OpenSSLコマンド使用方法(Windows/Linux)

インストール

OpenSSLインストール手順(Windows 11)を参考にインストール設定する。

コマンド

「C:\OpenSSL」をWorkフォルダーとする。

cd C:\OpenSSL

証明書読み込み(PEMファイル)

openssl x509 -text -in 証明書PEMファイル名.cer
コマンド結果
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            0d:ab:87:bf:37:6d:84:f3:8e:43:91:1b:25:3a:37:77
        Signature Algorithm: sha256WithRSAEncryption
        Issuer: C = US, O = Amazon, CN = Amazon RSA 2048 M01
        Validity
            Not Before: Feb 10 00:00:00 2023 GMT
            Not After : Jan  2 23:59:59 2024 GMT
        Subject: CN = qiita.com
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                Public-Key: (2048 bit)
                Modulus:
                    00:bc:6a:95:e7:31:dc:1c:5c:b7:0d:1c:b2:2b:9c:
                    97:f9:a5:28:6f:58:63:17:ea:68:ce:62:cb:95:83:
                    38:3e:09:83:83:fb:0a:48:53:9c:b3:01:e8:de:56:
                    e2:b6:d7:8d:14:cd:fc:1a:17:d5:35:88:c7:bf:ae:
                    56:b3:3d:50:83:89:88:e4:c9:42:3b:3f:3f:ff:a7:
                    83:16:6b:2b:45:07:be:ff:c9:90:fe:63:fa:ed:a1:
                    ed:19:be:36:c1:f4:f8:28:6d:c9:fb:7d:64:a3:9a:
                    32:a1:d3:63:3d:35:6e:d1:7a:72:6e:77:a2:84:d6:
                    c1:5f:ac:1a:0a:98:ea:2f:e8:2e:fb:cb:33:45:60:
                    35:e4:96:95:1a:d9:ca:35:1f:d9:32:40:33:34:03:
                    63:0f:b3:30:07:5e:57:83:46:a2:a0:8a:58:21:18:
                    4a:32:15:6a:62:a4:a5:5b:89:e9:54:f8:ec:b2:06:
                    f1:7f:ab:4e:86:2c:48:c0:22:9e:d3:51:60:fc:a4:
                    c3:e0:46:37:61:da:48:11:e1:2e:bf:cd:ae:1c:f8:
                    97:74:8f:26:75:64:65:dc:b9:bb:d0:93:d2:74:58:
                    a8:4e:fe:e1:af:f8:83:78:92:fe:68:ff:28:a3:d0:
                    81:77:47:a7:75:2c:a9:b6:46:ed:7e:5b:d7:1b:21:
                    bc:5b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Authority Key Identifier:
                81:B8:0E:63:8A:89:12:18:E5:FA:3B:3B:50:95:9F:E6:E5:90:13:85
            X509v3 Subject Key Identifier:
                D8:7D:CE:74:D2:F7:46:3F:03:58:A6:27:D7:40:BC:83:8C:FF:65:82
            X509v3 Subject Alternative Name:
                DNS:qiita.com, DNS:*.qiita.com
            X509v3 Key Usage: critical
                Digital Signature, Key Encipherment
            X509v3 Extended Key Usage:
                TLS Web Server Authentication, TLS Web Client Authentication
            X509v3 CRL Distribution Points:
                Full Name:
                  URI:http://crl.r2m01.amazontrust.com/r2m01.crl
            X509v3 Certificate Policies:
                Policy: 2.23.140.1.2.1
            Authority Information Access:
                OCSP - URI:http://ocsp.r2m01.amazontrust.com
                CA Issuers - URI:http://crt.r2m01.amazontrust.com/r2m01.cer
            X509v3 Basic Constraints: critical
                CA:FALSE
            CT Precertificate SCTs:
                Signed Certificate Timestamp:
                    Version   : v1 (0x0)
                    Log ID    : EE:CD:D0:64:D5:DB:1A:CE:C5:5C:B7:9D:B4:CD:13:A2:
                                32:87:46:7C:BC:EC:DE:C3:51:48:59:46:71:1F:B5:9B
                    Timestamp : Feb 10 01:54:34.710 2023 GMT
                    Extensions: none
                    Signature : ecdsa-with-SHA256
                                30:44:02:20:55:C4:F8:87:7E:DA:3C:D8:EF:2D:A6:7B:
                                13:8D:FE:06:FD:3C:EB:71:2E:C6:E2:D6:0E:26:81:67:
                                44:0D:2F:47:02:20:06:67:5D:AC:16:19:D6:2E:B4:15:
                                37:E6:33:FD:D6:88:48:E9:40:3B:D2:76:6F:F6:C8:6B:
                                C9:AB:9D:78:E1:CD
                Signed Certificate Timestamp:
                    Version   : v1 (0x0)
                    Log ID    : 73:D9:9E:89:1B:4C:96:78:A0:20:7D:47:9D:E6:B2:C6:
                                1C:D0:51:5E:71:19:2A:8C:6B:80:10:7A:C1:77:72:B5
                    Timestamp : Feb 10 01:54:34.810 2023 GMT
                    Extensions: none
                    Signature : ecdsa-with-SHA256
                                30:44:02:20:68:F0:B9:CC:EC:03:A6:15:06:07:2D:74:
                                55:7E:76:2D:28:13:39:D9:52:A6:4A:61:CD:22:3B:0D:
                                F7:91:17:5A:02:20:24:C1:DD:02:0A:62:0B:AE:02:63:
                                11:A2:69:CF:6E:AA:A8:50:52:F6:B9:CC:F3:0B:F5:9B:
                                95:A2:6F:3B:B5:AA
                Signed Certificate Timestamp:
                    Version   : v1 (0x0)
                    Log ID    : 48:B0:E3:6B:DA:A6:47:34:0F:E5:6A:02:FA:9D:30:EB:
                                1C:52:01:CB:56:DD:2C:81:D9:BB:BF:AB:39:D8:84:73
                    Timestamp : Feb 10 01:54:34.763 2023 GMT
                    Extensions: none
                    Signature : ecdsa-with-SHA256
                                30:45:02:21:00:9E:94:AA:24:31:2F:CC:19:DE:DB:71:
                                A2:54:25:48:2D:16:80:5D:C9:E4:09:FD:CE:28:F1:38:
                                E7:67:CE:F3:1B:02:20:29:5C:01:5E:7B:6C:4E:ED:83:
                                CB:03:7A:EA:1C:C7:C5:36:D0:F2:28:D2:20:30:90:EA:
                                35:98:B9:C4:26:AF:19
    Signature Algorithm: sha256WithRSAEncryption
    Signature Value:
        8a:70:c3:7a:9c:72:15:bb:42:f5:20:9c:35:0b:d6:c3:f2:4d:
        93:ce:b8:6e:9a:79:0f:17:c0:85:1c:80:7a:ff:dc:12:4f:8a:
        5a:e6:9e:43:1e:de:a0:bd:f1:8f:92:c4:e8:7f:3c:5d:7d:53:
        00:d1:5c:9d:cc:43:0c:82:be:88:fd:43:d5:ad:83:b9:a8:54:
        12:c3:98:55:b4:b0:28:38:0d:8d:83:a2:53:7c:8a:23:10:94:
        94:04:1b:47:bc:48:86:0e:6b:3c:81:a8:46:29:f7:d6:d3:b7:
        b2:9f:6f:a0:e4:d9:3a:df:28:0a:e8:f5:f1:c3:30:aa:08:d6:
        5c:40:b7:39:c8:61:60:8e:e8:82:88:35:fa:93:58:34:47:32:
        86:e8:d2:cb:cd:19:36:15:cd:36:0d:84:4f:e1:83:94:5e:4b:
        ec:8f:8c:51:a6:b6:0b:44:60:5c:e2:5d:14:a4:48:b6:47:2c:
        b1:81:fd:3a:ce:99:0c:00:d8:08:22:23:31:a0:16:4a:1b:77:
        73:72:cf:ce:95:ac:87:ae:fd:75:23:2e:20:2a:a4:62:3c:3e:
        91:69:c7:c9:99:3b:20:5a:01:c9:29:0a:5a:5f:91:f0:0a:f0:
        d6:f0:8f:9f:b8:48:b8:24:dd:57:c8:95:88:5d:23:c2:ec:23:
        7f:f3:1b:9d
-----BEGIN CERTIFICATE-----
MIIFyTCCBLGgAwIBAgIQDauHvzdthPOOQ5EbJTo3dzANBgkqhkiG9w0BAQsFADA8
MQswCQYDVQQGEwJVUzEPMA0GA1UEChMGQW1hem9uMRwwGgYDVQQDExNBbWF6b24g
UlNBIDIwNDggTTAxMB4XDTIzMDIxMDAwMDAwMFoXDTI0MDEwMjIzNTk1OVowFDES
MBAGA1UEAxMJcWlpdGEuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAvGqV5zHcHFy3DRyyK5yX+aUob1hjF+pozmLLlYM4PgmDg/sKSFOcswHo3lbi
tteNFM38GhfVNYjHv65Wsz1Qg4mI5MlCOz8//6eDFmsrRQe+/8mQ/mP67aHtGb42
wfT4KG3J+31ko5oyodNjPTVu0XpybneihNbBX6waCpjqL+gu+8szRWA15JaVGtnK
NR/ZMkAzNANjD7MwB15Xg0aioIpYIRhKMhVqYqSlW4npVPjssgbxf6tOhixIwCKe
01Fg/KTD4EY3YdpIEeEuv82uHPiXdI8mdWRl3Lm70JPSdFioTv7hr/iDeJL+aP8o
o9CBd0endSyptkbtflvXGyG8WwIDAQABo4IC7TCCAukwHwYDVR0jBBgwFoAUgbgO
Y4qJEhjl+js7UJWf5uWQE4UwHQYDVR0OBBYEFNh9znTS90Y/A1imJ9dAvIOM/2WC
MCEGA1UdEQQaMBiCCXFpaXRhLmNvbYILKi5xaWl0YS5jb20wDgYDVR0PAQH/BAQD
AgWgMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjA7BgNVHR8ENDAyMDCg
LqAshipodHRwOi8vY3JsLnIybTAxLmFtYXpvbnRydXN0LmNvbS9yMm0wMS5jcmww
EwYDVR0gBAwwCjAIBgZngQwBAgEwdQYIKwYBBQUHAQEEaTBnMC0GCCsGAQUFBzAB
hiFodHRwOi8vb2NzcC5yMm0wMS5hbWF6b250cnVzdC5jb20wNgYIKwYBBQUHMAKG
Kmh0dHA6Ly9jcnQucjJtMDEuYW1hem9udHJ1c3QuY29tL3IybTAxLmNlcjAMBgNV
HRMBAf8EAjAAMIIBfAYKKwYBBAHWeQIEAgSCAWwEggFoAWYAdQDuzdBk1dsazsVc
t520zROiModGfLzs3sNRSFlGcR+1mwAAAYY5CA5WAAAEAwBGMEQCIFXE+Id+2jzY
7y2mexON/gb9POtxLsbi1g4mgWdEDS9HAiAGZ12sFhnWLrQVN+Yz/daISOlAO9J2
b/bIa8mrnXjhzQB1AHPZnokbTJZ4oCB9R53mssYc0FFecRkqjGuAEHrBd3K1AAAB
hjkIDroAAAQDAEYwRAIgaPC5zOwDphUGBy10VX52LSgTOdlSpkphzSI7DfeRF1oC
ICTB3QIKYguuAmMRomnPbqqoUFL2uczzC/WblaJvO7WqAHYASLDja9qmRzQP5WoC
+p0w6xxSActW3SyB2bu/qznYhHMAAAGGOQgOiwAABAMARzBFAiEAnpSqJDEvzBne
23GiVCVILRaAXcnkCf3OKPE452fO8xsCIClcAV57bE7tg8sDeuocx8U20PIo0iAw
kOo1mLnEJq8ZMA0GCSqGSIb3DQEBCwUAA4IBAQCKcMN6nHIVu0L1IJw1C9bD8k2T
zrhumnkPF8CFHIB6/9wST4pa5p5DHt6gvfGPksTofzxdfVMA0VydzEMMgr6I/UPV
rYO5qFQSw5hVtLAoOA2Ng6JTfIojEJSUBBtHvEiGDms8gahGKffW07eyn2+g5Nk6
3ygK6PXxwzCqCNZcQLc5yGFgjuiCiDX6k1g0RzKG6NLLzRk2Fc02DYRP4YOUXkvs
j4xRprYLRGBc4l0UpEi2Ryyxgf06zpkMANgIIiMxoBZKG3dzcs/OlayHrv11Iy4g
KqRiPD6RacfJmTsgWgHJKQpaX5HwCvDW8I+fuEi4JN1XyJWIXSPC7CN/8xud
-----END CERTIFICATE-----

