インストール
OpenSSLインストール手順(Windows 11)を参考にインストール設定する。
コマンド
「C:\OpenSSL」をWorkフォルダーとする。
cd C:\OpenSSL証明書読み込み(PEMファイル)
openssl x509 -text -in 証明書PEMファイル名.cerコマンド結果
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
0d:ab:87:bf:37:6d:84:f3:8e:43:91:1b:25:3a:37:77
Signature Algorithm: sha256WithRSAEncryption
Issuer: C = US, O = Amazon, CN = Amazon RSA 2048 M01
Validity
Not Before: Feb 10 00:00:00 2023 GMT
Not After : Jan 2 23:59:59 2024 GMT
Subject: CN = qiita.com
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (2048 bit)
Modulus:
00:bc:6a:95:e7:31:dc:1c:5c:b7:0d:1c:b2:2b:9c:
97:f9:a5:28:6f:58:63:17:ea:68:ce:62:cb:95:83:
38:3e:09:83:83:fb:0a:48:53:9c:b3:01:e8:de:56:
e2:b6:d7:8d:14:cd:fc:1a:17:d5:35:88:c7:bf:ae:
56:b3:3d:50:83:89:88:e4:c9:42:3b:3f:3f:ff:a7:
83:16:6b:2b:45:07:be:ff:c9:90:fe:63:fa:ed:a1:
ed:19:be:36:c1:f4:f8:28:6d:c9:fb:7d:64:a3:9a:
32:a1:d3:63:3d:35:6e:d1:7a:72:6e:77:a2:84:d6:
c1:5f:ac:1a:0a:98:ea:2f:e8:2e:fb:cb:33:45:60:
35:e4:96:95:1a:d9:ca:35:1f:d9:32:40:33:34:03:
63:0f:b3:30:07:5e:57:83:46:a2:a0:8a:58:21:18:
4a:32:15:6a:62:a4:a5:5b:89:e9:54:f8:ec:b2:06:
f1:7f:ab:4e:86:2c:48:c0:22:9e:d3:51:60:fc:a4:
c3:e0:46:37:61:da:48:11:e1:2e:bf:cd:ae:1c:f8:
97:74:8f:26:75:64:65:dc:b9:bb:d0:93:d2:74:58:
a8:4e:fe:e1:af:f8:83:78:92:fe:68:ff:28:a3:d0:
81:77:47:a7:75:2c:a9:b6:46:ed:7e:5b:d7:1b:21:
bc:5b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Authority Key Identifier:
81:B8:0E:63:8A:89:12:18:E5:FA:3B:3B:50:95:9F:E6:E5:90:13:85
X509v3 Subject Key Identifier:
D8:7D:CE:74:D2:F7:46:3F:03:58:A6:27:D7:40:BC:83:8C:FF:65:82
X509v3 Subject Alternative Name:
DNS:qiita.com, DNS:*.qiita.com
X509v3 Key Usage: critical
Digital Signature, Key Encipherment
X509v3 Extended Key Usage:
TLS Web Server Authentication, TLS Web Client Authentication
X509v3 CRL Distribution Points:
Full Name:
URI:http://crl.r2m01.amazontrust.com/r2m01.crl
X509v3 Certificate Policies:
Policy: 2.23.140.1.2.1
Authority Information Access:
OCSP - URI:http://ocsp.r2m01.amazontrust.com
CA Issuers - URI:http://crt.r2m01.amazontrust.com/r2m01.cer
X509v3 Basic Constraints: critical
CA:FALSE
CT Precertificate SCTs:
Signed Certificate Timestamp:
Version : v1 (0x0)
Log ID : EE:CD:D0:64:D5:DB:1A:CE:C5:5C:B7:9D:B4:CD:13:A2:
32:87:46:7C:BC:EC:DE:C3:51:48:59:46:71:1F:B5:9B
Timestamp : Feb 10 01:54:34.710 2023 GMT
Extensions: none
Signature : ecdsa-with-SHA256
30:44:02:20:55:C4:F8:87:7E:DA:3C:D8:EF:2D:A6:7B:
13:8D:FE:06:FD:3C:EB:71:2E:C6:E2:D6:0E:26:81:67:
44:0D:2F:47:02:20:06:67:5D:AC:16:19:D6:2E:B4:15:
37:E6:33:FD:D6:88:48:E9:40:3B:D2:76:6F:F6:C8:6B:
C9:AB:9D:78:E1:CD
Signed Certificate Timestamp:
Version : v1 (0x0)
Log ID : 73:D9:9E:89:1B:4C:96:78:A0:20:7D:47:9D:E6:B2:C6:
1C:D0:51:5E:71:19:2A:8C:6B:80:10:7A:C1:77:72:B5
Timestamp : Feb 10 01:54:34.810 2023 GMT
Extensions: none
Signature : ecdsa-with-SHA256
30:44:02:20:68:F0:B9:CC:EC:03:A6:15:06:07:2D:74:
55:7E:76:2D:28:13:39:D9:52:A6:4A:61:CD:22:3B:0D:
F7:91:17:5A:02:20:24:C1:DD:02:0A:62:0B:AE:02:63:
11:A2:69:CF:6E:AA:A8:50:52:F6:B9:CC:F3:0B:F5:9B:
95:A2:6F:3B:B5:AA
Signed Certificate Timestamp:
Version : v1 (0x0)
Log ID : 48:B0:E3:6B:DA:A6:47:34:0F:E5:6A:02:FA:9D:30:EB:
1C:52:01:CB:56:DD:2C:81:D9:BB:BF:AB:39:D8:84:73
Timestamp : Feb 10 01:54:34.763 2023 GMT
Extensions: none
Signature : ecdsa-with-SHA256
30:45:02:21:00:9E:94:AA:24:31:2F:CC:19:DE:DB:71:
A2:54:25:48:2D:16:80:5D:C9:E4:09:FD:CE:28:F1:38:
E7:67:CE:F3:1B:02:20:29:5C:01:5E:7B:6C:4E:ED:83:
CB:03:7A:EA:1C:C7:C5:36:D0:F2:28:D2:20:30:90:EA:
35:98:B9:C4:26:AF:19
Signature Algorithm: sha256WithRSAEncryption
Signature Value:
8a:70:c3:7a:9c:72:15:bb:42:f5:20:9c:35:0b:d6:c3:f2:4d:
93:ce:b8:6e:9a:79:0f:17:c0:85:1c:80:7a:ff:dc:12:4f:8a:
5a:e6:9e:43:1e:de:a0:bd:f1:8f:92:c4:e8:7f:3c:5d:7d:53:
00:d1:5c:9d:cc:43:0c:82:be:88:fd:43:d5:ad:83:b9:a8:54:
12:c3:98:55:b4:b0:28:38:0d:8d:83:a2:53:7c:8a:23:10:94:
94:04:1b:47:bc:48:86:0e:6b:3c:81:a8:46:29:f7:d6:d3:b7:
b2:9f:6f:a0:e4:d9:3a:df:28:0a:e8:f5:f1:c3:30:aa:08:d6:
5c:40:b7:39:c8:61:60:8e:e8:82:88:35:fa:93:58:34:47:32:
86:e8:d2:cb:cd:19:36:15:cd:36:0d:84:4f:e1:83:94:5e:4b:
ec:8f:8c:51:a6:b6:0b:44:60:5c:e2:5d:14:a4:48:b6:47:2c:
b1:81:fd:3a:ce:99:0c:00:d8:08:22:23:31:a0:16:4a:1b:77:
73:72:cf:ce:95:ac:87:ae:fd:75:23:2e:20:2a:a4:62:3c:3e:
91:69:c7:c9:99:3b:20:5a:01:c9:29:0a:5a:5f:91:f0:0a:f0:
d6:f0:8f:9f:b8:48:b8:24:dd:57:c8:95:88:5d:23:c2:ec:23:
7f:f3:1b:9d
-----BEGIN CERTIFICATE-----
MIIFyTCCBLGgAwIBAgIQDauHvzdthPOOQ5EbJTo3dzANBgkqhkiG9w0BAQsFADA8
MQswCQYDVQQGEwJVUzEPMA0GA1UEChMGQW1hem9uMRwwGgYDVQQDExNBbWF6b24g
UlNBIDIwNDggTTAxMB4XDTIzMDIxMDAwMDAwMFoXDTI0MDEwMjIzNTk1OVowFDES
MBAGA1UEAxMJcWlpdGEuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAvGqV5zHcHFy3DRyyK5yX+aUob1hjF+pozmLLlYM4PgmDg/sKSFOcswHo3lbi
tteNFM38GhfVNYjHv65Wsz1Qg4mI5MlCOz8//6eDFmsrRQe+/8mQ/mP67aHtGb42
wfT4KG3J+31ko5oyodNjPTVu0XpybneihNbBX6waCpjqL+gu+8szRWA15JaVGtnK
NR/ZMkAzNANjD7MwB15Xg0aioIpYIRhKMhVqYqSlW4npVPjssgbxf6tOhixIwCKe
01Fg/KTD4EY3YdpIEeEuv82uHPiXdI8mdWRl3Lm70JPSdFioTv7hr/iDeJL+aP8o
o9CBd0endSyptkbtflvXGyG8WwIDAQABo4IC7TCCAukwHwYDVR0jBBgwFoAUgbgO
Y4qJEhjl+js7UJWf5uWQE4UwHQYDVR0OBBYEFNh9znTS90Y/A1imJ9dAvIOM/2WC
MCEGA1UdEQQaMBiCCXFpaXRhLmNvbYILKi5xaWl0YS5jb20wDgYDVR0PAQH/BAQD
AgWgMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjA7BgNVHR8ENDAyMDCg
LqAshipodHRwOi8vY3JsLnIybTAxLmFtYXpvbnRydXN0LmNvbS9yMm0wMS5jcmww
EwYDVR0gBAwwCjAIBgZngQwBAgEwdQYIKwYBBQUHAQEEaTBnMC0GCCsGAQUFBzAB
hiFodHRwOi8vb2NzcC5yMm0wMS5hbWF6b250cnVzdC5jb20wNgYIKwYBBQUHMAKG
Kmh0dHA6Ly9jcnQucjJtMDEuYW1hem9udHJ1c3QuY29tL3IybTAxLmNlcjAMBgNV
