:61:3e:34:17:ff:90:89:e5:5c:9b:0a:d7:
6b:be:57:f3:76:0a:00:b1:1a:12:3d:7a:f8:0e:a7:
48:7a:c1:03:0b:0b:d2:63:40:6e:b2:6f:7b:97:9c:
3d:29:30:0e:a8:bd:39:8e:a3:f4:41:17:51:2a:9b:
b8:0c:55:d7:92:c7:28:fd:d5
coefficient:
3d:32:54:78:96:48:42:bc:22:10:cb:ae:68:c2:82:
e9:20:85:b0:0c:a7:f5:5e:f6:69:b7:98:27:81:da:
41:83:f4:6e:56:06:79:0f:5d:3a:d6:d0:eb:9a:a4:
95:49:9a:e2:04:a3:6e:09:c7:2b:d7:93:b7:ac:d8:
0d:d0:51:9b:7a:6a:3a:6a:50:8f:09:36:30:c4:46:
d4:2c:25:0c:89:37:14:41:3b:06:32:e3:35:de:b4:
b9:d3:94:10:ac:26:f3:9f:32:79:32:14:a0:2c:53:
3b:5e:e7:d7:bd:11:4b:72:93:2e:42:dd:6a:a9:45:
e9:52:95:ae:d8:47:57:9b
CSR生成
openssl req -new -key cert2048.key -sha256 -out cert2048.csr
openssl req -new -key cert3072.key -sha256 -out cert3072.csr
openssl req -new -key cert4096.key -sha256 -out cert4096.csr
openssl req -new -key certecc256.key -sha256 -out certecc256.csr
openssl req -new -key certecc384.key -sha256 -out certecc384.csr
OpenSSL:/docs/man1.1.1/man1/req.htmlhttps://www.openssl.org
CSR表示
openssl req -text -noout -in cert2048.csr
openssl req -text -noout -in cert3072.csr
openssl req -text -noout -in cert4096.csr
openssl req -text -noout -in certecc256.csr
openssl req -text -noout -in certecc384.csr
自己署名証明書の発行
有効期間:10年(365日×10年+2日[うるう年])
openssl x509 -days 3652 -in cert2048.csr -req -signkey cert2048.key -out cert2048.cer
openssl x509 -days 3652 -in cert3072.csr -req -signkey cert3072.key -out cert3072.cer
openssl x509 -days 3652 -in cert4096.csr -req -signkey cert4096.key -out cert4096.cer
openssl x509 -days 3652 -in certecc256.csr -req -signkey certecc256.key -out certecc256.cer
openssl x509 -days 3652 -in certecc384.csr -req -signkey certecc384.key -out certecc384.cer
CRL表示
openssl crl -inform der -in fullcrl.crl -text -noout
OpenSSL:/docs/man1.1.1/man1/crl.htmlhttps://www.openssl.org
P12ファイル生成
openssl pkcs12 -export -in cert2048.cer -inkey cert2048.key -out cert2048.p12
OpenSSL:/docs/man1.1.1/man1/pkcs12.htmlhttps://www.openssl.org
P12ファイル生成(中間CA証明書を含む)
SubordinateCA.cer…中間CA証明書