証明書読み込み(DERファイル)

openssl x509 -text -inform der -in 証明書DERファイル名.cer

証明書読み込み(PEMファイルをASN.1形式で表示)

openssl asn1parse -dump -inform pem -in 証明書PEMファイル名.cer
コマンド結果
    0:d=0  hl=4 l=1481 cons: SEQUENCE
    4:d=1  hl=4 l=1201 cons: SEQUENCE
    8:d=2  hl=2 l=   3 cons: cont [ 0 ]
   10:d=3  hl=2 l=   1 prim: INTEGER           :02
   13:d=2  hl=2 l=  16 prim: INTEGER           :0DAB87BF376D84F38E43911B253A3777
   31:d=2  hl=2 l=  13 cons: SEQUENCE
   33:d=3  hl=2 l=   9 prim: OBJECT            :sha256WithRSAEncryption
   44:d=3  hl=2 l=   0 prim: NULL
   46:d=2  hl=2 l=  60 cons: SEQUENCE
   48:d=3  hl=2 l=  11 cons: SET
   50:d=4  hl=2 l=   9 cons: SEQUENCE
   52:d=5  hl=2 l=   3 prim: OBJECT            :countryName
   57:d=5  hl=2 l=   2 prim: PRINTABLESTRING   :US
   61:d=3  hl=2 l=  15 cons: SET
   63:d=4  hl=2 l=  13 cons: SEQUENCE
   65:d=5  hl=2 l=   3 prim: OBJECT            :organizationName
   70:d=5  hl=2 l=   6 prim: PRINTABLESTRING   :Amazon
   78:d=3  hl=2 l=  28 cons: SET
   80:d=4  hl=2 l=  26 cons: SEQUENCE
   82:d=5  hl=2 l=   3 prim: OBJECT            :commonName
   87:d=5  hl=2 l=  19 prim: PRINTABLESTRING   :Amazon RSA 2048 M01
  108:d=2  hl=2 l=  30 cons: SEQUENCE
  110:d=3  hl=2 l=  13 prim: UTCTIME           :230210000000Z
  125:d=3  hl=2 l=  13 prim: UTCTIME           :240102235959Z
  140:d=2  hl=2 l=  20 cons: SEQUENCE
  142:d=3  hl=2 l=  18 cons: SET
  144:d=4  hl=2 l=  16 cons: SEQUENCE
  146:d=5  hl=2 l=   3 prim: OBJECT            :commonName
  151:d=5  hl=2 l=   9 prim: PRINTABLESTRING   :qiita.com
  162:d=2  hl=4 l= 290 cons: SEQUENCE
  166:d=3  hl=2 l=  13 cons: SEQUENCE
  168:d=4  hl=2 l=   9 prim: OBJECT            :rsaEncryption
  179:d=4  hl=2 l=   0 prim: NULL
  181:d=3  hl=4 l= 271 prim: BIT STRING
      0000 - 00 30 82 01 0a 02 82 01-01 00 bc 6a 95 e7 31 dc   .0.........j..1.
      0010 - 1c 5c b7 0d 1c b2 2b 9c-97 f9 a5 28 6f 58 63 17   .\....+....(oXc.
      0020 - ea 68 ce 62 cb 95 83 38-3e 09 83 83 fb 0a 48 53   .h.b...8>.....HS
      0030 - 9c b3 01 e8 de 56 e2 b6-d7 8d 14 cd fc 1a 17 d5   .....V..........
      0040 - 35 88 c7 bf ae 56 b3 3d-50 83 89 88 e4 c9 42 3b   5....V.=P.....B;
      0050 - 3f 3f ff a7 83 16 6b 2b-45 07 be ff c9 90 fe 63   ??....k+E......c
      0060 - fa ed a1 ed 19 be 36 c1-f4 f8 28 6d c9 fb 7d 64   ......6...(m..}d
      0070 - a3 9a 32 a1 d3 63 3d 35-6e d1 7a 72 6e 77 a2 84   ..2..c=5n.zrnw..
      0080 - d6 c1 5f ac 1a 0a 98 ea-2f e8 2e fb cb 33 45 60   .._...../....3E`
      0090 - 35 e4 96 95 1a d9 ca 35-1f d9 32 40 33 34 03 63   5......5..2@34.c
      00a0 - 0f b3 30 07 5e 57 83 46-a2 a0 8a 58 21 18 4a 32   ..0.^W.F...X!.J2
      00b0 - 15 6a 62 a4 a5 5b 89 e9-54 f8 ec b2 06 f1 7f ab   .jb..[..T.......
      00c0 - 4e 86 2c 48 c0 22 9e d3-51 60 fc a4 c3 e0 46 37   N.,H."..Q`....F7
      00d0 - 61 da 48 11 e1 2e bf cd-ae 1c f8 97 74 8f 26 75   a.H.........t.&u
      00e0 - 64 65 dc b9 bb d0 93 d2-74 58 a8 4e fe e1 af f8   de......tX.N....
      00f0 - 83 78 92 fe 68 ff 28 a3-d0 81 77 47 a7 75 2c a9   .x..h.(...wG.u,.
      0100 - b6 46 ed 7e 5b d7 1b 21-bc 5b 02 03 01 00 01      .F.~[..!.[.....
  456:d=2  hl=4 l= 749 cons: cont [ 3 ]
  460:d=3  hl=4 l= 745 cons: SEQUENCE
  464:d=4  hl=2 l=  31 cons: SEQUENCE
  466:d=5  hl=2 l=   3 prim: OBJECT            :X509v3 Authority Key Identifier
  471:d=5  hl=2 l=  24 prim: OCTET STRING
      0000 - 30 16 80 14 81 b8 0e 63-8a 89 12 18 e5 fa 3b 3b   0......c......;;
      0010 - 50 95 9f e6 e5 90 13 85-                          P.......
  497:d=4  hl=2 l=  29 cons: SEQUENCE
  499:d=5  hl=2 l=   3 prim: OBJECT            :X509v3 Subject Key Identifier
  504:d=5  hl=2 l=  22 prim: OCTET STRING
      0000 - 04 14 d8 7d ce 74 d2 f7-46 3f 03 58 a6 27 d7 40   ...}.t..F?.X.'.@
      0010 - bc 83 8c ff 65 82                                 ....e.
  528:d=4  hl=2 l=  33 cons: SEQUENCE
  530:d=5  hl=2 l=   3 prim: OBJECT            :X509v3 Subject Alternative Name
  535:d=5  hl=2 l=  26 prim: OCTET STRING
      0000 - 30 18 82 09 71 69 69 74-61 2e 63 6f 6d 82 0b 2a   0...qiita.com..*
      0010 - 2e 71 69 69 74 61 2e 63-6f 6d                     .qiita.com
  563:d=4  hl=2 l=  14 cons: SEQUENCE
  565:d=5  hl=2 l=   3 prim: OBJECT            :X509v3 Key Usage
  570:d=5  hl=2 l=   1 prim: BOOLEAN           :255
  573:d=5  hl=2 l=   4 prim: OCTET STRING
      0000 - 03 02 05 a0                                       ....
  579:d=4  hl=2 l=  29 cons: SEQUENCE
  581:d=5  hl=2 l=   3 prim: OBJECT            :X509v3 Extended Key Usage
  586:d=5  hl=2 l=  22 prim: OCTET STRING
      0000 - 30 14 06 08 2b 06 01 05-05 07 03 01 06 08 2b 06   0...+.........+.
      0010 - 01 05 05 07 03 02                                 ......
  610:d=4  hl=2 l=  59 cons: SEQUENCE
  612:d=5  hl=2 l=   3 prim: OBJECT            :X509v3 CRL Distribution Points
  617:d=5  hl=2 l=  52 prim: OCTET STRING
      0000 - 30 32 30 30 a0 2e a0 2c-86 2a 68 74 74 70 3a 2f   0200...,.*http:/