HRMBAf8EAjAAMIIBfAYKKwYBBAHWeQIEAgSCAWwEggFoAWYAdQDuzdBk1dsazsVc
t520zROiModGfLzs3sNRSFlGcR+1mwAAAYY5CA5WAAAEAwBGMEQCIFXE+Id+2jzY
7y2mexON/gb9POtxLsbi1g4mgWdEDS9HAiAGZ12sFhnWLrQVN+Yz/daISOlAO9J2
b/bIa8mrnXjhzQB1AHPZnokbTJZ4oCB9R53mssYc0FFecRkqjGuAEHrBd3K1AAAB
hjkIDroAAAQDAEYwRAIgaPC5zOwDphUGBy10VX52LSgTOdlSpkphzSI7DfeRF1oC
ICTB3QIKYguuAmMRomnPbqqoUFL2uczzC/WblaJvO7WqAHYASLDja9qmRzQP5WoC
+p0w6xxSActW3SyB2bu/qznYhHMAAAGGOQgOiwAABAMARzBFAiEAnpSqJDEvzBne
23GiVCVILRaAXcnkCf3OKPE452fO8xsCIClcAV57bE7tg8sDeuocx8U20PIo0iAw
kOo1mLnEJq8ZMA0GCSqGSIb3DQEBCwUAA4IBAQCKcMN6nHIVu0L1IJw1C9bD8k2T
zrhumnkPF8CFHIB6/9wST4pa5p5DHt6gvfGPksTofzxdfVMA0VydzEMMgr6I/UPV
rYO5qFQSw5hVtLAoOA2Ng6JTfIojEJSUBBtHvEiGDms8gahGKffW07eyn2+g5Nk6
3ygK6PXxwzCqCNZcQLc5yGFgjuiCiDX6k1g0RzKG6NLLzRk2Fc02DYRP4YOUXkvs
j4xRprYLRGBc4l0UpEi2Ryyxgf06zpkMANgIIiMxoBZKG3dzcs/OlayHrv11Iy4g
KqRiPD6RacfJmTsgWgHJKQpaX5HwCvDW8I+fuEi4JN1XyJWIXSPC7CN/8xud
-----END CERTIFICATE-----証明書読み込み(DERファイル)
openssl x509 -text -inform der -in 証明書DERファイル名.cer証明書読み込み(PEMファイルをASN.1形式で表示)
openssl asn1parse -dump -inform pem -in 証明書PEMファイル名.cerコマンド結果
0:d=0 hl=4 l=1481 cons: SEQUENCE
4:d=1 hl=4 l=1201 cons: SEQUENCE
8:d=2 hl=2 l= 3 cons: cont [ 0 ]
10:d=3 hl=2 l= 1 prim: INTEGER :02
13:d=2 hl=2 l= 16 prim: INTEGER :0DAB87BF376D84F38E43911B253A3777
31:d=2 hl=2 l= 13 cons: SEQUENCE
33:d=3 hl=2 l= 9 prim: OBJECT :sha256WithRSAEncryption
44:d=3 hl=2 l= 0 prim: NULL
46:d=2 hl=2 l= 60 cons: SEQUENCE
48:d=3 hl=2 l= 11 cons: SET
50:d=4 hl=2 l= 9 cons: SEQUENCE
52:d=5 hl=2 l= 3 prim: OBJECT :countryName
57:d=5 hl=2 l= 2 prim: PRINTABLESTRING :US
61:d=3 hl=2 l= 15 cons: SET
63:d=4 hl=2 l= 13 cons: SEQUENCE
65:d=5 hl=2 l= 3 prim: OBJECT :organizationName
70:d=5 hl=2 l= 6 prim: PRINTABLESTRING :Amazon
78:d=3 hl=2 l= 28 cons: SET
80:d=4 hl=2 l= 26 cons: SEQUENCE
82:d=5 hl=2 l= 3 prim: OBJECT :commonName
87:d=5 hl=2 l= 19 prim: PRINTABLESTRING :Amazon RSA 2048 M01
108:d=2 hl=2 l= 30 cons: SEQUENCE
110:d=3 hl=2 l= 13 prim: UTCTIME :230210000000Z
125:d=3 hl=2 l= 13 prim: UTCTIME :240102235959Z
140:d=2 hl=2 l= 20 cons: SEQUENCE
142:d=3 hl=2 l= 18 cons: SET
144:d=4 hl=2 l= 16 cons: SEQUENCE
146:d=5 hl=2 l= 3 prim: OBJECT :commonName
151:d=5 hl=2 l= 9 prim: PRINTABLESTRING :qiita.com
162:d=2 hl=4 l= 290 cons: SEQUENCE
166:d=3 hl=2 l= 13 cons: SEQUENCE
168:d=4 hl=2 l= 9 prim: OBJECT :rsaEncryption
179:d=4 hl=2 l= 0 prim: NULL
181:d=3 hl=4 l= 271 prim: BIT STRING
0000 - 00 30 82 01 0a 02 82 01-01 00 bc 6a 95 e7 31 dc .0.........j..1.
0010 - 1c 5c b7 0d 1c b2 2b 9c-97 f9 a5 28 6f 58 63 17 .\....+....(oXc.
0020 - ea 68 ce 62 cb 95 83 38-3e 09 83 83 fb 0a 48 53 .h.b...8>.....HS
0030 - 9c b3 01 e8 de 56 e2 b6-d7 8d 14 cd fc 1a 17 d5 .....V..........
0040 - 35 88 c7 bf ae 56 b3 3d-50 83 89 88 e4 c9 42 3b 5....V.=P.....B;
0050 - 3f 3f ff a7 83 16 6b 2b-45 07 be ff c9 90 fe 63 ??....k+E......c
0060 - fa ed a1 ed 19 be 36 c1-f4 f8 28 6d c9 fb 7d 64 ......6...(m..}d
0070 - a3 9a 32 a1 d3 63 3d 35-6e d1 7a 72 6e 77 a2 84 ..2..c=5n.zrnw..
0080 - d6 c1 5f ac 1a 0a 98 ea-2f e8 2e fb cb 33 45 60 .._...../....3E`
0090 - 35 e4 96 95 1a d9 ca 35-1f d9 32 40 33 34 03 63 5......5..2@34.c
00a0 - 0f b3 30 07 5e 57 83 46-a2 a0 8a 58 21 18 4a 32 ..0.^W.F...X!.J2
00b0 - 15 6a 62 a4 a5 5b 89 e9-54 f8 ec b2 06 f1 7f ab .jb..[..T.......
00c0 - 4e 86 2c 48 c0 22 9e d3-51 60 fc a4 c3 e0 46 37 N.,H."..Q`....F7
00d0 - 61 da 48 11 e1 2e bf cd-ae 1c f8 97 74 8f 26 75 a.H.........t.&u
00e0 - 64 65 dc b9 bb d0 93 d2-74 58 a8 4e fe e1 af f8 de......tX.N....
00f0 - 83 78 92 fe 68 ff 28 a3-d0 81 77 47 a7 75 2c a9 .x..h.(...wG.u,.
0100 - b6 46 ed 7e 5b d7 1b 21-bc 5b 02 03 01 00 01 .F.~[..!.[.....
456:d=2 hl=4 l= 749 cons: cont [ 3 ]
460:d=3 hl=4 l= 745 cons: SEQUENCE
464:d=4 hl=2 l= 31 cons: SEQUENCE
466:d=5 hl=2 l= 3 prim: OBJECT :X509v3 Authority Key Identifier
471:d=5 hl=2 l= 24 prim: OCTET STRING
0000 - 30 16 80 14 81 b8 0e 63-8a 89 12 18 e5 fa 3b 3b 0......c......;;
0010 - 50 95 9f e6 e5 90 13 85- P.......
497:d=4 hl=2 l= 29 cons: SEQUENCE
499:d=5 hl=2 l= 3 prim: OBJECT :X509v3 Subject Key Identifier
504:d=5 hl=2 l= 22 prim: OCTET STRING
0000 - 04 14 d8 7d ce 74 d2 f7-46 3f 03 58 a6 27 d7 40 ...}.t..F?.X.'.@
0010 - bc 83 8c ff 65 82 ....e.
528:d=4 hl=2 l= 33 cons: SEQUENCE
530:d=5 hl=2 l= 3 prim: OBJECT :X509v3 Subject Alternative Name
535:d=5 hl=2 l= 26 prim: OCTET STRING
0000 - 30 18 82 09 71 69 69 74-61 2e 63 6f 6d 82 0b 2a 0...qiita.com..*
0010 - 2e 71 69 69 74 61 2e 63-6f 6d .qiita.com
563:d=4 hl=2 l= 14 cons: SEQUENCE
565:d=5 hl=2 l= 3 prim: OBJECT :X509v3 Key Usage
570:d=5 hl=2 l= 1 prim: BOOLEAN :255
573:d=5 hl=2 l= 4 prim: OCTET STRING
0000 - 03 02 05 a0 ....
579:d=4 hl=2 l= 29 cons: SEQUENCE
581:d=5 hl=2 l= 3 prim: OBJECT :X509v3 Extended Key Usage
586:d=5 hl=2 l= 22 prim: OCTET STRING
0000 - 30 14 06 08 2b 06 01 05-05 07 03 01 06 08 2b 06 0...+.........+.
0010 - 01 05 05 07 03 02 ......
610:d=4 hl=2 l= 59 cons: SEQUENCE
612:d=5 hl=2 l= 3 prim: OBJECT :X509v3 CRL Distribution Points
617:d=5 hl=2 l= 52 prim: OCTET STRING
0000 - 30 32 30 30 a0 2e a0 2c-86 2a 68 74 74 70 3a 2f 0200...,.*http:/
0010 - 2f 63 72 6c 2e 72 32 6d-30 31 2e 61 6d 61 7a 6f /crl.r2m01.amazo
0020 - 6e 74 72 75 73 74 2e 63-6f 6d 2f 72 32 6d 30 31 ntrust.com/r2m01
0030 - 2e 63 72 6c .crl
671:d=4 hl=2 l= 19 cons: SEQUENCE
673:d=5 hl=2 l= 3 prim: OBJECT :X509v3 Certificate Policies
678:d=5 hl=2 l= 12 prim: OCTET STRING
0000 - 30 0a 30 08 06 06 67 81-0c 01 02 01 0.0...g.....