openssl pkcs12 -export -in cert2048.cer -inkey cert2048.key -certfile SubordinateCA.cer -out cert2048.p12
P12ファイルから秘密鍵、証明書、中間CA証明書を抽出
#証明書と中間CA証明書を抽出(出力ファイルをテキストファイルで開くと階層を表示することが可能)
openssl pkcs12 -in cert2048.p12 -nokeys -out cert2048-allout.cer
#証明書のみを抽出
openssl pkcs12 -in cert2048.p12 -clcerts -nokeys -out cert2048-out.cer
#中間CA証明書のみを抽出
openssl pkcs12 -in cert2048.p12 -cacerts -nokeys -out SubordinateCA-out.cer
#秘密鍵のみを抽出
openssl pkcs12 -in cert2048.p12 -nocerts -nodes -out cert2048-out.key
証明書検証
RootAndSubordinateCA.cer…ルート証明書と中間CA証明書が結合されたPEMファイル
#証明書検証
openssl verify -CAfile RootAndSubordinateCA.cer cert2048.cer
OpenSSL:/docs/man1.1.1/man1/openssl-verify.htmlhttps://www.openssl.org
OCSPレスポンダーへの問い合わせ
Openssl:https://www.openssl.org/docs/man1.1.1/man1/ocsp.html
【参考】
OCSP Status Checker
PEMファイルを貼り付けるとOCSPの結果が表示される。
OCSP モデルについての説明
https://www.ipa.go.jp/security/pki/043.html
証明書ファイルから問い合わせ
openssl ocsp -sha1 -no_nonce -CAfile [ルート証明書PEMファイル名.cer] -issuer [中間CA証明書PEMファイル名.cer] -cert [TLSサーバー証明書PEMファイル名.cer] -url [HTTPから始まるOCSPレスポンダーURL]
「-sha1」を「-sha256」に変更すると、Certificate IDのHash AlgorithmがSHA256になる。
実行結果
OCSP Request Data:
Version: 1 (0x0)
Requestor List:
Certificate ID:
Hash Algorithm: sha1
Issuer Name Hash: 793C84590DB75B740B4C302271956226A68E3487
Issuer Key Hash: 99451855A2DE5A1DD5A47625B4C33D5671FD9D3E
Serial Number: 73FF7B6E99E146F8674BDB72C65319E5F43A4085
OCSP Response Data:
OCSP Response Status: successful (0x0)
Response Type: Basic OCSP Response
Version: 1 (0x0)
Responder Id: C = JP, ST = Tokyo, O = CA, CN = SCA01
Produced At: Jun 9 22:50:29 2022 GMT
Responses:
Certificate ID:
Hash Algorithm: sha1
Issuer Name Hash: 793C84590DB75B740B4C302271956226A68E3487
Issuer Key Hash: 99451855A2DE5A1DD5A47625B4C33D5671FD9D3E
Serial Number: 73FF7B6E99E146F8674BDB72C65319E5F43A4085
Cert Status: revoked
Revocation Time: May 27 23:26:27 2022 GMT
Revocation Reason: superseded (0x4)
This Update: Jun 9 22:50:29 2022 GMT
Next Update: Jun 16 22:50:29 2022 GMT
Signature Algorithm: sha256WithRSAEncryption
83:c4:0a:b7:24:c9:68:d9:21:02:bc:db:b1:25:6b:1d:d3:61:
17:b0:cd:41:a0:39:b9:47:83:f2:f1:24:44:26:17:2e:24:9e:
23:82:8b:11:84:65:87:45:3b:da:ce:a5:bf:bf:f0:fc:82:05:
0e:c8:3d:c9:7a:9a:34:33:f7:86:1e:a2:88:07:72:ec:6f:f9:
46:6d:43:07:c3:56:4c:6d:e3:ed:a3:20:9d:d5:68:b7:5f:6f:
15:59:46:95:aa:72:a5:75:9d:40:6c:f8:6a:8d:7c:82:27:72:
3b:c4:97:81:6a:ce:23:fa:b1:7b:ec:91:ae:5e:4a:77:9f:37:
e2:35:19:7f:cf:6f:4f:56:ba:0e:2d:3b:c1:21:ff:8d:bb:c5:
a9:9b:f2:69:61:45:1b:6e:b9:f0:59:33:98:95:cc:e4:cc:97:
a6:e0:42:02:55:0d:1a:eb:de:ec:ff:f5:fc:c2:4e:e3:b0:ed:
78:1f:55:1f:3d:92:58:76:ff:79:a9:26:97:d3:de:17:ad:ef:
c9:bd:1b:e5:3d:80:fe:1a:14:48:07:af:ac:f0:97:ca:20:6c:
87:21:16:53:cd:57:84:89:cc:67:07:40:dc:dd:b3:7e:56:ce:
5d:65:f4:d5:ea:7f:17:51:5a:fe:96:34:2c:4e:35:1d:c2:8a:
6d:e4:ba:a7:b3:a7:d1:d5:84:f3:4e:6d:96:67:0d:5f:ae:a5:
e7:f5:89:26:a2:8d:cc:fb:58:da:04:60:44:61:9a:12:74:09:
bd:f7:60:e4:42:fb:96:df:3f:d6:2f:e4:b4:79:97:95:01:44:
3c:1a:22:a8:d5:dd:54:54:13:cc:a2:b7:07:48:dc:d9:91:12:
51:ea:6f:83:c4:6b:46:ea:ea:55:20:a4:a4:f4:63:ee:3e:de:
72:af:d7:d3:55:bd:f4:21:d2:86:ca:1b:cb:79:48:53:33:f1:
4c:19:c2:1d:5c:5f:bf:4b:5b:f4:5f:2d:fe:d4:20:03:c4:96:
7d:1d:44:66:63:59:c5:2c:78:35:c0:da:35:fc:06:49:59:8a:
ba:28:a0:33:6d:a9:eb:c3:c9:c0:10:aa:31:7a:bf:51:d7:c3:
81:3c:77:a0:25:b5:55:4a:40:44:06:5d:b7:7d:dc:31:58:93:
02:d6:1c:42:1b:67:8b:31:a2:6f:c6:45:5e:52:b3:35:aa:d7:
f1:06:23:4a:41:4b:09:17:91:1f:c6:16:c1:ea:5e:a4:00:a9:
68:98:16:96:d3:cd:03:21:bb:27:83:ea:b2:8e:77:a9:4d:e5:
16:89:8b:f0:65:2a:96:af:cf:1f:fe:a9:b6:7b:71:38:0f:50:
6d:f5:a0:46:ce:6e:fa:bf
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
43:5a:5a:dc:0f:03:a5:dc:3a:54:30:1f:14:39:c5:de:e9:18:c3:2d
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=JP, ST=Tokyo, O=CA, CN=RCA
Validity
Not Before: May 27 01:57:18 2022 GMT
Not After : May 23 01:57:18 2037 GMT
Subject: C=JP, ST=Tokyo, O=CA, CN=SCA01
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (4096 bit)
Modulus:
00:ce:c0:ea:15:84:2f:f1:90:db:52:2d:2b:19:56:
9e:ef:bd:bb:e9:54:18:17:9e:f9:de:57:d5:2d:48:
21:64:4f:cd:0f:62:c2:45:81:52:fb:22:71:84:39:
e6:62:47:d2:05:73:4e:87:a1:bc:4c:de:83:b0:7f:
97:0b:ec:4b:43:15:e6:d0:ba:b5:b7:92:8a:e5:ca:
5c:f1:52:b1:3d:4b:b4:f4:91:e4:a8:47:e3:9b:17:
0f:ca:51:72:40:10:1c:1d:6f:fe:d9:a2:0d:0c:c6:
8d:1f:7c:6b:98:d4:4d:2d:36:48:bc:1c:62:b3:fa:
4f:cf:2c:af:6c:bd:1d:27:08:04:49:76:1c:06:e6:
cb:4e:df:21:7d:5f:ed:2c:de:91:f6:7a:4c:3b:06:
55:3c:90:1a:d1:3f:44:4e:23:31:9b:5a:41:46:af:
87:a2:7c:bb:bf:df:64:f1:e8:32:b8:82:99:3e:61:
85:17:87:9b:4c:30:fd:16:47:f0:49:ed:50:d9:71:
c2:5d:05:4d:4a:f8:27:f4:73:e8:49:23:9f:9e:a6:
d0:49:7c:bf:48:91:82:7d:cc:1b:49:db:31:65:e7:
2a:71:c3:f8:97:0a:3a:7c:cd:c1:06:0f:1a:25:a2:
1a:44:26:ac:6e:e3:71:d4:43:bf:0a:6f:87:55:40:
dc:15:c1:b5:e0:0c:67:0a:21:db:c4:af:04:52:b4:
5f:80:41:e7:fc:7a:d9:e9:ac:57:fc:59:47:62:68:
0e:ca:53:89:55:8b:80:ac:30:af:c8:4d:9e:6c:e1:
4f:7f:ed:ce:d0:51:c8:f7:d1:06:ca:cc:be:c0:a2:
17:fb:9c:ae:f7:92:53:a3:80:e3:fe:2a:6f:52:16:
f8:83:50:53:3e:f2:4e:86:f6:7a:6f:3e:09:4d:56:
73:a4:af:c9:a7:b2:97:21:34:84:f0:72:e4:41:dd:
4a:cb:61:9d:28:ab:bc:58:1b:77:7e:db:68:e1:a3:
c6:a8:8e:c0:14:8f:2a:0d:06:f6:1e:8c:5b:79:a7:
c9:86:a5:3b:60:8e:ea:7d:15:1c:e9:a2:68:52:b7:
28:2a:16:72:db:78:75:cb:d7:ad:50:7f:8e:11:a9:
d9:f4:9a:fb:95:07:f1:ba:36:8f:fe:17:34:eb:b3:
00:af:d5:c6:f0:87:a5:39:9a:7a:ac:9c:ba:34:9e:
83:c7:30:d5:d7:d1:f1:ef:b4:d0:18:b5:54:19:95:
c3:95:e5:a2:66:39:df:2f:c4:f3:ae:fe:02:84:b9:
c2:9b:a0:18:27:71:59:6e:56:54:8f:9b:ff:d7:cb:
d1:78:d7:bc:ad:08:57:86:89:65:2b:fe:e2:62:bf:
95:90:39
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
99:45:18:55:A2:DE:5A:1D:D5:A4:76:25:B4:C3:3D:56:71:FD:9D:3E
X509v3 Authority Key Identifier:
keyid:37:3E:1B:49:3C:AE:71:72:21:3E:0F:57:A9:72:B9:36:7D:00:EE:BE
X509v3 Basic Constraints: critical
CA:TRUE
X509v3 Key Usage: critical
Digital Signature, Certificate Sign, CRL Sign
X509v3 CRL Distribution Points:
Full Name:
URI:http://www1.example.com/RCAcrl.crl
Authority Information Access:
CA Issuers - URI:http://www1.example.com/RCA.crt
Signature Algorithm: sha256WithRSAEncryption
59:dc:21:53:bd:40:fa:df:a6:b6:9d:76:51:dd:09:52:13:6a:
34:34:55:31:e5:0d:76:2b:2c:eb:e3:c3:dc:a3:86:1d:38:6d:
fc:c6:43:8e:18:b2:11:b2:ed:ea:72:65:e0:e8:7d:41:9d:f5:
be:71:d1:e8:cc:d5:f5:87:6b:e5:c2:d7:57:b0:23:e8:61:94:
3f:63:db:7c:86:08:ae:87:5a:95:c6:5a:60:bd:41:ae:3e:99:
3a:5e:aa:d1:ac:7c:86:67:0b:a4:2b:a3:49:0a:d0:2f:2f:37:
a2:30:7f:49:c8:96:f4:92:96:b8:0f:eb:6f:e3:65:de:82:f3:
27:87:73:d0:1f:b9:aa:47:65:9f:a0:09:fe:9b:91:d6:4a:dc:
76:6e:25:3f:52:4c:d6:6b:08:0a:84:26:6e:6f:65:81:ef:0b:
71:34:4f:0a:62:86:66:99:59:0a:fd:87:e8:42:a7:ac:2d:dc:
ec:4a:b2:26:6b:7d:74:da:95:fa:ea:da:13:b7:ae:f5:c6:08:
ca:86:3d:c3:e8:31:eb:c8:af:f0:d8:1a:31:88:32:8a:22:7a:
27:04:44:6c:af:6c:8b:bb:cb:f0:15:fe:a1:59:51:c9:0c:6c:
46:ba:2a:26:d3:0a:c9:d8:63:14:97:ad:67:03:f7:0a:13:8f:
28:6e:12:ab:64:56:55:7e:52:44:3c:cc:4a:8e:45:61:56:ce:
0b:fe:16:70:a4:38:6d:c4:5b:14:5c:24:3d:66:57:e0:67:14:
44:64:a9:4c:d6:ad:a3:ef:a8:aa:0a:02:c1:41:0b:09:6a:0f:
2e:a9:5e:8c:cc:26:1e:0d:58:1a:2e:8e:8a:83:3c:57:32:5e:
5f:f4:d4:4e:ca:57:32:dc:36:52:52:0f:d5:01:aa:8b:ef:a5:
fa:41:d0:ed:96:55:c0:e6:c2:4c:8b:a5:31:be:57:4a:da:89:
62:66:9a:02:00:c1:74:c8:5a:b0:6b:4e:03:81:0c:34:76:a8:
de:27:ef:03:0e:51:73:af:0c:dd:1e:0a:5f:e2:14:1a:7a:36:
ba:0e:61:dc:90:48:a9:38:e9:f4:5a:4b:c7:87:1b:9f:e5:33:
84:df:bd:2d:9d:15:51:4a:11:f8:9f:3b:be:a4:5b:cf:5f:8f:
02:2f:05:eb:63:d6:17:2e:c6:49:ee:7a:e0:5e:26:97:75:0e:
5c:59:7d:a2:27:5a:c2:a2:4c:3d:0c:3d:ce:1d:34:95:51:39:
47:bf:53:2d:0b:cc:8d:49:4f:68:eb:5f:ce:6c:f1:15:46:17:
32:f5:3c:ff:da:d7:06:6f:c6:ae:ce:17:9e:09:62:07:3a:55:
c2:c4:20:be:d1:e8:c2:28
-----BEGIN CERTIFICATE-----
MIIF1zCCA7+gAwIBAgIUQ1pa3A8Dpdw6VDAfFDnF3ukYwy0wDQYJKoZIhvcNAQEL
BQAwODELMAkGA1UEBhMCSlAxDjAMBgNVBAgMBVRva3lvMQswCQYDVQQKDAJDQTEM
MAoGA1UEAwwDUkNBMB4XDTIyMDUyNzAxNTcxOFoXDTM3MDUyMzAxNTcxOFowOjEL
MAkGA1UEBhMCSlAxDjAMBgNVBAgMBVRva3lvMQswCQYDVQQKDAJDQTEOMAwGA1UE
AwwFU0NBMDEwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQDOwOoVhC/x
kNtSLSsZVp7vvbvpVBgXnvneV9UtSCFkT80PYsJFgVL7InGEOeZiR9IFc06HobxM
3oOwf5cL7EtDFebQurW3korlylzxUrE9S7T0keSoR+ObFw/KUXJAEBwdb/7Zog0M