      0010 - 2f 63 72 6c 2e 72 32 6d-30 31 2e 61 6d 61 7a 6f   /crl.r2m01.amazo
      0020 - 6e 74 72 75 73 74 2e 63-6f 6d 2f 72 32 6d 30 31   ntrust.com/r2m01
      0030 - 2e 63 72 6c                                       .crl
  671:d=4  hl=2 l=  19 cons: SEQUENCE
  673:d=5  hl=2 l=   3 prim: OBJECT            :X509v3 Certificate Policies
  678:d=5  hl=2 l=  12 prim: OCTET STRING
      0000 - 30 0a 30 08 06 06 67 81-0c 01 02 01               0.0...g.....
  692:d=4  hl=2 l= 117 cons: SEQUENCE
  694:d=5  hl=2 l=   8 prim: OBJECT            :Authority Information Access
  704:d=5  hl=2 l= 105 prim: OCTET STRING
      0000 - 30 67 30 2d 06 08 2b 06-01 05 05 07 30 01 86 21   0g0-..+.....0..!
      0010 - 68 74 74 70 3a 2f 2f 6f-63 73 70 2e 72 32 6d 30   http://ocsp.r2m0
      0020 - 31 2e 61 6d 61 7a 6f 6e-74 72 75 73 74 2e 63 6f   1.amazontrust.co
      0030 - 6d 30 36 06 08 2b 06 01-05 05 07 30 02 86 2a 68   m06..+.....0..*h
      0040 - 74 74 70 3a 2f 2f 63 72-74 2e 72 32 6d 30 31 2e   ttp://crt.r2m01.
      0050 - 61 6d 61 7a 6f 6e 74 72-75 73 74 2e 63 6f 6d 2f   amazontrust.com/
      0060 - 72 32 6d 30 31 2e 63 65-72                        r2m01.cer
  811:d=4  hl=2 l=  12 cons: SEQUENCE
  813:d=5  hl=2 l=   3 prim: OBJECT            :X509v3 Basic Constraints
  818:d=5  hl=2 l=   1 prim: BOOLEAN           :255
  821:d=5  hl=2 l=   2 prim: OCTET STRING
      0000 - 30 00                                             0.
  825:d=4  hl=4 l= 380 cons: SEQUENCE
  829:d=5  hl=2 l=  10 prim: OBJECT            :CT Precertificate SCTs
  841:d=5  hl=4 l= 364 prim: OCTET STRING
      0000 - 04 82 01 68 01 66 00 75-00 ee cd d0 64 d5 db 1a   ...h.f.u....d...
      0010 - ce c5 5c b7 9d b4 cd 13-a2 32 87 46 7c bc ec de   ..\......2.F|...
      0020 - c3 51 48 59 46 71 1f b5-9b 00 00 01 86 39 08 0e   .QHYFq.......9..
      0030 - 56 00 00 04 03 00 46 30-44 02 20 55 c4 f8 87 7e   V.....F0D. U...~
      0040 - da 3c d8 ef 2d a6 7b 13-8d fe 06 fd 3c eb 71 2e   .<..-.{.....<.q.
      0050 - c6 e2 d6 0e 26 81 67 44-0d 2f 47 02 20 06 67 5d   ....&.gD./G. .g]
      0060 - ac 16 19 d6 2e b4 15 37-e6 33 fd d6 88 48 e9 40   .......7.3...H.@
      0070 - 3b d2 76 6f f6 c8 6b c9-ab 9d 78 e1 cd 00 75 00   ;.vo..k...x...u.
      0080 - 73 d9 9e 89 1b 4c 96 78-a0 20 7d 47 9d e6 b2 c6   s....L.x. }G....
      0090 - 1c d0 51 5e 71 19 2a 8c-6b 80 10 7a c1 77 72 b5   ..Q^q.*.k..z.wr.
      00a0 - 00 00 01 86 39 08 0e ba-00 00 04 03 00 46 30 44   ....9........F0D
      00b0 - 02 20 68 f0 b9 cc ec 03-a6 15 06 07 2d 74 55 7e   . h.........-tU~
      00c0 - 76 2d 28 13 39 d9 52 a6-4a 61 cd 22 3b 0d f7 91   v-(.9.R.Ja.";...
      00d0 - 17 5a 02 20 24 c1 dd 02-0a 62 0b ae 02 63 11 a2   .Z. $....b...c..
      00e0 - 69 cf 6e aa a8 50 52 f6-b9 cc f3 0b f5 9b 95 a2   i.n..PR.........
      00f0 - 6f 3b b5 aa 00 76 00 48-b0 e3 6b da a6 47 34 0f   o;...v.H..k..G4.
      0100 - e5 6a 02 fa 9d 30 eb 1c-52 01 cb 56 dd 2c 81 d9   .j...0..R..V.,..
      0110 - bb bf ab 39 d8 84 73 00-00 01 86 39 08 0e 8b 00   ...9..s....9....
      0120 - 00 04 03 00 47 30 45 02-21 00 9e 94 aa 24 31 2f   ....G0E.!....$1/
      0130 - cc 19 de db 71 a2 54 25-48 2d 16 80 5d c9 e4 09   ....q.T%H-..]...
      0140 - fd ce 28 f1 38 e7 67 ce-f3 1b 02 20 29 5c 01 5e   ..(.8.g.... )\.^
      0150 - 7b 6c 4e ed 83 cb 03 7a-ea 1c c7 c5 36 d0 f2 28   {lN....z....6..(
      0160 - d2 20 30 90 ea 35 98 b9-c4 26 af 19               . 0..5...&..
 1209:d=1  hl=2 l=  13 cons: SEQUENCE
 1211:d=2  hl=2 l=   9 prim: OBJECT            :sha256WithRSAEncryption
 1222:d=2  hl=2 l=   0 prim: NULL
 1224:d=1  hl=4 l= 257 prim: BIT STRING
      0000 - 00 8a 70 c3 7a 9c 72 15-bb 42 f5 20 9c 35 0b d6   ..p.z.r..B. .5..
      0010 - c3 f2 4d 93 ce b8 6e 9a-79 0f 17 c0 85 1c 80 7a   ..M...n.y......z
      0020 - ff dc 12 4f 8a 5a e6 9e-43 1e de a0 bd f1 8f 92   ...O.Z..C.......
      0030 - c4 e8 7f 3c 5d 7d 53 00-d1 5c 9d cc 43 0c 82 be   ...<]}S..\..C...
      0040 - 88 fd 43 d5 ad 83 b9 a8-54 12 c3 98 55 b4 b0 28   ..C.....T...U..(
      0050 - 38 0d 8d 83 a2 53 7c 8a-23 10 94 94 04 1b 47 bc   8....S|.#.....G.
      0060 - 48 86 0e 6b 3c 81 a8 46-29 f7 d6 d3 b7 b2 9f 6f   H..k<..F)......o
      0070 - a0 e4 d9 3a df 28 0a e8-f5 f1 c3 30 aa 08 d6 5c   ...:.(.....0...\
      0080 - 40 b7 39 c8 61 60 8e e8-82 88 35 fa 93 58 34 47   @.9.a`....5..X4G
      0090 - 32 86 e8 d2 cb cd 19 36-15 cd 36 0d 84 4f e1 83   2......6..6..O..
      00a0 - 94 5e 4b ec 8f 8c 51 a6-b6 0b 44 60 5c e2 5d 14   .^K...Q...D`\.].
      00b0 - a4 48 b6 47 2c b1 81 fd-3a ce 99 0c 00 d8 08 22   .H.G,...:......"
      00c0 - 23 31 a0 16 4a 1b 77 73-72 cf ce 95 ac 87 ae fd   #1..J.wsr.......
      00d0 - 75 23 2e 20 2a a4 62 3c-3e 91 69 c7 c9 99 3b 20   u#. *.b<>.i...;
      00e0 - 5a 01 c9 29 0a 5a 5f 91-f0 0a f0 d6 f0 8f 9f b8   Z..).Z_.........
      00f0 - 48 b8 24 dd 57 c8 95 88-5d 23 c2 ec 23 7f f3 1b   H.$.W...]#..#...
      0100 - 9d                                                .