692:d=4 hl=2 l= 117 cons: SEQUENCE
694:d=5 hl=2 l= 8 prim: OBJECT :Authority Information Access
704:d=5 hl=2 l= 105 prim: OCTET STRING
0000 - 30 67 30 2d 06 08 2b 06-01 05 05 07 30 01 86 21 0g0-..+.....0..!
0010 - 68 74 74 70 3a 2f 2f 6f-63 73 70 2e 72 32 6d 30 http://ocsp.r2m0
0020 - 31 2e 61 6d 61 7a 6f 6e-74 72 75 73 74 2e 63 6f 1.amazontrust.co
0030 - 6d 30 36 06 08 2b 06 01-05 05 07 30 02 86 2a 68 m06..+.....0..*h
0040 - 74 74 70 3a 2f 2f 63 72-74 2e 72 32 6d 30 31 2e ttp://crt.r2m01.
0050 - 61 6d 61 7a 6f 6e 74 72-75 73 74 2e 63 6f 6d 2f amazontrust.com/
0060 - 72 32 6d 30 31 2e 63 65-72 r2m01.cer
811:d=4 hl=2 l= 12 cons: SEQUENCE
813:d=5 hl=2 l= 3 prim: OBJECT :X509v3 Basic Constraints
818:d=5 hl=2 l= 1 prim: BOOLEAN :255
821:d=5 hl=2 l= 2 prim: OCTET STRING
0000 - 30 00 0.
825:d=4 hl=4 l= 380 cons: SEQUENCE
829:d=5 hl=2 l= 10 prim: OBJECT :CT Precertificate SCTs
841:d=5 hl=4 l= 364 prim: OCTET STRING
0000 - 04 82 01 68 01 66 00 75-00 ee cd d0 64 d5 db 1a ...h.f.u....d...
0010 - ce c5 5c b7 9d b4 cd 13-a2 32 87 46 7c bc ec de ..\......2.F|...
0020 - c3 51 48 59 46 71 1f b5-9b 00 00 01 86 39 08 0e .QHYFq.......9..
0030 - 56 00 00 04 03 00 46 30-44 02 20 55 c4 f8 87 7e V.....F0D. U...~
0040 - da 3c d8 ef 2d a6 7b 13-8d fe 06 fd 3c eb 71 2e .<..-.{.....<.q.
0050 - c6 e2 d6 0e 26 81 67 44-0d 2f 47 02 20 06 67 5d ....&.gD./G. .g]
0060 - ac 16 19 d6 2e b4 15 37-e6 33 fd d6 88 48 e9 40 .......7.3...H.@
0070 - 3b d2 76 6f f6 c8 6b c9-ab 9d 78 e1 cd 00 75 00 ;.vo..k...x...u.
0080 - 73 d9 9e 89 1b 4c 96 78-a0 20 7d 47 9d e6 b2 c6 s....L.x. }G....
0090 - 1c d0 51 5e 71 19 2a 8c-6b 80 10 7a c1 77 72 b5 ..Q^q.*.k..z.wr.
00a0 - 00 00 01 86 39 08 0e ba-00 00 04 03 00 46 30 44 ....9........F0D
00b0 - 02 20 68 f0 b9 cc ec 03-a6 15 06 07 2d 74 55 7e . h.........-tU~
00c0 - 76 2d 28 13 39 d9 52 a6-4a 61 cd 22 3b 0d f7 91 v-(.9.R.Ja.";...
00d0 - 17 5a 02 20 24 c1 dd 02-0a 62 0b ae 02 63 11 a2 .Z. $....b...c..
00e0 - 69 cf 6e aa a8 50 52 f6-b9 cc f3 0b f5 9b 95 a2 i.n..PR.........
00f0 - 6f 3b b5 aa 00 76 00 48-b0 e3 6b da a6 47 34 0f o;...v.H..k..G4.
0100 - e5 6a 02 fa 9d 30 eb 1c-52 01 cb 56 dd 2c 81 d9 .j...0..R..V.,..
0110 - bb bf ab 39 d8 84 73 00-00 01 86 39 08 0e 8b 00 ...9..s....9....
0120 - 00 04 03 00 47 30 45 02-21 00 9e 94 aa 24 31 2f ....G0E.!....$1/
0130 - cc 19 de db 71 a2 54 25-48 2d 16 80 5d c9 e4 09 ....q.T%H-..]...
0140 - fd ce 28 f1 38 e7 67 ce-f3 1b 02 20 29 5c 01 5e ..(.8.g.... )\.^
0150 - 7b 6c 4e ed 83 cb 03 7a-ea 1c c7 c5 36 d0 f2 28 {lN....z....6..(
0160 - d2 20 30 90 ea 35 98 b9-c4 26 af 19 . 0..5...&..
1209:d=1 hl=2 l= 13 cons: SEQUENCE
1211:d=2 hl=2 l= 9 prim: OBJECT :sha256WithRSAEncryption
1222:d=2 hl=2 l= 0 prim: NULL
1224:d=1 hl=4 l= 257 prim: BIT STRING
0000 - 00 8a 70 c3 7a 9c 72 15-bb 42 f5 20 9c 35 0b d6 ..p.z.r..B. .5..
0010 - c3 f2 4d 93 ce b8 6e 9a-79 0f 17 c0 85 1c 80 7a ..M...n.y......z
0020 - ff dc 12 4f 8a 5a e6 9e-43 1e de a0 bd f1 8f 92 ...O.Z..C.......
0030 - c4 e8 7f 3c 5d 7d 53 00-d1 5c 9d cc 43 0c 82 be ...<]}S..\..C...
0040 - 88 fd 43 d5 ad 83 b9 a8-54 12 c3 98 55 b4 b0 28 ..C.....T...U..(
0050 - 38 0d 8d 83 a2 53 7c 8a-23 10 94 94 04 1b 47 bc 8....S|.#.....G.
0060 - 48 86 0e 6b 3c 81 a8 46-29 f7 d6 d3 b7 b2 9f 6f H..k<..F)......o
0070 - a0 e4 d9 3a df 28 0a e8-f5 f1 c3 30 aa 08 d6 5c ...:.(.....0...\
0080 - 40 b7 39 c8 61 60 8e e8-82 88 35 fa 93 58 34 47 @.9.a`....5..X4G
0090 - 32 86 e8 d2 cb cd 19 36-15 cd 36 0d 84 4f e1 83 2......6..6..O..
00a0 - 94 5e 4b ec 8f 8c 51 a6-b6 0b 44 60 5c e2 5d 14 .^K...Q...D`\.].
00b0 - a4 48 b6 47 2c b1 81 fd-3a ce 99 0c 00 d8 08 22 .H.G,...:......"
00c0 - 23 31 a0 16 4a 1b 77 73-72 cf ce 95 ac 87 ae fd #1..J.wsr.......
00d0 - 75 23 2e 20 2a a4 62 3c-3e 91 69 c7 c9 99 3b 20 u#. *.b<>.i...;
00e0 - 5a 01 c9 29 0a 5a 5f 91-f0 0a f0 d6 f0 8f 9f b8 Z..).Z_.........
00f0 - 48 b8 24 dd 57 c8 95 88-5d 23 c2 ec 23 7f f3 1b H.$.W...]#..#...
0100 - 9d .
証明書読み込み(DERファイルをASN.1形式で表示)
openssl asn1parse -dump -inform der -in 証明書DERファイル名.cer証明書変換(PEM→DERファイル)
openssl x509 -in 証明書PEMファイル名.cer -outform der -out 変換後証明書DERファイル名.cer証明書変換(DER→PEMファイル)
openssl x509 -inform der -in 証明書DERファイル名.cer -outform pem -out 変換後証明書PEMファイル名.cerウェブサーバーに接続し証明書取得(証明書設定状況の確認)
「-CAfile」でルート証明書を指定すると結果に
「Verify return code: 20 (unable to get local issuer certificate)」が表示されない。
オプション
-tls1_2 … TLS 1.2 のみを使って接続する
-tls1_3 … TLS 1.3 のみを使って接続する
-quiet … 表示が簡略化する
openssl s_client -showcerts -connect www.google.com:443
openssl s_client -showcerts -connect www.google.com:443 -CAfile "C:\OpenSSL\GTS Root R1.crt"depth=1が中間CA証明書。
depth=0がTLSサーバー証明書。
コマンド結果(「-CAfile」なし)
openssl s_client -connect www.google.com:443 -showcerts
Connecting to 142.250.196.132
CONNECTED(000001DC)
depth=2 C=US, O=Google Trust Services LLC, CN=GTS Root R1
verify error:num=20:unable to get local issuer certificate
verify return:1
depth=1 C=US, O=Google Trust Services LLC, CN=GTS CA 1C3
verify return:1
depth=0 CN=www.google.com
verify return:1
---
Certificate chain
0 s:CN=www.google.com
i:C=US, O=Google Trust Services LLC, CN=GTS CA 1C3
a:PKEY: id-ecPublicKey, 256 (bit); sigalg: RSA-SHA256
v:NotBefore: Mar 4 07:19:07 2024 GMT; NotAfter: May 27 07:19:06 2024 GMT
-----BEGIN CERTIFICATE-----
MIIEijCCA3KgAwIBAgIRAP4dE5JhiucMEGWQKlXQQa0wDQYJKoZIhvcNAQELBQAw
RjELMAkGA1UEBhMCVVMxIjAgBgNVBAoTGUdvb2dsZSBUcnVzdCBTZXJ2aWNlcyBM
TEMxEzARBgNVBAMTCkdUUyBDQSAxQzMwHhcNMjQwMzA0MDcxOTA3WhcNMjQwNTI3
MDcxOTA2WjAZMRcwFQYDVQQDEw53d3cuZ29vZ2xlLmNvbTBZMBMGByqGSM49AgEG
CCqGSM49AwEHA0IABMMDSQ2mMkIXUjnAeS3yfWjwitq5YVFHILRKzj3K431rP+/j
FAXZijbgZP+mm7nfJJsy+TXaYgO01q5IdDVDqBWjggJpMIICZTAOBgNVHQ8BAf8E
BAMCB4AwEwYDVR0lBAwwCgYIKwYBBQUHAwEwDAYDVR0TAQH/BAIwADAdBgNVHQ4E
FgQUV/1e5rYZ0yR7pC592IZRcCllWLowHwYDVR0jBBgwFoAUinR/r4XN7pXNPZzQ
4kYU83E1HScwagYIKwYBBQUHAQEEXjBcMCcGCCsGAQUFBzABhhtodHRwOi8vb2Nz
cC5wa2kuZ29vZy9ndHMxYzMwMQYIKwYBBQUHMAKGJWh0dHA6Ly9wa2kuZ29vZy9y