xo0ffGuY1E0tNki8HGKz+k/PLK9svR0nCARJdhwG5stO3yF9X+0s3pH2ekw7BlU8
kBrRP0ROIzGbWkFGr4eifLu/32Tx6DK4gpk+YYUXh5tMMP0WR/BJ7VDZccJdBU1K
+Cf0c+hJI5+eptBJfL9IkYJ9zBtJ2zFl5ypxw/iXCjp8zcEGDxolohpEJqxu43HU
Q78Kb4dVQNwVwbXgDGcKIdvErwRStF+AQef8etnprFf8WUdiaA7KU4lVi4CsMK/I
TZ5s4U9/7c7QUcj30QbKzL7Aohf7nK73klOjgOP+Km9SFviDUFM+8k6G9npvPglN
VnOkr8mnspchNITwcuRB3UrLYZ0oq7xYG3d+22jho8aojsAUjyoNBvYejFt5p8mG
pTtgjup9FRzpomhStygqFnLbeHXL161Qf44Rqdn0mvuVB/G6No/+FzTrswCv1cbw
h6U5mnqsnLo0noPHMNXX0fHvtNAYtVQZlcOV5aJmOd8vxPOu/gKEucKboBgncVlu
VlSPm//Xy9F417ytCFeGiWUr/uJiv5WQOQIDAQABo4HWMIHTMB0GA1UdDgQWBBSZ
RRhVot5aHdWkdiW0wz1Wcf2dPjAfBgNVHSMEGDAWgBQ3PhtJPK5xciE+D1epcrk2
fQDuvjAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIBhjAzBgNVHR8ELDAq
MCigJqAkhiJodHRwOi8vd3d3MS5leGFtcGxlLmNvbS9SQ0FjcmwuY3JsMDsGCCsG
AQUFBwEBBC8wLTArBggrBgEFBQcwAoYfaHR0cDovL3d3dzEuZXhhbXBsZS5jb20v
UkNBLmNydDANBgkqhkiG9w0BAQsFAAOCAgEAWdwhU71A+t+mtp12Ud0JUhNqNDRV
MeUNdiss6+PD3KOGHTht/MZDjhiyEbLt6nJl4Oh9QZ31vnHR6MzV9Ydr5cLXV7Aj
6GGUP2PbfIYIrodalcZaYL1Brj6ZOl6q0ax8hmcLpCujSQrQLy83ojB/SciW9JKW
uA/rb+Nl3oLzJ4dz0B+5qkdln6AJ/puR1krcdm4lP1JM1msICoQmbm9lge8LcTRP
CmKGZplZCv2H6EKnrC3c7EqyJmt9dNqV+uraE7eu9cYIyoY9w+gx68iv8NgaMYgy
iiJ6JwREbK9si7vL8BX+oVlRyQxsRroqJtMKydhjFJetZwP3ChOPKG4Sq2RWVX5S
RDzMSo5FYVbOC/4WcKQ4bcRbFFwkPWZX4GcURGSpTNato++oqgoCwUELCWoPLqle
jMwmHg1YGi6OioM8VzJeX/TUTspXMtw2UlIP1QGqi++l+kHQ7ZZVwObCTIulMb5X
StqJYmaaAgDBdMhasGtOA4EMNHao3ifvAw5Rc68M3R4KX+IUGno2ug5h3JBIqTjp
9FpLx4cbn+UzhN+9LZ0VUUoR+J87vqRbz1+PAi8F62PWFy7GSe564F4ml3UOXFl9
oidawqJMPQw9zh00lVE5R79TLQvMjUlPaOtfzmzxFUYXMvU8/9rXBm/Grs4Xngli
BzpVwsQgvtHowig=
-----END CERTIFICATE-----
Response verify OK
0x73ff7b6e99e146f8674bdb72c65319e5f43a4085: revoked
This Update: Jun 9 22:50:29 2022 GMT
Next Update: Jun 16 22:50:29 2022 GMT
Reason: superseded
Revocation Time: May 27 23:26:27 2022 GMT
シリアルナンバーから問い合わせ
openssl ocsp -sha1 -no_nonce -CAfile [ルート証明書PEMファイル名.cer] -issuer [中間CA証明書PEMファイル名.cer] -serial [シリアルナンバー] -url [HTTPから始まるOCSPレスポンダーURL]
[シリアルナンバー]は、16進数表記の場合、以下のようになる。
0x73ff7b6e99e146f8674bdb72c65319e5f43a4085