証明書読み込み(DERファイルをASN.1形式で表示)

openssl asn1parse -dump -inform der -in 証明書DERファイル名.cer

証明書変換(PEM→DERファイル)

openssl x509 -in 証明書PEMファイル名.cer -outform der -out 変換後証明書DERファイル名.cer

証明書変換(DER→PEMファイル)

openssl x509 -inform der -in 証明書DERファイル名.cer -outform pem -out 変換後証明書PEMファイル名.cer

ウェブサーバーに接続し証明書取得

「-CAfile」でルート証明書を指定すると結果に
「Verify return code: 20 (unable to get local issuer certificate)」が表示されない。

openssl s_client -connect www1.example.com:443 -showcerts
openssl s_client -connect www1.example.com:443 -showcerts -CAfile C:\OpenSSL\RCA-PEM.cer

depth=1が中間CA証明書。
depth=0がTLSサーバー証明書。

コマンド結果
openssl s_client -connect www1.example.com:443 -showcerts
CONNECTED(000001B0)
depth=1 C = JP, ST = Tokyo, O = CA, CN = SCA01
verify error:num=20:unable to get local issuer certificate
verify return:1
depth=0 C = JP, ST = Tokyo, O = CA, CN = *.example.com
verify return:1
---
Certificate chain
 0 s:C = JP, ST = Tokyo, O = CA, CN = *.example.com
   i:C = JP, ST = Tokyo, O = CA, CN = SCA01
   a:PKEY: rsaEncryption, 2048 (bit); sigalg: RSA-SHA256
   v:NotBefore: May 27 02:00:39 2022 GMT; NotAfter: Aug 29 02:00:39 2024 GMT
-----BEGIN CERTIFICATE-----
MIIFQzCCAyugAwIBAgIUc/97bpnhRvhnS9tyxlMZ5fQ6QIUwDQYJKoZIhvcNAQEL
BQAwOjELMAkGA1UEBhMCSlAxDjAMBgNVBAgMBVRva3lvMQswCQYDVQQKDAJDQTEO
MAwGA1UEAwwFU0NBMDEwHhcNMjIwNTI3MDIwMDM5WhcNMjQwODI5MDIwMDM5WjBC
MQswCQYDVQQGEwJKUDEOMAwGA1UECAwFVG9reW8xCzAJBgNVBAoMAkNBMRYwFAYD
VQQDDA0qLmV4YW1wbGUuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEA38Z7SSPukxTrYK53WKqO+JHJn7qPAnJ9l7F41/duJ8VxuytaiBrtAiC3hhFc
fD2L2WlL1m4ltWpY7h3Ai1gB9sxwTIXq5kAghvkvVeI5kF5qhvcoUyu2uQRDNheL
/dX+mxl7QWatA62IOQ3zwVDD7mCIFINZTa9EGm23B8mf5IvzsoAKzjsdT4iFh6WE
iHJrb5YnhKd4SN/xIAS2kds8aFtV0j0QujVo+5bC5SwKMzrbsZYajq7k6juT3fzb
cK/SkaWbXOpkhi2DI/WrR3z85N2PfIbyIGPNHImPavdNKPoL/FP8zsutIz4Xv5um
6Wymjj4/jTzLz6G+KlTy2UYrIQIDAQABo4IBNzCCATMwDgYDVR0PAQH/BAQDAgWg
MB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjA1BgNVHR8ELjAsMCqgKKAm
hiRodHRwOi8vd3d3MS5leGFtcGxlLmNvbS9TQ0EwMWNybC5jcmwwPQYIKwYBBQUH
AQEEMTAvMC0GCCsGAQUFBzAChiFodHRwOi8vd3d3MS5leGFtcGxlLmNvbS9TQ0Ew
MS5jcnQwHgYDVR0RBBcwFYINKi5leGFtcGxlLmNvbYcEwKgAoDAsBglghkgBhvhC
AQ0EHxYdT3BlblNTTCBHZW5lcmF0ZWQgQ2VydGlmaWNhdGUwHQYDVR0OBBYEFHD/
ZeIvoFI74mBHhB3MWKVg0z/wMB8GA1UdIwQYMBaAFJlFGFWi3lod1aR2JbTDPVZx
/Z0+MA0GCSqGSIb3DQEBCwUAA4ICAQCk+2OY4ApJcsuSC7HXcn6sXvmQiPMVdZM1
O3wqo6lZ9zQl8kk0J887OBJrekS6ss0uZs2a7H6Cf+EioYU9a83GxV2JLawjG3Py
IoLdjMyAHabiESp68JCy/RxJ6n6cEiKEI1pSVgkqPmkEJHrTm7PCPP7Nb1cjFRPG
Rocu13TyBXyuMTqrqSDOauMTF/sZgtQmTOr7LY6TOJl90t4Hx5Y43HUaUQjG+0KN
jWfFOjwDP9KW6dDN0jK42pEH16zLTUvyBmg38Wl/G+WPHmTd1+ywejRKjFrVGgMV
pIPGuCzXr0kAk9CWQE5LHR/H+W0uDaGLOrbISuYJ1qqQvneUCLZmBqKBAEXzhdPQ
9uAvdagVxMfsJno5DGWfxR3eJVPp3PA3v82IC139Qy5gdl/MsBjJHzKbgc+5nIZk
fH780KJLqUR6fbHW34lsVS81ksosY6l1HMHtkdTqQAo9OKf+BWcxi5JVEpfiOoPP
iB0OsfzvtPsgGprqI9lyJV6a60SH2q02OVvPn2UVaffzwc86c6MzDn2oRHryF4Rd
O67O7mJfWx+4KGXIx/QEHrJAG0WQZ428wxqY1OwYh/bPnJBFtoj/KcfDkL20ZLSs
u97ZbBP5SMTV7LUekHZnTb/U/A+ZP04VAjRBQ+H/6hGfbG9frptjHAragMUuFgU2
/tfAWUKbpA==
-----END CERTIFICATE-----
 1 s:C = JP, ST = Tokyo, O = CA, CN = SCA01
   i:C = JP, ST = Tokyo, O = CA, CN = RCA
   a:PKEY: rsaEncryption, 4096 (bit); sigalg: RSA-SHA256
   v:NotBefore: May 27 01:57:18 2022 GMT; NotAfter: May 23 01:57:18 2037 GMT
-----BEGIN CERTIFICATE-----
MIIF1zCCA7+gAwIBAgIUQ1pa3A8Dpdw6VDAfFDnF3ukYwy0wDQYJKoZIhvcNAQEL
BQAwODELMAkGA1UEBhMCSlAxDjAMBgNVBAgMBVRva3lvMQswCQYDVQQKDAJDQTEM
MAoGA1UEAwwDUkNBMB4XDTIyMDUyNzAxNTcxOFoXDTM3MDUyMzAxNTcxOFowOjEL
MAkGA1UEBhMCSlAxDjAMBgNVBAgMBVRva3lvMQswCQYDVQQKDAJDQTEOMAwGA1UE
AwwFU0NBMDEwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQDOwOoVhC/x
kNtSLSsZVp7vvbvpVBgXnvneV9UtSCFkT80PYsJFgVL7InGEOeZiR9IFc06HobxM
3oOwf5cL7EtDFebQurW3korlylzxUrE9S7T0keSoR+ObFw/KUXJAEBwdb/7Zog0M
xo0ffGuY1E0tNki8HGKz+k/PLK9svR0nCARJdhwG5stO3yF9X+0s3pH2ekw7BlU8
kBrRP0ROIzGbWkFGr4eifLu/32Tx6DK4gpk+YYUXh5tMMP0WR/BJ7VDZccJdBU1K
+Cf0c+hJI5+eptBJfL9IkYJ9zBtJ2zFl5ypxw/iXCjp8zcEGDxolohpEJqxu43HU
Q78Kb4dVQNwVwbXgDGcKIdvErwRStF+AQef8etnprFf8WUdiaA7KU4lVi4CsMK/I
TZ5s4U9/7c7QUcj30QbKzL7Aohf7nK73klOjgOP+Km9SFviDUFM+8k6G9npvPglN
VnOkr8mnspchNITwcuRB3UrLYZ0oq7xYG3d+22jho8aojsAUjyoNBvYejFt5p8mG
pTtgjup9FRzpomhStygqFnLbeHXL161Qf44Rqdn0mvuVB/G6No/+FzTrswCv1cbw
h6U5mnqsnLo0noPHMNXX0fHvtNAYtVQZlcOV5aJmOd8vxPOu/gKEucKboBgncVlu
VlSPm//Xy9F417ytCFeGiWUr/uJiv5WQOQIDAQABo4HWMIHTMB0GA1UdDgQWBBSZ
RRhVot5aHdWkdiW0wz1Wcf2dPjAfBgNVHSMEGDAWgBQ3PhtJPK5xciE+D1epcrk2
fQDuvjAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIBhjAzBgNVHR8ELDAq
MCigJqAkhiJodHRwOi8vd3d3MS5leGFtcGxlLmNvbS9SQ0FjcmwuY3JsMDsGCCsG
AQUFBwEBBC8wLTArBggrBgEFBQcwAoYfaHR0cDovL3d3dzEuZXhhbXBsZS5jb20v
UkNBLmNydDANBgkqhkiG9w0BAQsFAAOCAgEAWdwhU71A+t+mtp12Ud0JUhNqNDRV
MeUNdiss6+PD3KOGHTht/MZDjhiyEbLt6nJl4Oh9QZ31vnHR6MzV9Ydr5cLXV7Aj
6GGUP2PbfIYIrodalcZaYL1Brj6ZOl6q0ax8hmcLpCujSQrQLy83ojB/SciW9JKW
uA/rb+Nl3oLzJ4dz0B+5qkdln6AJ/puR1krcdm4lP1JM1msICoQmbm9lge8LcTRP
CmKGZplZCv2H6EKnrC3c7EqyJmt9dNqV+uraE7eu9cYIyoY9w+gx68iv8NgaMYgy
iiJ6JwREbK9si7vL8BX+oVlRyQxsRroqJtMKydhjFJetZwP3ChOPKG4Sq2RWVX5S
RDzMSo5FYVbOC/4WcKQ4bcRbFFwkPWZX4GcURGSpTNato++oqgoCwUELCWoPLqle
jMwmHg1YGi6OioM8VzJeX/TUTspXMtw2UlIP1QGqi++l+kHQ7ZZVwObCTIulMb5X
StqJYmaaAgDBdMhasGtOA4EMNHao3ifvAw5Rc68M3R4KX+IUGno2ug5h3JBIqTjp
9FpLx4cbn+UzhN+9LZ0VUUoR+J87vqRbz1+PAi8F62PWFy7GSe564F4ml3UOXFl9
oidawqJMPQw9zh00lVE5R79TLQvMjUlPaOtfzmzxFUYXMvU8/9rXBm/Grs4Xngli
BzpVwsQgvtHowig=
-----END CERTIFICATE-----
---
Server certificate
subject=C = JP, ST = Tokyo, O = CA, CN = *.example.com
issuer=C = JP, ST = Tokyo, O = CA, CN = SCA01
---
No client certificate CA names sent
Peer signing digest: SHA256
Peer signature type: RSA-PSS
Server Temp Key: X25519, 253 bits
---
SSL handshake has read 3411 bytes and written 402 bytes
Verification error: unable to get local issuer certificate
---
New, TLSv1.3, Cipher is TLS_AES_256_GCM_SHA384
Server public key is 2048 bit
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
Early data was not sent
Verify return code: 20 (unable to get local issuer certificate)
---
---
Post-Handshake New Session Ticket arrived:
SSL-Session:
    Protocol  : TLSv1.3
    Cipher    : TLS_AES_256_GCM_SHA384
    Session-ID: 7CCC1AE5343957964C9CF9E007A8755D488C8C9BF26F0E53B54B8E455DD07B34
    Session-ID-ctx:
    Resumption PSK: C61050CA4853E39F88DB182E706D814326C4C178A65563079B18E327E924A9F48CBA5F55E641B795338478B47E148D1D
    PSK identity: None
    PSK identity hint: None
    SRP username: None
    TLS session ticket lifetime hint: 300 (seconds)
    TLS session ticket:
    0000 - d5 b1 53 57 f5 a1 93 f3-2f 91 bb f2 d7 ac 70 9b   ..SW..../.....p.
    0010 - 13 fa e5 f6 b7 59 72 e1-c0 a0 47 2d c4 3f 05 d2   .....Yr...G-.?..
    0020 - 70 1f 71 74 04 58 22 95-dd 4a d0 72 fb 5e 87 fd   p.qt.X"..J.r.^..
    0030 - e6 3a 45 80 08 45 ba 85-cd e7 a0 94 ca 68 85 f6   .:E..E.......h..
    0040 - 19 04 30 c7 25 81 49 0a-f5 02 09 08 65 00 46 ea   ..0.%.I.....e.F.
    0050 - 82 5c 2b 79 b8 a0 3f 09-97 31 db d0 e8 bf bd 6d   .\+y..?..1.....m
    0060 - c3 76 cb 11 69 0a 53 81-7c 09 08 8f 35 27 4a 12   .v..i.S.|...5'J.
    0070 - 37 c1 78 4b c5 63 db 4b-03 ed d8 6a 0d 41 47 e6   7.xK.c.K...j.AG.
    0080 - 44 0c df 0f 58 7d 12 7e-b5 5a 68 bc 16 bb 36 71   D...X}.~.Zh...6q
    0090 - fe f3 80 9a d3 f7 89 37-26 d5 5d 47 23 24 a0 7a   .......7&.]G#$.z
    00a0 - 2b c8 17 49 ba 87 87 19-38 a8 46 73 3e 5b 25 32   +..I....8.Fs>[%2
    00b0 - d7 6c 2c 25 26 4f b4 60-37 af 96 3b 24 e6 49 bf   .l,%&O.`7..;$.I.
    00c0 - 1b fa 99 b9 78 19 0e 9c-63 b9 57 16 c5 c5 91 93   ....x...c.W.....
    00d0 - d2 a8 e0 ab bc d3 27 af-f3 e8 0a b8 6d 23 ba 76   ......'.....m#.v