ZXBvL2NlcnRzL2d0czFjMy5kZXIwGQYDVR0RBBIwEIIOd3d3Lmdvb2dsZS5jb20w
IQYDVR0gBBowGDAIBgZngQwBAgEwDAYKKwYBBAHWeQIFAzA8BgNVHR8ENTAzMDGg
L6AthitodHRwOi8vY3Jscy5wa2kuZ29vZy9ndHMxYzMvemRBVHQwRXhfRmsuY3Js
MIIBBgYKKwYBBAHWeQIEAgSB9wSB9ADyAHcASLDja9qmRzQP5WoC+p0w6xxSActW
3SyB2bu/qznYhHMAAAGOCIuRPAAABAMASDBGAiEAn1g5+kQpvQpi3+hvUTOSufLt
kTAJGJhKAjtjqx+N7/0CIQCGvjaQJIDJtjzgAZCnj4TpzNOBFLWRqGjR+IfDXRzy
mgB3AO7N0GTV2xrOxVy3nbTNE6Iyh0Z8vOzew1FIWUZxH7WbAAABjgiLkRcAAAQD
AEgwRgIhANSmnt2rCCaon3Tlu4rKuxixvrBxMM2VuHeFP9JpvWa/AiEAoPH+GHpK
WDN4pvPqRvYweky6Ud6mH/RD0x3uiV/8p0owDQYJKoZIhvcNAQELBQADggEBAL7C
TTtTWrnwz16zmWgr4LDCacIEPO7tiWikxijBneH5odCyoKYfOHmJeMRLTCELAo9e
EUT00UBv+C+IuTQYqznd26c7FaIfJMa7t+sCFid+QDTISyAbgzgUE/7i9iYBwteD
PzcEENWXO/ctzGxHqNwA2XBZNNyIhpNQvxHSZ9S36nsOk4fiTnirUMOrXZKfp60j
qbcyShje65KcwHccLZWlETXGI8uhYD3zkDbRBPXMy0Z1TIhHTKwE+SKSQUBIoRKS
QqN3IYXEpzXTpoo182hRXwGNc6oCkZumqmtXsVC7oZRU3Kb1A/lO2DG8yIA91Ixy
EoACZYQWDlFet3okex8=
-----END CERTIFICATE-----
1 s:C=US, O=Google Trust Services LLC, CN=GTS CA 1C3
i:C=US, O=Google Trust Services LLC, CN=GTS Root R1
a:PKEY: rsaEncryption, 2048 (bit); sigalg: RSA-SHA256
v:NotBefore: Aug 13 00:00:42 2020 GMT; NotAfter: Sep 30 00:00:42 2027 GMT
-----BEGIN CERTIFICATE-----
MIIFljCCA36gAwIBAgINAgO8U1lrNMcY9QFQZjANBgkqhkiG9w0BAQsFADBHMQsw
CQYDVQQGEwJVUzEiMCAGA1UEChMZR29vZ2xlIFRydXN0IFNlcnZpY2VzIExMQzEU
MBIGA1UEAxMLR1RTIFJvb3QgUjEwHhcNMjAwODEzMDAwMDQyWhcNMjcwOTMwMDAw
MDQyWjBGMQswCQYDVQQGEwJVUzEiMCAGA1UEChMZR29vZ2xlIFRydXN0IFNlcnZp
Y2VzIExMQzETMBEGA1UEAxMKR1RTIENBIDFDMzCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAPWI3+dijB43+DdCkH9sh9D7ZYIl/ejLa6T/belaI+KZ9hzp
kgOZE3wJCor6QtZeViSqejOEH9Hpabu5dOxXTGZok3c3VVP+ORBNtzS7XyV3NzsX
lOo85Z3VvMO0Q+sup0fvsEQRY9i0QYXdQTBIkxu/t/bgRQIh4JZCF8/ZK2VWNAcm
BA2o/X3KLu/qSHw3TT8An4Pf73WELnlXXPxXbhqW//yMmqaZviXZf5YsBvcRKgKA
gOtjGDxQSYflispfGStZloEAoPtR28p3CwvJlk/vcEnHXG0g/Zm0tOLKLnf9LdwL
tmsTDIwZKxeWmLnwi/agJ7u2441Rj72ux5uxiZ0CAwEAAaOCAYAwggF8MA4GA1Ud
DwEB/wQEAwIBhjAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwEgYDVR0T
AQH/BAgwBgEB/wIBADAdBgNVHQ4EFgQUinR/r4XN7pXNPZzQ4kYU83E1HScwHwYD
VR0jBBgwFoAU5K8rJnEaK0gnhS9SZizv8IkTcT4waAYIKwYBBQUHAQEEXDBaMCYG
CCsGAQUFBzABhhpodHRwOi8vb2NzcC5wa2kuZ29vZy9ndHNyMTAwBggrBgEFBQcw
AoYkaHR0cDovL3BraS5nb29nL3JlcG8vY2VydHMvZ3RzcjEuZGVyMDQGA1UdHwQt
MCswKaAnoCWGI2h0dHA6Ly9jcmwucGtpLmdvb2cvZ3RzcjEvZ3RzcjEuY3JsMFcG
A1UdIARQME4wOAYKKwYBBAHWeQIFAzAqMCgGCCsGAQUFBwIBFhxodHRwczovL3Br
aS5nb29nL3JlcG9zaXRvcnkvMAgGBmeBDAECATAIBgZngQwBAgIwDQYJKoZIhvcN
AQELBQADggIBAIl9rCBcDDy+mqhXlRu0rvqrpXJxtDaV/d9AEQNMwkYUuxQkq/BQ
cSLbrcRuf8/xam/IgxvYzolfh2yHuKkMo5uhYpSTld9brmYZCwKWnvy15xBpPnrL
RklfRuFBsdeYTWU0AIAaP0+fbH9JAIFTQaSSIYKCGvGjRFsqUBITTcFTNvNCCK9U
+o53UxtkOCcXCb1YyRt8OS1b887U7ZfbFAO/CVMkH8IMBHmYJvJh8VNS/UKMG2Yr
PxWhu//2m+OBmgEGcYk1KCTd4b3rGS3hSMs9WYNRtHTGnXzGsYZbr8w0xNPM1IER
lQCh9BIiAfq0g3GvjLeMcySsN1PCAJA/Ef5c7TaUEDu9Ka7ixzpiO2xj2YC/WXGs
Yye5TBeg2vZzFb8q3o/zpWwygTMD0IZRcZk0upONXbVRWPeyk+gB9lm+cZv9TSjO
z23HFtz30dZGm6fKa+l3D/2gthsjgx0QGtkJAITgRNOidSOzNIb2ILCkXhAd4FJG
AJ2xDx8hcFH1mt0G/FX0Kw4zd8NLQsLxdxP8c4CU6x+7Nz/OAipmsHMdMqUybDKw
juDEI/9bfU1lcKwrmz3O2+BtjjKAvpafkmO8l7tdufThcV4q5O8DIrGKZTqPwJNl
1IXNDw9bg1kWRxYtnCQ6yICmJhSFm/Y3m6xv+cXDBlHz4n/FsRC6UfTd
-----END CERTIFICATE-----
2 s:C=US, O=Google Trust Services LLC, CN=GTS Root R1
i:C=BE, O=GlobalSign nv-sa, OU=Root CA, CN=GlobalSign Root CA
a:PKEY: rsaEncryption, 4096 (bit); sigalg: RSA-SHA256
v:NotBefore: Jun 19 00:00:42 2020 GMT; NotAfter: Jan 28 00:00:42 2028 GMT
-----BEGIN CERTIFICATE-----
MIIFYjCCBEqgAwIBAgIQd70NbNs2+RrqIQ/E8FjTDTANBgkqhkiG9w0BAQsFADBX
MQswCQYDVQQGEwJCRTEZMBcGA1UEChMQR2xvYmFsU2lnbiBudi1zYTEQMA4GA1UE
CxMHUm9vdCBDQTEbMBkGA1UEAxMSR2xvYmFsU2lnbiBSb290IENBMB4XDTIwMDYx
OTAwMDA0MloXDTI4MDEyODAwMDA0MlowRzELMAkGA1UEBhMCVVMxIjAgBgNVBAoT
GUdvb2dsZSBUcnVzdCBTZXJ2aWNlcyBMTEMxFDASBgNVBAMTC0dUUyBSb290IFIx
MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAthECix7joXebO9y/lD63
ladAPKH9gvl9MgaCcfb2jH/76Nu8ai6Xl6OMS/kr9rH5zoQdsfnFl97vufKj6bwS
iV6nqlKr+CMny6SxnGPb15l+8Ape62im9MZaRw1NEDPjTrETo8gYbEvs/AmQ351k
KSUjB6G00j0uYODP0gmHu81I8E3CwnqIiru6z1kZ1q+PsAewnjHxgsHA3y6mbWwZ
DrXYfiYaRQM9sHmklCitD38m5agI/pboPGiUU+6DOogrFZYJsuB6jC511pzrp1Zk
j5ZPaK49l8KEj8C8QMALXL32h7M1bKwYUH+E4EzNktMg6TO8UpmvMrUpsyUqtEj5
cuHKZPfmghCN6J3Cioj6OGaK/GP5Afl4/Xtcd/p2h/rs37EOeZVXtL0m79YB0esW
CruOC7XFxYpVq9Os6pFLKcwZpDIlTirxZUTQAs6qzkm06p98g7BAe+dDq6dso499
iYH6TKX/1Y7DzkvgtdizjkXPdsDtQCv9Uw+wp9U7DbGKogPeMa3Md+pvez7W35Ei
Eua++tgy/BBjFFFy3l3WFpO9KWgz7zpm7AeKJt8T11dleCfeXkkUAKIAf5qoIbap
sZWwpbkNFhHax2xIPEDgfg1azVY80ZcFuctL7TlLnMQ/0lUTbiSw1nH69MG6zO0b
9f6BQdgAmD06yK56mDcYBZUCAwEAAaOCATgwggE0MA4GA1UdDwEB/wQEAwIBhjAP
BgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBTkrysmcRorSCeFL1JmLO/wiRNxPjAf
BgNVHSMEGDAWgBRge2YaRQ2XyolQL30EzTSo//z9SzBgBggrBgEFBQcBAQRUMFIw
JQYIKwYBBQUHMAGGGWh0dHA6Ly9vY3NwLnBraS5nb29nL2dzcjEwKQYIKwYBBQUH
MAKGHWh0dHA6Ly9wa2kuZ29vZy9nc3IxL2dzcjEuY3J0MDIGA1UdHwQrMCkwJ6Al
oCOGIWh0dHA6Ly9jcmwucGtpLmdvb2cvZ3NyMS9nc3IxLmNybDA7BgNVHSAENDAy
MAgGBmeBDAECATAIBgZngQwBAgIwDQYLKwYBBAHWeQIFAwIwDQYLKwYBBAHWeQIF
AwMwDQYJKoZIhvcNAQELBQADggEBADSkHrEoo9C0dhemMXoh6dFSPsjbdBZBiLg9
NR3t5P+T4Vxfq7vqfM/b5A3Ri1fyJm9bvhdGaJQ3b2t6yMAYN/olUazsaL+yyEn9
WprKASOshIArAoyZl+tJaox118fessmXn1hIVw41oeQa1v1vg4Fv74zPl6/AhSrw
9U5pCZEt4Wi4wStz6dTZ/CLANx8LZh1J7QJVj2fhMtfTJr9w4z30Z209fOU0iOMy
+qduBmpvvYuR7hZL6Dupszfnw0Skfths18dG9ZKb59UhvmaSGZRVbNQpsg3BZlvi
d0lIKO2d1xozclOzgjXPYovJJIultzkMu34qQb9Sz/yilrbCgj8=
-----END CERTIFICATE-----
---
Server certificate
subject=CN=www.google.com
issuer=C=US, O=Google Trust Services LLC, CN=GTS CA 1C3
---
No client certificate CA names sent
Peer signing digest: SHA256
Peer signature type: ECDSA
Server Temp Key: X25519, 253 bits
---
SSL handshake has read 4297 bytes and written 402 bytes
Verification error: unable to get local issuer certificate
---
New, TLSv1.3, Cipher is TLS_AES_256_GCM_SHA384
Server public key is 256 bit
This TLS version forbids renegotiation.
Compression: NONE
Expansion: NONE
No ALPN negotiated
Early data was not sent
Verify return code: 20 (unable to get local issuer certificate)
---
94500000:error:0A000126:SSL routines::unexpected eof while reading:ssl\record\rec_layer_s3.c:650:
コマンド結果(「-CAfile」あり)
openssl s_client -connect www.google.com:443 -showcerts -CAfile "C:\OpenSSL\GTS Root R1.crt"
Connecting to 172.217.161.36
CONNECTED(000001DC)
depth=2 C=US, O=Google Trust Services LLC, CN=GTS Root R1
verify return:1
depth=1 C=US, O=Google Trust Services LLC, CN=GTS CA 1C3
verify return:1
depth=0 CN=www.google.com
verify return:1
---
Certificate chain
0 s:CN=www.google.com
i:C=US, O=Google Trust Services LLC, CN=GTS CA 1C3
a:PKEY: id-ecPublicKey, 256 (bit); sigalg: RSA-SHA256
v:NotBefore: Mar 4 07:19:07 2024 GMT; NotAfter: May 27 07:19:06 2024 GMT
-----BEGIN CERTIFICATE-----
MIIEijCCA3KgAwIBAgIRAP4dE5JhiucMEGWQKlXQQa0wDQYJKoZIhvcNAQELBQAw
RjELMAkGA1UEBhMCVVMxIjAgBgNVBAoTGUdvb2dsZSBUcnVzdCBTZXJ2aWNlcyBM
TEMxEzARBgNVBAMTCkdUUyBDQSAxQzMwHhcNMjQwMzA0MDcxOTA3WhcNMjQwNTI3
MDcxOTA2WjAZMRcwFQYDVQQDEw53d3cuZ29vZ2xlLmNvbTBZMBMGByqGSM49AgEG
CCqGSM49AwEHA0IABMMDSQ2mMkIXUjnAeS3yfWjwitq5YVFHILRKzj3K431rP+/j
FAXZijbgZP+mm7nfJJsy+TXaYgO01q5IdDVDqBWjggJpMIICZTAOBgNVHQ8BAf8E
BAMCB4AwEwYDVR0lBAwwCgYIKwYBBQUHAwEwDAYDVR0TAQH/BAIwADAdBgNVHQ4E
FgQUV/1e5rYZ0yR7pC592IZRcCllWLowHwYDVR0jBBgwFoAUinR/r4XN7pXNPZzQ
4kYU83E1HScwagYIKwYBBQUHAQEEXjBcMCcGCCsGAQUFBzABhhtodHRwOi8vb2Nz
cC5wa2kuZ29vZy9ndHMxYzMwMQYIKwYBBQUHMAKGJWh0dHA6Ly9wa2kuZ29vZy9y
ZXBvL2NlcnRzL2d0czFjMy5kZXIwGQYDVR0RBBIwEIIOd3d3Lmdvb2dsZS5jb20w
IQYDVR0gBBowGDAIBgZngQwBAgEwDAYKKwYBBAHWeQIFAzA8BgNVHR8ENTAzMDGg
L6AthitodHRwOi8vY3Jscy5wa2kuZ29vZy9ndHMxYzMvemRBVHQwRXhfRmsuY3Js
MIIBBgYKKwYBBAHWeQIEAgSB9wSB9ADyAHcASLDja9qmRzQP5WoC+p0w6xxSActW
3SyB2bu/qznYhHMAAAGOCIuRPAAABAMASDBGAiEAn1g5+kQpvQpi3+hvUTOSufLt
kTAJGJhKAjtjqx+N7/0CIQCGvjaQJIDJtjzgAZCnj4TpzNOBFLWRqGjR+IfDXRzy
mgB3AO7N0GTV2xrOxVy3nbTNE6Iyh0Z8vOzew1FIWUZxH7WbAAABjgiLkRcAAAQD
AEgwRgIhANSmnt2rCCaon3Tlu4rKuxixvrBxMM2VuHeFP9JpvWa/AiEAoPH+GHpK
WDN4pvPqRvYweky6Ud6mH/RD0x3uiV/8p0owDQYJKoZIhvcNAQELBQADggEBAL7C
TTtTWrnwz16zmWgr4LDCacIEPO7tiWikxijBneH5odCyoKYfOHmJeMRLTCELAo9e
EUT00UBv+C+IuTQYqznd26c7FaIfJMa7t+sCFid+QDTISyAbgzgUE/7i9iYBwteD
PzcEENWXO/ctzGxHqNwA2XBZNNyIhpNQvxHSZ9S36nsOk4fiTnirUMOrXZKfp60j
qbcyShje65KcwHccLZWlETXGI8uhYD3zkDbRBPXMy0Z1TIhHTKwE+SKSQUBIoRKS
QqN3IYXEpzXTpoo182hRXwGNc6oCkZumqmtXsVC7oZRU3Kb1A/lO2DG8yIA91Ixy
EoACZYQWDlFet3okex8=
-----END CERTIFICATE-----
1 s:C=US, O=Google Trust Services LLC, CN=GTS CA 1C3
i:C=US, O=Google Trust Services LLC, CN=GTS Root R1
a:PKEY: rsaEncryption, 2048 (bit); sigalg: RSA-SHA256
v:NotBefore: Aug 13 00:00:42 2020 GMT; NotAfter: Sep 30 00:00:42 2027 GMT
-----BEGIN CERTIFICATE-----
MIIFljCCA36gAwIBAgINAgO8U1lrNMcY9QFQZjANBgkqhkiG9w0BAQsFADBHMQsw
CQYDVQQGEwJVUzEiMCAGA1UEChMZR29vZ2xlIFRydXN0IFNlcnZpY2VzIExMQzEU
MBIGA1UEAxMLR1RTIFJvb3QgUjEwHhcNMjAwODEzMDAwMDQyWhcNMjcwOTMwMDAw
MDQyWjBGMQswCQYDVQQGEwJVUzEiMCAGA1UEChMZR29vZ2xlIFRydXN0IFNlcnZp
Y2VzIExMQzETMBEGA1UEAxMKR1RTIENBIDFDMzCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAPWI3+dijB43+DdCkH9sh9D7ZYIl/ejLa6T/belaI+KZ9hzp
kgOZE3wJCor6QtZeViSqejOEH9Hpabu5dOxXTGZok3c3VVP+ORBNtzS7XyV3NzsX
lOo85Z3VvMO0Q+sup0fvsEQRY9i0QYXdQTBIkxu/t/bgRQIh4JZCF8/ZK2VWNAcm
BA2o/X3KLu/qSHw3TT8An4Pf73WELnlXXPxXbhqW//yMmqaZviXZf5YsBvcRKgKA
gOtjGDxQSYflispfGStZloEAoPtR28p3CwvJlk/vcEnHXG0g/Zm0tOLKLnf9LdwL
tmsTDIwZKxeWmLnwi/agJ7u2441Rj72ux5uxiZ0CAwEAAaOCAYAwggF8MA4GA1Ud
DwEB/wQEAwIBhjAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwEgYDVR0T
AQH/BAgwBgEB/wIBADAdBgNVHQ4EFgQUinR/r4XN7pXNPZzQ4kYU83E1HScwHwYD
VR0jBBgwFoAU5K8rJnEaK0gnhS9SZizv8IkTcT4waAYIKwYBBQUHAQEEXDBaMCYG
CCsGAQUFBzABhhpodHRwOi8vb2NzcC5wa2kuZ29vZy9ndHNyMTAwBggrBgEFBQcw
AoYkaHR0cDovL3BraS5nb29nL3JlcG8vY2VydHMvZ3RzcjEuZGVyMDQGA1UdHwQt
MCswKaAnoCWGI2h0dHA6Ly9jcmwucGtpLmdvb2cvZ3RzcjEvZ3RzcjEuY3JsMFcG
A1UdIARQME4wOAYKKwYBBAHWeQIFAzAqMCgGCCsGAQUFBwIBFhxodHRwczovL3Br
aS5nb29nL3JlcG9zaXRvcnkvMAgGBmeBDAECATAIBgZngQwBAgIwDQYJKoZIhvcN
AQELBQADggIBAIl9rCBcDDy+mqhXlRu0rvqrpXJxtDaV/d9AEQNMwkYUuxQkq/BQ
cSLbrcRuf8/xam/IgxvYzolfh2yHuKkMo5uhYpSTld9brmYZCwKWnvy15xBpPnrL
RklfRuFBsdeYTWU0AIAaP0+fbH9JAIFTQaSSIYKCGvGjRFsqUBITTcFTNvNCCK9U
+o53UxtkOCcXCb1YyRt8OS1b887U7ZfbFAO/CVMkH8IMBHmYJvJh8VNS/UKMG2Yr
PxWhu//2m+OBmgEGcYk1KCTd4b3rGS3hSMs9WYNRtHTGnXzGsYZbr8w0xNPM1IER
lQCh9BIiAfq0g3GvjLeMcySsN1PCAJA/Ef5c7TaUEDu9Ka7ixzpiO2xj2YC/WXGs
Yye5TBeg2vZzFb8q3o/zpWwygTMD0IZRcZk0upONXbVRWPeyk+gB9lm+cZv9TSjO
z23HFtz30dZGm6fKa+l3D/2gthsjgx0QGtkJAITgRNOidSOzNIb2ILCkXhAd4FJG
AJ2xDx8hcFH1mt0G/FX0Kw4zd8NLQsLxdxP8c4CU6x+7Nz/OAipmsHMdMqUybDKw
juDEI/9bfU1lcKwrmz3O2+BtjjKAvpafkmO8l7tdufThcV4q5O8DIrGKZTqPwJNl
1IXNDw9bg1kWRxYtnCQ6yICmJhSFm/Y3m6xv+cXDBlHz4n/FsRC6UfTd
-----END CERTIFICATE-----
2 s:C=US, O=Google Trust Services LLC, CN=GTS Root R1
i:C=BE, O=GlobalSign nv-sa, OU=Root CA, CN=GlobalSign Root CA
a:PKEY: rsaEncryption, 4096 (bit); sigalg: RSA-SHA256
v:NotBefore: Jun 19 00:00:42 2020 GMT; NotAfter: Jan 28 00:00:42 2028 GMT
-----BEGIN CERTIFICATE-----
MIIFYjCCBEqgAwIBAgIQd70NbNs2+RrqIQ/E8FjTDTANBgkqhkiG9w0BAQsFADBX
MQswCQYDVQQGEwJCRTEZMBcGA1UEChMQR2xvYmFsU2lnbiBudi1zYTEQMA4GA1UE
CxMHUm9vdCBDQTEbMBkGA1UEAxMSR2xvYmFsU2lnbiBSb290IENBMB4XDTIwMDYx
OTAwMDA0MloXDTI4MDEyODAwMDA0MlowRzELMAkGA1UEBhMCVVMxIjAgBgNVBAoT
GUdvb2dsZSBUcnVzdCBTZXJ2aWNlcyBMTEMxFDASBgNVBAMTC0dUUyBSb290IFIx
MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAthECix7joXebO9y/lD63
ladAPKH9gvl9MgaCcfb2jH/76Nu8ai6Xl6OMS/kr9rH5zoQdsfnFl97vufKj6bwS
iV6nqlKr+CMny6SxnGPb15l+8Ape62im9MZaRw1NEDPjTrETo8gYbEvs/AmQ351k