    Start Time: 1656361261
    Timeout   : 7200 (sec)
    Verify return code: 20 (unable to get local issuer certificate)
    Extended master secret: no
    Max Early Data: 0
---
read R BLOCK
---
Post-Handshake New Session Ticket arrived:
SSL-Session:
    Protocol  : TLSv1.3
    Cipher    : TLS_AES_256_GCM_SHA384
    Session-ID: 21E0B3BF719EE05469583A317F4FC290229033678C53B7CA6EFDE67B6964C2E7
    Session-ID-ctx:
    Resumption PSK: B0CB7D04EBA1FCD379B9362AC23D6442067CA36C63ACDC12EAB71DC2AC359DDBF95F3BAC77006D58F1E7A0130B815378
    PSK identity: None
    PSK identity hint: None
    SRP username: None
    TLS session ticket lifetime hint: 300 (seconds)
    TLS session ticket:
    0000 - d5 b1 53 57 f5 a1 93 f3-2f 91 bb f2 d7 ac 70 9b   ..SW..../.....p.
    0010 - fb 16 39 98 c0 6b 7e 9f-fc 0a 17 70 36 ae 1a cb   ..9..k~....p6...
    0020 - 9c ac 5f 44 ce 15 0c d0-06 65 a1 58 b3 d3 20 e5   .._D.....e.X.. .
    0030 - 13 d7 c5 7f 02 54 5e 22-74 ae 81 19 78 11 9c 6b   .....T^"t...x..k
    0040 - dc a4 0a 19 d8 28 c1 cc-0a 86 83 54 03 e2 fb 87   .....(.....T....
    0050 - 3a 69 f7 65 10 ae 72 0d-77 84 c6 d6 86 55 67 84   :i.e..r.w....Ug.
    0060 - 8d 2e 01 89 0e 64 62 4a-c3 25 9c b4 41 32 75 0e   .....dbJ.%..A2u.
    0070 - fa 0b 69 66 b1 ee c1 0a-8d ec ac 41 c4 e9 30 a6   ..if.......A..0.
    0080 - de 02 ea 2f c7 88 f9 5e-a5 54 89 cd 20 c2 35 53   .../...^.T.. .5S
    0090 - 34 83 39 53 27 e6 b0 a2-51 75 6a f3 df ae 07 79   4.9S'...Quj....y
    00a0 - fa 16 d2 1f 90 eb 03 59-dc c8 5e fe 01 73 ba 84   .......Y..^..s..
    00b0 - 9c 27 c0 28 ff b3 8a 53-96 95 a5 fe 44 d1 61 d1   .'.(...S....D.a.
    00c0 - eb fb a8 fa 45 98 ac f2-81 ce 72 a5 5e ba 8c ce   ....E.....r.^...
    00d0 - c4 b4 e7 71 1f 14 ae 8a-d1 31 bf 52 5b a5 15 25   ...q.....1.R[..%

    Start Time: 1656361261
    Timeout   : 7200 (sec)
    Verify return code: 20 (unable to get local issuer certificate)
    Extended master secret: no
    Max Early Data: 0
---
read R BLOCK

OpenSSL:/docs/man1.1.1/man1/openssl-s_client.htmlhttps://www.openssl.org

鍵ペア生成

RSA-2048、RSA-3072、RSA-4096、prime256v1、secp256k1、secp384r1

openssl genrsa 2048 > cert2048.key
openssl genrsa 3072 > cert3072.key
openssl genrsa 4096 > cert4096.key
openssl ecparam -name prime256v1 -genkey -out certprime256v1.key
openssl ecparam -name secp256k1 -genkey -out certecc256.key
openssl ecparam -name secp384r1 -genkey -out certecc384.key

OpenSSL:https://www.openssl.org/docs/man1.1.1/man1/openssl-genrsa.html
OpenSSL:https://www.openssl.org/docs/man1.1.1/man1/ecparam.html

鍵ペア表示

openssl rsa -noout -text -in cert2048.key
openssl rsa -noout -text -in cert3072.key
openssl rsa -noout -text -in cert4096.key
openssl ec -text -in certprime256v1.key
openssl ec -text -in certecc256.key
openssl ec -text -in certecc384.key

OpenSSL:https://www.openssl.org/docs/man1.1.1/man1/rsa.html
OpenSSL:https://www.openssl.org/docs/man1.1.1/man1/ec.html

RSA鍵ペア表示コマンド結果

名称説明種別
modulusモジュラスn(n=pq)Public Key(公開鍵)
publicExponent公開指数e=65537Public Key(公開鍵)
privateExponent非公開指数d=e^(-1) mod (p-1)(q-1)Private Key(秘密鍵)
prime1nの素因数pPrivate Key(秘密鍵)
prime2nの素因数qPrivate Key(秘密鍵)
exponent1d mod (p-1)
exponent2d mod (q-1)
coefficient中国剰余定理の係数 q^(-1) mod p
コマンド結果
RSA Private-Key: (2048 bit, 2 primes)
modulus:
    00:e5:0f:0f:87:93:b3:65:7e:9f:83:4a:72:8a:62:
    38:a8:7f:72:1b:e4:04:77:d3:e9:b1:42:91:47:7f:
    7b:1c:0d:5a:e4:4c:1e:55:c3:8e:7b:87:63:92:6e:
    54:14:a8:25:81:c0:9c:4d:9b:8b:cb:cb:85:c6:e4:
    71:0d:7a:72:c5:2a:ee:7a:c9:a9:2e:d0:27:71:5e:
    8e:5d:1b:52:89:7b:ab:3c:b6:4d:71:f1:55:50:5c:
    5f:77:a0:a7:9c:80:44:58:de:74:ac:0a:fe:f7:55:
    11:d9:77:29:6c:78:d5:06:a3:55:8e:f1:26:10:93:
    ea:76:05:28:8b:91:75:fc:3c:1c:23:1a:7c:af:9a:
    94:fa:c9:aa:c8:39:53:0c:8d:af:76:8e:56:b7:67:
    34:1d:cf:d3:ec:1a:b1:39:47:37:4c:2f:27:67:a7:
    84:b7:89:0b:25:c2:54:39:e6:bd:1b:25:87:8a:1a:
    ac:ea:2a:92:6e:cf:0a:9e:0b:dc:3e:ee:1b:73:bd:
    aa:9b:78:ec:b3:c6:18:d2:b3:0e:a7:6f:d0:a4:6a:
    15:b0:a3:1c:0a:b3:0c:be:f0:74:fc:cc:22:98:44:
    a0:e7:33:0d:14:f6:03:af:b7:68:76:6a:81:cc:51:
    28:1a:89:5e:e9:a5:0b:64:ab:85:e7:32:30:64:8b:
    85:d1
publicExponent: 65537 (0x10001)
privateExponent:
    4b:0b:1f:1c:5c:e0:76:4d:00:b7:83:c9:78:da:eb:
    13:11:05:f2:6b:46:a7:77:6e:e5:9b:18:7b:a3:21:
    53:34:70:e5:c0:a6:63:94:b8:f6:71:89:c6:ac:8c:
    b1:63:d1:3d:ec:3b:89:15:7f:bc:59:c6:4f:3e:02:
    67:d7:09:08:dd:a2:d9:e9:7d:9b:0f:a9:0c:74:5d:
    11:d5:e4:b9:94:21:aa:b7:53:32:14:4d:ce:11:25:
    59:cc:f1:7c:cd:6d:16:ec:72:ae:f6:bf:47:8a:c0:
    59:4d:b7:ed:88:bc:c9:fa:f3:09:ec:a9:7a:de:ea:
    fe:95:7c:0e:15:ae:e0:de:b5:ee:6b:17:07:d8:87:
    cf:ce:49:6a:ee:02:6a:7f:e0:78:53:3d:b3:5b:20:
    b7:18:58:7b:45:2e:a1:b7:dc:cc:bf:81:92:c9:90:
    1c:44:ae:13:b0:03:21:ae:5a:64:d3:28:39:60:aa:
    92:01:e7:ac:64:6c:83:49:92:0c:03:c5:b7:f9:bf:
    d3:ec:6a:74:05:52:f6:de:8c:f5:f0:55:ea:79:69:
    1b:ea:14:8a:63:42:ec:ee:f6:5f:0a:ec:5f:7d:ff:
    82:f0:88:01:a6:96:4e:0c:73:fe:ae:8a:5c:9b:16:
    a7:52:18:4f:9f:75:98:60:52:f9:95:ab:43:cf:d5:
    91
prime1:
    00:f5:30:2f:64:80:d1:5d:a0:9d:36:51:ea:b6:36:
    09:33:d4:29:d6:33:55:f1:88:1e:c3:58:34:26:8a:
    90:c1:ac:d9:05:35:18:39:9f:b4:17:0d:85:f3:dd:
    75:1d:02:27:14:2a:76:8f:99:07:48:f6:a5:46:28:
    32:c4:2d:5c:0a:b0:17:8d:d2:4e:cc:7c:6f:4f:44:
    37:b1:92:4b:ac:1e:11:1d:a7:3a:0a:30:d6:8d:9b:
    6e:f5:60:ad:80:59:ee:27:6e:43:a7:16:74:77:ea:
    6f:78:48:f8:b9:97:a3:6a:21:63:d3:b6:07:ec:c3:
    90:a7:68:79:c1:d5:31:a3:3d
prime2:
    00:ef:28:cc:63:21:c2:63:6d:82:fd:65:58:ef:13:
    c0:37:c4:11:16:86:52:ab:4d:63:b6:87:07:14:b7:
    87:a7:c0:68:49:df:ba:87:0e:61:1d:ea:97:e3:56:
    ed:fb:63:ef:8b:d8:63:1f:5f:21:3d:72:88:c8:8d:
    ab:57:5c:76:22:08:27:37:b9:50:df:0d:2b:78:95:
    b3:7c:ca:c6:06:16:65:e6:01:56:15:32:21:4d:06:
    14:c1:ac:ea:6d:fd:e0:97:57:25:0a:78:78:cb:84:
    01:51:40:e2:74:56:55:04:fe:77:a3:6e:c1:3e:71:
    26:c0:91:b7:d6:67:71:86:25
exponent1:
    00:c6:a4:cb:40:b9:bc:e6:06:02:58:c7:f5:48:ba:
    6e:aa:36:f1:ce:40:b9:18:7e:17:ae:5b:ff:a4:5a:
    0e:fd:5a:74:58:eb:b3:3c:bc:4e:c3:7e:89:50:11:
    d3:98:34:ee:44:40:42:de:04:35:0a:c0:09:16:d5:
    ea:8b:55:d4:84:34:36:61:08:4a:1f:11:91:7c:be:
    e0:00:55:6e:49:7b:f2:91:fb:b1:e2:1f:bf:33:eb:
    01:f2:7a:e9:16:5b:c5:be:dc:6e:a3:28:66:23:e1:
    23:7e:68:60:5a:bc:a8:00:8c:1c:bc:a1:75:ba:34:
    97:35:8a:47:5a:ea:c6:d4:61
exponent2:
    00:c1:e4:f4:d7:c6:0e:00:68:4f:d3:ba:b0:00:9c:
    a5:b1:50:8f:7e:10:86:c3:85:29:bb:58:fb:bf:ab:
    10:1b:4b:de:01:4e:96:be:5a:45:18:69:12:9d:68:
    e3:e6:75:5e:47:a5:b6:af:3f:84:06:7a:6e:35:12:
    ce:80:34:61:3e:34:17:ff:90:89:e5:5c:9b:0a:d7:
    6b:be:57:f3:76:0a:00:b1:1a:12:3d:7a:f8:0e:a7:
    48:7a:c1:03:0b:0b:d2:63:40:6e:b2:6f:7b:97:9c:
    3d:29:30:0e:a8:bd:39:8e:a3:f4:41:17:51:2a:9b:
    b8:0c:55:d7:92:c7:28:fd:d5
coefficient:
    3d:32:54:78:96:48:42:bc:22:10:cb:ae:68:c2:82:
    e9:20:85:b0:0c:a7:f5:5e:f6:69:b7:98:27:81:da:
    41:83:f4:6e:56:06:79:0f:5d:3a:d6:d0:eb:9a:a4:
    95:49:9a:e2:04:a3:6e:09:c7:2b:d7:93:b7:ac:d8:
    0d:d0:51:9b:7a:6a:3a:6a:50:8f:09:36:30:c4:46:
    d4:2c:25:0c:89:37:14:41:3b:06:32:e3:35:de:b4:
    b9:d3:94:10:ac:26:f3:9f:32:79:32:14:a0:2c:53:
    3b:5e:e7:d7:bd:11:4b:72:93:2e:42:dd:6a:a9:45:
    e9:52:95:ae:d8:47:57:9b

CSR生成

openssl req -new -key cert2048.key -sha256 -out cert2048.csr
openssl req -new -key cert3072.key -sha256 -out cert3072.csr
openssl req -new -key cert4096.key -sha256 -out cert4096.csr
openssl req -new -key certecc256.key -sha256 -out certecc256.csr
openssl req -new -key certecc384.key -sha256 -out certecc384.csr

OpenSSL:/docs/man1.1.1/man1/req.htmlhttps://www.openssl.org

CSR表示

openssl req -text -noout -in cert2048.csr
openssl req -text -noout -in cert3072.csr
openssl req -text -noout -in cert4096.csr
openssl req -text -noout -in certecc256.csr
openssl req -text -noout -in certecc384.csr

自己署名証明書の発行

有効期間:10年(365日×10年+2日[うるう年])

openssl x509 -days 3652 -in cert2048.csr -req -signkey cert2048.key -out cert2048.cer
openssl x509 -days 3652 -in cert3072.csr -req -signkey cert3072.key -out cert3072.cer
openssl x509 -days 3652 -in cert4096.csr -req -signkey cert4096.key -out cert4096.cer
openssl x509 -days 3652 -in certecc256.csr -req -signkey certecc256.key -out certecc256.cer
openssl x509 -days 3652 -in certecc384.csr -req -signkey certecc384.key -out certecc384.cer

CRL表示

openssl crl -inform der -in fullcrl.crl -text -noout

OpenSSL:/docs/man1.1.1/man1/crl.htmlhttps://www.openssl.org

P12ファイル生成

openssl pkcs12 -export -in cert2048.cer -inkey cert2048.key -out cert2048.p12

OpenSSL:/docs/man1.1.1/man1/pkcs12.htmlhttps://www.openssl.org

P12ファイル生成(中間CA証明書を含む)

SubordinateCA.cer…中間CA証明書

openssl pkcs12 -export -in cert2048.cer -inkey cert2048.key -certfile SubordinateCA.cer -out cert2048.p12

P12ファイルから秘密鍵、証明書、中間CA証明書を抽出

#証明書と中間CA証明書を抽出(出力ファイルをテキストファイルで開くと階層を表示することが可能)
openssl pkcs12 -in cert2048.p12 -nokeys -out cert2048-allout.cer
#証明書のみを抽出
openssl pkcs12 -in cert2048.p12 -clcerts -nokeys -out cert2048-out.cer
#中間CA証明書のみを抽出
openssl pkcs12 -in cert2048.p12 -cacerts -nokeys -out SubordinateCA-out.cer
#秘密鍵のみを抽出
openssl pkcs12 -in cert2048.p12 -nocerts -nodes -out cert2048-out.key