KSUjB6G00j0uYODP0gmHu81I8E3CwnqIiru6z1kZ1q+PsAewnjHxgsHA3y6mbWwZ
DrXYfiYaRQM9sHmklCitD38m5agI/pboPGiUU+6DOogrFZYJsuB6jC511pzrp1Zk
j5ZPaK49l8KEj8C8QMALXL32h7M1bKwYUH+E4EzNktMg6TO8UpmvMrUpsyUqtEj5
cuHKZPfmghCN6J3Cioj6OGaK/GP5Afl4/Xtcd/p2h/rs37EOeZVXtL0m79YB0esW
CruOC7XFxYpVq9Os6pFLKcwZpDIlTirxZUTQAs6qzkm06p98g7BAe+dDq6dso499
iYH6TKX/1Y7DzkvgtdizjkXPdsDtQCv9Uw+wp9U7DbGKogPeMa3Md+pvez7W35Ei
Eua++tgy/BBjFFFy3l3WFpO9KWgz7zpm7AeKJt8T11dleCfeXkkUAKIAf5qoIbap
sZWwpbkNFhHax2xIPEDgfg1azVY80ZcFuctL7TlLnMQ/0lUTbiSw1nH69MG6zO0b
9f6BQdgAmD06yK56mDcYBZUCAwEAAaOCATgwggE0MA4GA1UdDwEB/wQEAwIBhjAP
BgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBTkrysmcRorSCeFL1JmLO/wiRNxPjAf
BgNVHSMEGDAWgBRge2YaRQ2XyolQL30EzTSo//z9SzBgBggrBgEFBQcBAQRUMFIw
JQYIKwYBBQUHMAGGGWh0dHA6Ly9vY3NwLnBraS5nb29nL2dzcjEwKQYIKwYBBQUH
MAKGHWh0dHA6Ly9wa2kuZ29vZy9nc3IxL2dzcjEuY3J0MDIGA1UdHwQrMCkwJ6Al
oCOGIWh0dHA6Ly9jcmwucGtpLmdvb2cvZ3NyMS9nc3IxLmNybDA7BgNVHSAENDAy
MAgGBmeBDAECATAIBgZngQwBAgIwDQYLKwYBBAHWeQIFAwIwDQYLKwYBBAHWeQIF
AwMwDQYJKoZIhvcNAQELBQADggEBADSkHrEoo9C0dhemMXoh6dFSPsjbdBZBiLg9
NR3t5P+T4Vxfq7vqfM/b5A3Ri1fyJm9bvhdGaJQ3b2t6yMAYN/olUazsaL+yyEn9
WprKASOshIArAoyZl+tJaox118fessmXn1hIVw41oeQa1v1vg4Fv74zPl6/AhSrw
9U5pCZEt4Wi4wStz6dTZ/CLANx8LZh1J7QJVj2fhMtfTJr9w4z30Z209fOU0iOMy
+qduBmpvvYuR7hZL6Dupszfnw0Skfths18dG9ZKb59UhvmaSGZRVbNQpsg3BZlvi
d0lIKO2d1xozclOzgjXPYovJJIultzkMu34qQb9Sz/yilrbCgj8=
-----END CERTIFICATE-----
---
Server certificate
subject=CN=www.google.com
issuer=C=US, O=Google Trust Services LLC, CN=GTS CA 1C3
---
No client certificate CA names sent
Peer signing digest: SHA256
Peer signature type: ECDSA
Server Temp Key: X25519, 253 bits
---
SSL handshake has read 4298 bytes and written 402 bytes
Verification: OK
---
New, TLSv1.3, Cipher is TLS_AES_256_GCM_SHA384
Server public key is 256 bit
This TLS version forbids renegotiation.
Compression: NONE
Expansion: NONE
No ALPN negotiated
Early data was not sent
Verify return code: 0 (ok)
---
F0100000:error:0A000126:SSL routines::unexpected eof while reading:ssl\record\rec_layer_s3.c:650:
関連サイト
OpenSSLでウェブサーバーに中間CA証明書が正しく設定されているか確認する方法
OpenSSL:/docs/man1.1.1/man1/openssl-s_client.htmlhttps://www.openssl.org
鍵ペア生成
RSA-2048、RSA-3072、RSA-4096、prime256v1、secp256k1、secp384r1
openssl genrsa 2048 > cert2048.key
openssl genrsa 3072 > cert3072.key
openssl genrsa 4096 > cert4096.key
openssl ecparam -name prime256v1 -genkey -out certprime256v1.key
openssl ecparam -name secp256k1 -genkey -out certecc256.key
openssl ecparam -name secp384r1 -genkey -out certecc384.keyOpenSSL:https://www.openssl.org/docs/man1.1.1/man1/openssl-genrsa.html
OpenSSL:https://www.openssl.org/docs/man1.1.1/man1/ecparam.html
鍵ペア表示
openssl rsa -noout -text -in cert2048.key
openssl rsa -noout -text -in cert3072.key
openssl rsa -noout -text -in cert4096.key
openssl ec -text -in certprime256v1.key
openssl ec -text -in certecc256.key
openssl ec -text -in certecc384.keyOpenSSL:https://www.openssl.org/docs/man1.1.1/man1/rsa.html
OpenSSL:https://www.openssl.org/docs/man1.1.1/man1/ec.html
RSA鍵ペア表示コマンド結果
| 名称 | 説明 | 種別 |
|---|---|---|
| modulus | モジュラスn(n=pq) | Public Key(公開鍵) |
| publicExponent | 公開指数e=65537 | Public Key(公開鍵) |
| privateExponent | 非公開指数d=e^(-1) mod (p-1)(q-1) | Private Key(秘密鍵) |
| prime1 | nの素因数p | Private Key(秘密鍵) |
| prime2 | nの素因数q | Private Key(秘密鍵) |
| exponent1 | d mod (p-1) | – |
| exponent2 | d mod (q-1) | – |
| coefficient | 中国剰余定理の係数 q^(-1) mod p | – |
コマンド結果
RSA Private-Key: (2048 bit, 2 primes)
modulus:
00:e5:0f:0f:87:93:b3:65:7e:9f:83:4a:72:8a:62:
38:a8:7f:72:1b:e4:04:77:d3:e9:b1:42:91:47:7f:
7b:1c:0d:5a:e4:4c:1e:55:c3:8e:7b:87:63:92:6e:
54:14:a8:25:81:c0:9c:4d:9b:8b:cb:cb:85:c6:e4:
71:0d:7a:72:c5:2a:ee:7a:c9:a9:2e:d0:27:71:5e:
8e:5d:1b:52:89:7b:ab:3c:b6:4d:71:f1:55:50:5c:
5f:77:a0:a7:9c:80:44:58:de:74:ac:0a:fe:f7:55:
11:d9:77:29:6c:78:d5:06:a3:55:8e:f1:26:10:93:
ea:76:05:28:8b:91:75:fc:3c:1c:23:1a:7c:af:9a:
94:fa:c9:aa:c8:39:53:0c:8d:af:76:8e:56:b7:67:
34:1d:cf:d3:ec:1a:b1:39:47:37:4c:2f:27:67:a7:
84:b7:89:0b:25:c2:54:39:e6:bd:1b:25:87:8a:1a:
ac:ea:2a:92:6e:cf:0a:9e:0b:dc:3e:ee:1b:73:bd:
aa:9b:78:ec:b3:c6:18:d2:b3:0e:a7:6f:d0:a4:6a:
15:b0:a3:1c:0a:b3:0c:be:f0:74:fc:cc:22:98:44:
a0:e7:33:0d:14:f6:03:af:b7:68:76:6a:81:cc:51:
28:1a:89:5e:e9:a5:0b:64:ab:85:e7:32:30:64:8b:
85:d1
publicExponent: 65537 (0x10001)
privateExponent:
4b:0b:1f:1c:5c:e0:76:4d:00:b7:83:c9:78:da:eb:
13:11:05:f2:6b:46:a7:77:6e:e5:9b:18:7b:a3:21:
53:34:70:e5:c0:a6:63:94:b8:f6:71:89:c6:ac:8c:
b1:63:d1:3d:ec:3b:89:15:7f:bc:59:c6:4f:3e:02:
67:d7:09:08:dd:a2:d9:e9:7d:9b:0f:a9:0c:74:5d:
11:d5:e4:b9:94:21:aa:b7:53:32:14:4d:ce:11:25:
59:cc:f1:7c:cd:6d:16:ec:72:ae:f6:bf:47:8a:c0:
59:4d:b7:ed:88:bc:c9:fa:f3:09:ec:a9:7a:de:ea:
fe:95:7c:0e:15:ae:e0:de:b5:ee:6b:17:07:d8:87:
cf:ce:49:6a:ee:02:6a:7f:e0:78:53:3d:b3:5b:20:
b7:18:58:7b:45:2e:a1:b7:dc:cc:bf:81:92:c9:90:
1c:44:ae:13:b0:03:21:ae:5a:64:d3:28:39:60:aa:
92:01:e7:ac:64:6c:83:49:92:0c:03:c5:b7:f9:bf:
d3:ec:6a:74:05:52:f6:de:8c:f5:f0:55:ea:79:69:
1b:ea:14:8a:63:42:ec:ee:f6:5f:0a:ec:5f:7d:ff:
82:f0:88:01:a6:96:4e:0c:73:fe:ae:8a:5c:9b:16:
a7:52:18:4f:9f:75:98:60:52:f9:95:ab:43:cf:d5:
91
prime1:
00:f5:30:2f:64:80:d1:5d:a0:9d:36:51:ea:b6:36:
09:33:d4:29:d6:33:55:f1:88:1e:c3:58:34:26:8a:
90:c1:ac:d9:05:35:18:39:9f:b4:17:0d:85:f3:dd:
75:1d:02:27:14:2a:76:8f:99:07:48:f6:a5:46:28:
32:c4:2d:5c:0a:b0:17:8d:d2:4e:cc:7c:6f:4f:44:
37:b1:92:4b:ac:1e:11:1d:a7:3a:0a:30:d6:8d:9b:
6e:f5:60:ad:80:59:ee:27:6e:43:a7:16:74:77:ea:
6f:78:48:f8:b9:97:a3:6a:21:63:d3:b6:07:ec:c3:
90:a7:68:79:c1:d5:31:a3:3d
prime2:
00:ef:28:cc:63:21:c2:63:6d:82:fd:65:58:ef:13:
c0:37:c4:11:16:86:52:ab:4d:63:b6:87:07:14:b7:
87:a7:c0:68:49:df:ba:87:0e:61:1d:ea:97:e3:56:
ed:fb:63:ef:8b:d8:63:1f:5f:21:3d:72:88:c8:8d:
ab:57:5c:76:22:08:27:37:b9:50:df:0d:2b:78:95:
b3:7c:ca:c6:06:16:65:e6:01:56:15:32:21:4d:06:
14:c1:ac:ea:6d:fd:e0:97:57:25:0a:78:78:cb:84:
01:51:40:e2:74:56:55:04:fe:77:a3:6e:c1:3e:71:
26:c0:91:b7:d6:67:71:86:25
exponent1:
00:c6:a4:cb:40:b9:bc:e6:06:02:58:c7:f5:48:ba:
6e:aa:36:f1:ce:40:b9:18:7e:17:ae:5b:ff:a4:5a:
0e:fd:5a:74:58:eb:b3:3c:bc:4e:c3:7e:89:50:11:
d3:98:34:ee:44:40:42:de:04:35:0a:c0:09:16:d5:
ea:8b:55:d4:84:34:36:61:08:4a:1f:11:91:7c:be:
e0:00:55:6e:49:7b:f2:91:fb:b1:e2:1f:bf:33:eb:
01:f2:7a:e9:16:5b:c5:be:dc:6e:a3:28:66:23:e1:
23:7e:68:60:5a:bc:a8:00:8c:1c:bc:a1:75:ba:34:
97:35:8a:47:5a:ea:c6:d4:61
exponent2:
00:c1:e4:f4:d7:c6:0e:00:68:4f:d3:ba:b0:00:9c:
a5:b1:50:8f:7e:10:86:c3:85:29:bb:58:fb:bf:ab:
10:1b:4b:de:01:4e:96:be:5a:45:18:69:12:9d:68:
e3:e6:75:5e:47:a5:b6:af:3f:84:06:7a:6e:35:12:
ce:80:34:61:3e:34:17:ff:90:89:e5:5c:9b:0a:d7:
6b:be:57:f3:76:0a:00:b1:1a:12:3d:7a:f8:0e:a7:
48:7a:c1:03:0b:0b:d2:63:40:6e:b2:6f:7b:97:9c:
3d:29:30:0e:a8:bd:39:8e:a3:f4:41:17:51:2a:9b:
b8:0c:55:d7:92:c7:28:fd:d5
coefficient:
3d:32:54:78:96:48:42:bc:22:10:cb:ae:68:c2:82:
e9:20:85:b0:0c:a7:f5:5e:f6:69:b7:98:27:81:da:
41:83:f4:6e:56:06:79:0f:5d:3a:d6:d0:eb:9a:a4:
95:49:9a:e2:04:a3:6e:09:c7:2b:d7:93:b7:ac:d8:
0d:d0:51:9b:7a:6a:3a:6a:50:8f:09:36:30:c4:46:
d4:2c:25:0c:89:37:14:41:3b:06:32:e3:35:de:b4:
b9:d3:94:10:ac:26:f3:9f:32:79:32:14:a0:2c:53:
3b:5e:e7:d7:bd:11:4b:72:93:2e:42:dd:6a:a9:45:
e9:52:95:ae:d8:47:57:9bCSR生成
openssl req -new -key cert2048.key -sha256 -out cert2048.csr
openssl req -new -key cert3072.key -sha256 -out cert3072.csr
openssl req -new -key cert4096.key -sha256 -out cert4096.csr
openssl req -new -key certecc256.key -sha256 -out certecc256.csr
openssl req -new -key certecc384.key -sha256 -out certecc384.csrOpenSSL:/docs/man1.1.1/man1/req.htmlhttps://www.openssl.org
CSR表示
openssl req -text -noout -in cert2048.csr
openssl req -text -noout -in cert3072.csr
openssl req -text -noout -in cert4096.csr
openssl req -text -noout -in certecc256.csr
openssl req -text -noout -in certecc384.csr自己署名証明書の発行
有効期間:10年(365日×10年+2日[うるう年]=3652日)
openssl x509 -days 3652 -in cert2048.csr -req -signkey cert2048.key -out cert2048.cer
openssl x509 -days 3652 -in cert3072.csr -req -signkey cert3072.key -out cert3072.cer
openssl x509 -days 3652 -in cert4096.csr -req -signkey cert4096.key -out cert4096.cer
openssl x509 -days 3652 -in certecc256.csr -req -signkey certecc256.key -out certecc256.cer
openssl x509 -days 3652 -in certecc384.csr -req -signkey certecc384.key -out certecc384.cerCRL表示
openssl crl -inform der -in fullcrl.crl -text -nooutOpenSSL:/docs/man1.1.1/man1/crl.htmlhttps://www.openssl.org
P12ファイル生成
暗号指定なし(指定しない場合は以下暗号方式となる。秘密鍵:pbeWithSHA1And3-KeyTripleDES-CBC、証明書:pbeWithSHA1And40BitRC2-CBC)
openssl pkcs12 -export -in cert2048.cer -inkey cert2048.key -out cert2048.p12暗号指定あり(秘密鍵:AES-256-CBC、証明書:PBE-SHA1-3DES)
openssl pkcs12 -keypbe AES-256-CBC -certpbe PBE-SHA1-3DES -export -in cert2048.cer -inkey cert2048.key -out cert2048.p12OpenSSL:/docs/man1.1.1/man1/pkcs12.htmlhttps://www.openssl.org
P12ファイル生成(中間CA証明書を含む)
SubordinateCA.cer…中間CA証明書
openssl pkcs12 -export -in cert2048.cer -inkey cert2048.key -certfile SubordinateCA.cer -out cert2048.p12P12ファイル情報表示
openssl pkcs12 -info -in cert2048.p12コマンド結果(CA[Actalis]で作成されたP12(秘密鍵:PBE-SHA1-3DES、証明書:RC2_CBC_40))
(例)
openssl pkcs12 -info -in test.pfx
Enter Import Password:
MAC: sha1, Iteration 102400
MAC length: 20, salt length: 20
PKCS7 Data
Shrouded Keybag: pbeWithSHA1And3-KeyTripleDES-CBC, Iteration 51200
Bag Attributes
localKeyID: BF E9 EF 83 88 D2 F6 FB 9C 43 94 F4 76 7A CC 20 26 00 75 A7
friendlyName: test@outlook.jp
Key Attributes:
Enter PEM pass phrase:
Verifying - Enter PEM pass phrase:
-----BEGIN ENCRYPTED PRIVATE KEY-----
省略
-----END ENCRYPTED PRIVATE KEY-----
PKCS7 Encrypted data: pbeWithSHA1And40BitRC2-CBC, Iteration 51200
Certificate bag
Bag Attributes
localKeyID: BF E9 EF 83 88 D2 F6 FB 9C 43 94 F4 76 7A CC 20 26 00 75 A7
friendlyName: test@outlook.jp
subject=CN = test@outlook.jp
issuer=C = IT, ST = Bergamo, L = Ponte San Pietro, O = Actalis S.p.A., CN = Actalis Client Authentication CA G3
-----BEGIN CERTIFICATE-----
省略
-----END CERTIFICATE-----
Certificate bag
Bag Attributes
friendlyName: Actalis Client Authentication CA G3
subject=C = IT, ST = Bergamo, L = Ponte San Pietro, O = Actalis S.p.A., CN = Actalis Client Authentication CA G3
issuer=C = IT, L = Milan, O = Actalis S.p.A./03358520967, CN = Actalis Authentication Root CA
-----BEGIN CERTIFICATE-----
省略
-----END CERTIFICATE-----
Certificate bag
Bag Attributes
friendlyName: Actalis Authentication Root CA
subject=C = IT, L = Milan, O = Actalis S.p.A./03358520967, CN = Actalis Authentication Root CA
issuer=C = IT, L = Milan, O = Actalis S.p.A./03358520967, CN = Actalis Authentication Root CA
-----BEGIN CERTIFICATE-----
省略
-----END CERTIFICATE-----
コマンド結果(OpenSSLで作成したP12(秘密鍵:AES-256-CBC、証明書:PBE-SHA1-3DES))
openssl pkcs12 -info -in .\openssl-AES256-CBC.p12
Enter Import Password:
MAC: sha1, Iteration 2048
MAC length: 20, salt length: 8
PKCS7 Encrypted data: pbeWithSHA1And3-KeyTripleDES-CBC, Iteration 2048
Certificate bag
Bag Attributes
localKeyID: 9D 9A 95 56 29 B1 EB 3C 1C 80 1E A1 87 03 C1 14 1D 96 89 48
subject=CN = test@outlook.jp