証明書検証

RootAndSubordinateCA.cer…ルート証明書と中間CA証明書が結合されたPEMファイル

#証明書検証
openssl verify -CAfile RootAndSubordinateCA.cer cert2048.cer

OpenSSL:/docs/man1.1.1/man1/openssl-verify.htmlhttps://www.openssl.org

OCSPレスポンダーへの問い合わせ

Openssl:https://www.openssl.org/docs/man1.1.1/man1/ocsp.html

【参考】
OCSP Status Checker
PEMファイルを貼り付けるとOCSPの結果が表示される。

OCSP モデルについての説明
https://www.ipa.go.jp/security/pki/043.html

証明書ファイルから問い合わせ

openssl ocsp -sha1 -no_nonce -CAfile [ルート証明書PEMファイル名.cer] -issuer [中間CA証明書PEMファイル名.cer] -cert [TLSサーバー証明書PEMファイル名.cer] -url [HTTPから始まるOCSPレスポンダーURL]

「-sha1」を「-sha256」に変更すると、Certificate IDのHash AlgorithmがSHA256になる。

実行結果
OCSP Request Data:
    Version: 1 (0x0)
    Requestor List:
        Certificate ID:
          Hash Algorithm: sha1
          Issuer Name Hash: 793C84590DB75B740B4C302271956226A68E3487
          Issuer Key Hash: 99451855A2DE5A1DD5A47625B4C33D5671FD9D3E
          Serial Number: 73FF7B6E99E146F8674BDB72C65319E5F43A4085
OCSP Response Data:
    OCSP Response Status: successful (0x0)
    Response Type: Basic OCSP Response
    Version: 1 (0x0)
    Responder Id: C = JP, ST = Tokyo, O = CA, CN = SCA01
    Produced At: Jun  9 22:50:29 2022 GMT
    Responses:
    Certificate ID:
      Hash Algorithm: sha1
      Issuer Name Hash: 793C84590DB75B740B4C302271956226A68E3487
      Issuer Key Hash: 99451855A2DE5A1DD5A47625B4C33D5671FD9D3E
      Serial Number: 73FF7B6E99E146F8674BDB72C65319E5F43A4085
    Cert Status: revoked
    Revocation Time: May 27 23:26:27 2022 GMT
    Revocation Reason: superseded (0x4)
    This Update: Jun  9 22:50:29 2022 GMT
    Next Update: Jun 16 22:50:29 2022 GMT

    Signature Algorithm: sha256WithRSAEncryption
         83:c4:0a:b7:24:c9:68:d9:21:02:bc:db:b1:25:6b:1d:d3:61:
         17:b0:cd:41:a0:39:b9:47:83:f2:f1:24:44:26:17:2e:24:9e:
         23:82:8b:11:84:65:87:45:3b:da:ce:a5:bf:bf:f0:fc:82:05:
         0e:c8:3d:c9:7a:9a:34:33:f7:86:1e:a2:88:07:72:ec:6f:f9:
         46:6d:43:07:c3:56:4c:6d:e3:ed:a3:20:9d:d5:68:b7:5f:6f:
         15:59:46:95:aa:72:a5:75:9d:40:6c:f8:6a:8d:7c:82:27:72:
         3b:c4:97:81:6a:ce:23:fa:b1:7b:ec:91:ae:5e:4a:77:9f:37:
         e2:35:19:7f:cf:6f:4f:56:ba:0e:2d:3b:c1:21:ff:8d:bb:c5:
         a9:9b:f2:69:61:45:1b:6e:b9:f0:59:33:98:95:cc:e4:cc:97:
         a6:e0:42:02:55:0d:1a:eb:de:ec:ff:f5:fc:c2:4e:e3:b0:ed:
         78:1f:55:1f:3d:92:58:76:ff:79:a9:26:97:d3:de:17:ad:ef:
         c9:bd:1b:e5:3d:80:fe:1a:14:48:07:af:ac:f0:97:ca:20:6c:
         87:21:16:53:cd:57:84:89:cc:67:07:40:dc:dd:b3:7e:56:ce:
         5d:65:f4:d5:ea:7f:17:51:5a:fe:96:34:2c:4e:35:1d:c2:8a:
         6d:e4:ba:a7:b3:a7:d1:d5:84:f3:4e:6d:96:67:0d:5f:ae:a5:
         e7:f5:89:26:a2:8d:cc:fb:58:da:04:60:44:61:9a:12:74:09:
         bd:f7:60:e4:42:fb:96:df:3f:d6:2f:e4:b4:79:97:95:01:44:
         3c:1a:22:a8:d5:dd:54:54:13:cc:a2:b7:07:48:dc:d9:91:12:
         51:ea:6f:83:c4:6b:46:ea:ea:55:20:a4:a4:f4:63:ee:3e:de:
         72:af:d7:d3:55:bd:f4:21:d2:86:ca:1b:cb:79:48:53:33:f1:
         4c:19:c2:1d:5c:5f:bf:4b:5b:f4:5f:2d:fe:d4:20:03:c4:96:
         7d:1d:44:66:63:59:c5:2c:78:35:c0:da:35:fc:06:49:59:8a:
         ba:28:a0:33:6d:a9:eb:c3:c9:c0:10:aa:31:7a:bf:51:d7:c3:
         81:3c:77:a0:25:b5:55:4a:40:44:06:5d:b7:7d:dc:31:58:93:
         02:d6:1c:42:1b:67:8b:31:a2:6f:c6:45:5e:52:b3:35:aa:d7:
         f1:06:23:4a:41:4b:09:17:91:1f:c6:16:c1:ea:5e:a4:00:a9:
         68:98:16:96:d3:cd:03:21:bb:27:83:ea:b2:8e:77:a9:4d:e5:
         16:89:8b:f0:65:2a:96:af:cf:1f:fe:a9:b6:7b:71:38:0f:50:
         6d:f5:a0:46:ce:6e:fa:bf
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            43:5a:5a:dc:0f:03:a5:dc:3a:54:30:1f:14:39:c5:de:e9:18:c3:2d
        Signature Algorithm: sha256WithRSAEncryption
        Issuer: C=JP, ST=Tokyo, O=CA, CN=RCA
        Validity
            Not Before: May 27 01:57:18 2022 GMT
            Not After : May 23 01:57:18 2037 GMT
        Subject: C=JP, ST=Tokyo, O=CA, CN=SCA01
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (4096 bit)
                Modulus:
                    00:ce:c0:ea:15:84:2f:f1:90:db:52:2d:2b:19:56:
                    9e:ef:bd:bb:e9:54:18:17:9e:f9:de:57:d5:2d:48:
                    21:64:4f:cd:0f:62:c2:45:81:52:fb:22:71:84:39:
                    e6:62:47:d2:05:73:4e:87:a1:bc:4c:de:83:b0:7f:
                    97:0b:ec:4b:43:15:e6:d0:ba:b5:b7:92:8a:e5:ca:
                    5c:f1:52:b1:3d:4b:b4:f4:91:e4:a8:47:e3:9b:17:
                    0f:ca:51:72:40:10:1c:1d:6f:fe:d9:a2:0d:0c:c6:
                    8d:1f:7c:6b:98:d4:4d:2d:36:48:bc:1c:62:b3:fa:
                    4f:cf:2c:af:6c:bd:1d:27:08:04:49:76:1c:06:e6:
                    cb:4e:df:21:7d:5f:ed:2c:de:91:f6:7a:4c:3b:06:
                    55:3c:90:1a:d1:3f:44:4e:23:31:9b:5a:41:46:af:
                    87:a2:7c:bb:bf:df:64:f1:e8:32:b8:82:99:3e:61:
                    85:17:87:9b:4c:30:fd:16:47:f0:49:ed:50:d9:71:
                    c2:5d:05:4d:4a:f8:27:f4:73:e8:49:23:9f:9e:a6:
                    d0:49:7c:bf:48:91:82:7d:cc:1b:49:db:31:65:e7:
                    2a:71:c3:f8:97:0a:3a:7c:cd:c1:06:0f:1a:25:a2:
                    1a:44:26:ac:6e:e3:71:d4:43:bf:0a:6f:87:55:40:
                    dc:15:c1:b5:e0:0c:67:0a:21:db:c4:af:04:52:b4:
                    5f:80:41:e7:fc:7a:d9:e9:ac:57:fc:59:47:62:68:
                    0e:ca:53:89:55:8b:80:ac:30:af:c8:4d:9e:6c:e1:
                    4f:7f:ed:ce:d0:51:c8:f7:d1:06:ca:cc:be:c0:a2:
                    17:fb:9c:ae:f7:92:53:a3:80:e3:fe:2a:6f:52:16:
                    f8:83:50:53:3e:f2:4e:86:f6:7a:6f:3e:09:4d:56:
                    73:a4:af:c9:a7:b2:97:21:34:84:f0:72:e4:41:dd:
                    4a:cb:61:9d:28:ab:bc:58:1b:77:7e:db:68:e1:a3:
                    c6:a8:8e:c0:14:8f:2a:0d:06:f6:1e:8c:5b:79:a7:
                    c9:86:a5:3b:60:8e:ea:7d:15:1c:e9:a2:68:52:b7:
                    28:2a:16:72:db:78:75:cb:d7:ad:50:7f:8e:11:a9:
                    d9:f4:9a:fb:95:07:f1:ba:36:8f:fe:17:34:eb:b3:
                    00:af:d5:c6:f0:87:a5:39:9a:7a:ac:9c:ba:34:9e:
                    83:c7:30:d5:d7:d1:f1:ef:b4:d0:18:b5:54:19:95:
                    c3:95:e5:a2:66:39:df:2f:c4:f3:ae:fe:02:84:b9:
                    c2:9b:a0:18:27:71:59:6e:56:54:8f:9b:ff:d7:cb:
                    d1:78:d7:bc:ad:08:57:86:89:65:2b:fe:e2:62:bf:
                    95:90:39
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier: 
                99:45:18:55:A2:DE:5A:1D:D5:A4:76:25:B4:C3:3D:56:71:FD:9D:3E
            X509v3 Authority Key Identifier: 
                keyid:37:3E:1B:49:3C:AE:71:72:21:3E:0F:57:A9:72:B9:36:7D:00:EE:BE

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Digital Signature, Certificate Sign, CRL Sign
            X509v3 CRL Distribution Points: 

                Full Name:
                  URI:http://www1.example.com/RCAcrl.crl

            Authority Information Access: 
                CA Issuers - URI:http://www1.example.com/RCA.crt

    Signature Algorithm: sha256WithRSAEncryption
         59:dc:21:53:bd:40:fa:df:a6:b6:9d:76:51:dd:09:52:13:6a:
         34:34:55:31:e5:0d:76:2b:2c:eb:e3:c3:dc:a3:86:1d:38:6d:
         fc:c6:43:8e:18:b2:11:b2:ed:ea:72:65:e0:e8:7d:41:9d:f5:
         be:71:d1:e8:cc:d5:f5:87:6b:e5:c2:d7:57:b0:23:e8:61:94:
         3f:63:db:7c:86:08:ae:87:5a:95:c6:5a:60:bd:41:ae:3e:99:
         3a:5e:aa:d1:ac:7c:86:67:0b:a4:2b:a3:49:0a:d0:2f:2f:37:
         a2:30:7f:49:c8:96:f4:92:96:b8:0f:eb:6f:e3:65:de:82:f3:
         27:87:73:d0:1f:b9:aa:47:65:9f:a0:09:fe:9b:91:d6:4a:dc:
         76:6e:25:3f:52:4c:d6:6b:08:0a:84:26:6e:6f:65:81:ef:0b:
         71:34:4f:0a:62:86:66:99:59:0a:fd:87:e8:42:a7:ac:2d:dc:
         ec:4a:b2:26:6b:7d:74:da:95:fa:ea:da:13:b7:ae:f5:c6:08:
         ca:86:3d:c3:e8:31:eb:c8:af:f0:d8:1a:31:88:32:8a:22:7a:
         27:04:44:6c:af:6c:8b:bb:cb:f0:15:fe:a1:59:51:c9:0c:6c:
         46:ba:2a:26:d3:0a:c9:d8:63:14:97:ad:67:03:f7:0a:13:8f:
         28:6e:12:ab:64:56:55:7e:52:44:3c:cc:4a:8e:45:61:56:ce:
         0b:fe:16:70:a4:38:6d:c4:5b:14:5c:24:3d:66:57:e0:67:14:
         44:64:a9:4c:d6:ad:a3:ef:a8:aa:0a:02:c1:41:0b:09:6a:0f:
         2e:a9:5e:8c:cc:26:1e:0d:58:1a:2e:8e:8a:83:3c:57:32:5e:
         5f:f4:d4:4e:ca:57:32:dc:36:52:52:0f:d5:01:aa:8b:ef:a5:
         fa:41:d0:ed:96:55:c0:e6:c2:4c:8b:a5:31:be:57:4a:da:89:
         62:66:9a:02:00:c1:74:c8:5a:b0:6b:4e:03:81:0c:34:76:a8:
         de:27:ef:03:0e:51:73:af:0c:dd:1e:0a:5f:e2:14:1a:7a:36:
         ba:0e:61:dc:90:48:a9:38:e9:f4:5a:4b:c7:87:1b:9f:e5:33:
         84:df:bd:2d:9d:15:51:4a:11:f8:9f:3b:be:a4:5b:cf:5f:8f:
         02:2f:05:eb:63:d6:17:2e:c6:49:ee:7a:e0:5e:26:97:75:0e:
         5c:59:7d:a2:27:5a:c2:a2:4c:3d:0c:3d:ce:1d:34:95:51:39:
         47:bf:53:2d:0b:cc:8d:49:4f:68:eb:5f:ce:6c:f1:15:46:17:
         32:f5:3c:ff:da:d7:06:6f:c6:ae:ce:17:9e:09:62:07:3a:55:
         c2:c4:20:be:d1:e8:c2:28
-----BEGIN CERTIFICATE-----
MIIF1zCCA7+gAwIBAgIUQ1pa3A8Dpdw6VDAfFDnF3ukYwy0wDQYJKoZIhvcNAQEL
BQAwODELMAkGA1UEBhMCSlAxDjAMBgNVBAgMBVRva3lvMQswCQYDVQQKDAJDQTEM
MAoGA1UEAwwDUkNBMB4XDTIyMDUyNzAxNTcxOFoXDTM3MDUyMzAxNTcxOFowOjEL
MAkGA1UEBhMCSlAxDjAMBgNVBAgMBVRva3lvMQswCQYDVQQKDAJDQTEOMAwGA1UE
AwwFU0NBMDEwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQDOwOoVhC/x
kNtSLSsZVp7vvbvpVBgXnvneV9UtSCFkT80PYsJFgVL7InGEOeZiR9IFc06HobxM
3oOwf5cL7EtDFebQurW3korlylzxUrE9S7T0keSoR+ObFw/KUXJAEBwdb/7Zog0M
xo0ffGuY1E0tNki8HGKz+k/PLK9svR0nCARJdhwG5stO3yF9X+0s3pH2ekw7BlU8
kBrRP0ROIzGbWkFGr4eifLu/32Tx6DK4gpk+YYUXh5tMMP0WR/BJ7VDZccJdBU1K
+Cf0c+hJI5+eptBJfL9IkYJ9zBtJ2zFl5ypxw/iXCjp8zcEGDxolohpEJqxu43HU
Q78Kb4dVQNwVwbXgDGcKIdvErwRStF+AQef8etnprFf8WUdiaA7KU4lVi4CsMK/I
TZ5s4U9/7c7QUcj30QbKzL7Aohf7nK73klOjgOP+Km9SFviDUFM+8k6G9npvPglN
VnOkr8mnspchNITwcuRB3UrLYZ0oq7xYG3d+22jho8aojsAUjyoNBvYejFt5p8mG
pTtgjup9FRzpomhStygqFnLbeHXL161Qf44Rqdn0mvuVB/G6No/+FzTrswCv1cbw
h6U5mnqsnLo0noPHMNXX0fHvtNAYtVQZlcOV5aJmOd8vxPOu/gKEucKboBgncVlu
VlSPm//Xy9F417ytCFeGiWUr/uJiv5WQOQIDAQABo4HWMIHTMB0GA1UdDgQWBBSZ
RRhVot5aHdWkdiW0wz1Wcf2dPjAfBgNVHSMEGDAWgBQ3PhtJPK5xciE+D1epcrk2
fQDuvjAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIBhjAzBgNVHR8ELDAq
MCigJqAkhiJodHRwOi8vd3d3MS5leGFtcGxlLmNvbS9SQ0FjcmwuY3JsMDsGCCsG
AQUFBwEBBC8wLTArBggrBgEFBQcwAoYfaHR0cDovL3d3dzEuZXhhbXBsZS5jb20v
UkNBLmNydDANBgkqhkiG9w0BAQsFAAOCAgEAWdwhU71A+t+mtp12Ud0JUhNqNDRV
MeUNdiss6+PD3KOGHTht/MZDjhiyEbLt6nJl4Oh9QZ31vnHR6MzV9Ydr5cLXV7Aj
6GGUP2PbfIYIrodalcZaYL1Brj6ZOl6q0ax8hmcLpCujSQrQLy83ojB/SciW9JKW
uA/rb+Nl3oLzJ4dz0B+5qkdln6AJ/puR1krcdm4lP1JM1msICoQmbm9lge8LcTRP
CmKGZplZCv2H6EKnrC3c7EqyJmt9dNqV+uraE7eu9cYIyoY9w+gx68iv8NgaMYgy
iiJ6JwREbK9si7vL8BX+oVlRyQxsRroqJtMKydhjFJetZwP3ChOPKG4Sq2RWVX5S
RDzMSo5FYVbOC/4WcKQ4bcRbFFwkPWZX4GcURGSpTNato++oqgoCwUELCWoPLqle
jMwmHg1YGi6OioM8VzJeX/TUTspXMtw2UlIP1QGqi++l+kHQ7ZZVwObCTIulMb5X
StqJYmaaAgDBdMhasGtOA4EMNHao3ifvAw5Rc68M3R4KX+IUGno2ug5h3JBIqTjp
9FpLx4cbn+UzhN+9LZ0VUUoR+J87vqRbz1+PAi8F62PWFy7GSe564F4ml3UOXFl9
oidawqJMPQw9zh00lVE5R79TLQvMjUlPaOtfzmzxFUYXMvU8/9rXBm/Grs4Xngli
BzpVwsQgvtHowig=
-----END CERTIFICATE-----
Response verify OK
0x73ff7b6e99e146f8674bdb72c65319e5f43a4085: revoked
	This Update: Jun  9 22:50:29 2022 GMT
	Next Update: Jun 16 22:50:29 2022 GMT
	Reason: superseded
	Revocation Time: May 27 23:26:27 2022 GMT

シリアルナンバーから問い合わせ

openssl ocsp -sha1 -no_nonce -CAfile [ルート証明書PEMファイル名.cer] -issuer [中間CA証明書PEMファイル名.cer] -serial [シリアルナンバー] -url [HTTPから始まるOCSPレスポンダーURL]

[シリアルナンバー]は、16進数表記の場合、以下のようになる。
0x73ff7b6e99e146f8674bdb72c65319e5f43a4085

タイトルとURLをコピーしました