issuer=C = IT, ST = Bergamo, L = Ponte San Pietro, O = Actalis S.p.A., CN = Actalis Client Authentication CA G3
-----BEGIN CERTIFICATE-----
省略
-----END CERTIFICATE-----
Certificate bag
Bag Attributes:
subject=C = IT, ST = Bergamo, L = Ponte San Pietro, O = Actalis S.p.A., CN = Actalis Client Authentication CA G3
issuer=C = IT, L = Milan, O = Actalis S.p.A./03358520967, CN = Actalis Authentication Root CA
-----BEGIN CERTIFICATE-----
省略
-----END CERTIFICATE-----
Certificate bag
Bag Attributes:
subject=C = IT, L = Milan, O = Actalis S.p.A./03358520967, CN = Actalis Authentication Root CA
issuer=C = IT, L = Milan, O = Actalis S.p.A./03358520967, CN = Actalis Authentication Root CA
-----BEGIN CERTIFICATE-----
省略
-----END CERTIFICATE-----
PKCS7 Data
Shrouded Keybag: PBES2, PBKDF2, AES-256-CBC, Iteration 2048, PRF hmacWithSHA256
Bag Attributes
localKeyID: 9D 9A 95 56 29 B1 EB 3C 1C 80 1E A1 87 03 C1 14 1D 96 89 48
Key Attributes:
Enter PEM pass phrase:
Verifying - Enter PEM pass phrase:
-----BEGIN ENCRYPTED PRIVATE KEY-----
省略
-----END ENCRYPTED PRIVATE KEY-----
コマンド結果(Windowsで出力したP12(秘密鍵:AES-256-CBC))
openssl pkcs12 -info -in .\AES256-SHA256.pfx
Enter Import Password:
MAC: sha256, Iteration 2000
MAC length: 32, salt length: 20
PKCS7 Data
Shrouded Keybag: PBES2, PBKDF2, AES-256-CBC, Iteration 2000, PRF hmacWithSHA256
Bag Attributes
localKeyID: 01 00 00 00
friendlyName: {D2FE608C-D706-4730-B763-0C4B78D90D98}
Microsoft CSP Name: Microsoft Enhanced Cryptographic Provider v1.0
Key Attributes
X509v3 Key Usage: 10
Enter PEM pass phrase:
Verifying - Enter PEM pass phrase:
-----BEGIN ENCRYPTED PRIVATE KEY-----
省略
-----END ENCRYPTED PRIVATE KEY-----
PKCS7 Data
Certificate bag
Bag Attributes
localKeyID: 01 00 00 00
friendlyName: test@outlook.jp
subject=CN = test@outlook.jp
issuer=C = IT, ST = Bergamo, L = Ponte San Pietro, O = Actalis S.p.A., CN = Actalis Client Authentication CA G3
-----BEGIN CERTIFICATE-----
省略
-----END CERTIFICATE-----
Certificate bag
Bag Attributes
1.3.6.1.4.1.311.17.3.83: 30 1E 30 1C 06 06 2B 81 1F 01 11 01 30 12 30 10 06 0A 2B 06 01 04 01 82 37 3C 01 01 03 02 00 C0
1.3.6.1.4.1.311.17.3.98: 55 92 60 84 EC 96 3A 64 B9 6E 2A BE 01 CE 0B A8 6A 64 FB FE BC C7 AA B5 AF C1 55 B3 7F D7 60 66
1.3.6.1.4.1.311.17.3.9: 30 32 06 08 2B 06 01 05 05 07 03 02 06 08 2B 06 01 05 05 07 03 03 06 08 2B 06 01 05 05 07 03 04 06 08 2B 06 01 05 05 07 03 01 06 08 2B 06 01 05 05 07 03 08
friendlyName: Actalis Authentication Root CA
subject=C = IT, L = Milan, O = Actalis S.p.A./03358520967, CN = Actalis Authentication Root CA
issuer=C = IT, L = Milan, O = Actalis S.p.A./03358520967, CN = Actalis Authentication Root CA
-----BEGIN CERTIFICATE-----
省略
-----END CERTIFICATE-----
Certificate bag
Bag Attributes
1.3.6.1.4.1.311.17.3.75: 38 00 42 00 34 00 33 00 41 00 36 00 41 00 32 00 41 00 42 00 33 00 31 00 44 00 38 00 46 00 36 00 42 00 38 00 39 00 44 00 43 00 46 00 44 00 34 00 46 00 44 00 39 00 36 00 38 00 36 00 44 00 35 00 5F 00 00 00
friendlyName: Actalis Client Authentication CA G3
subject=C = IT, ST = Bergamo, L = Ponte San Pietro, O = Actalis S.p.A., CN = Actalis Client Authentication CA G3
issuer=C = IT, L = Milan, O = Actalis S.p.A./03358520967, CN = Actalis Authentication Root CA
-----BEGIN CERTIFICATE-----
省略
-----END CERTIFICATE-----
コマンド結果(Windowsで出力したP12(秘密鍵:PBE-SHA1-3DES))
openssl pkcs12 -info -in .\TripleDES-SHA1.pfx
Enter Import Password:
MAC: sha1, Iteration 2000
MAC length: 20, salt length: 20
PKCS7 Data
Shrouded Keybag: pbeWithSHA1And3-KeyTripleDES-CBC, Iteration 2000
Bag Attributes
localKeyID: 01 00 00 00
friendlyName: {D2FE608C-D706-4730-B763-0C4B78D90D98}
Microsoft CSP Name: Microsoft Enhanced Cryptographic Provider v1.0
Key Attributes
X509v3 Key Usage: 10
Enter PEM pass phrase:
Verifying - Enter PEM pass phrase:
-----BEGIN ENCRYPTED PRIVATE KEY-----
省略
-----END ENCRYPTED PRIVATE KEY-----
PKCS7 Data
Certificate bag
Bag Attributes
localKeyID: 01 00 00 00
friendlyName: test@outlook.jp
subject=CN = test@outlook.jp
issuer=C = IT, ST = Bergamo, L = Ponte San Pietro, O = Actalis S.p.A., CN = Actalis Client Authentication CA G3
-----BEGIN CERTIFICATE-----
省略
-----END CERTIFICATE-----
Certificate bag
Bag Attributes
1.3.6.1.4.1.311.17.3.83: 30 1E 30 1C 06 06 2B 81 1F 01 11 01 30 12 30 10 06 0A 2B 06 01 04 01 82 37 3C 01 01 03 02 00 C0
1.3.6.1.4.1.311.17.3.98: 55 92 60 84 EC 96 3A 64 B9 6E 2A BE 01 CE 0B A8 6A 64 FB FE BC C7 AA B5 AF C1 55 B3 7F D7 60 66
1.3.6.1.4.1.311.17.3.9: 30 32 06 08 2B 06 01 05 05 07 03 02 06 08 2B 06 01 05 05 07 03 03 06 08 2B 06 01 05 05 07 03 04 06 08 2B 06 01 05 05 07 03 01 06 08 2B 06 01 05 05 07 03 08
friendlyName: Actalis Authentication Root CA
subject=C = IT, L = Milan, O = Actalis S.p.A./03358520967, CN = Actalis Authentication Root CA
issuer=C = IT, L = Milan, O = Actalis S.p.A./03358520967, CN = Actalis Authentication Root CA
-----BEGIN CERTIFICATE-----
省略
-----END CERTIFICATE-----
Certificate bag
Bag Attributes
1.3.6.1.4.1.311.17.3.75: 38 00 42 00 34 00 33 00 41 00 36 00 41 00 32 00 41 00 42 00 33 00 31 00 44 00 38 00 46 00 36 00 42 00 38 00 39 00 44 00 43 00 46 00 44 00 34 00 46 00 44 00 39 00 36 00 38 00 36 00 44 00 35 00 5F 00 00 00
friendlyName: Actalis Client Authentication CA G3
subject=C = IT, ST = Bergamo, L = Ponte San Pietro, O = Actalis S.p.A., CN = Actalis Client Authentication CA G3
issuer=C = IT, L = Milan, O = Actalis S.p.A./03358520967, CN = Actalis Authentication Root CA
-----BEGIN CERTIFICATE-----
省略
-----END CERTIFICATE-----
P12ファイルから秘密鍵、証明書、中間CA証明書を抽出
#証明書と中間CA証明書を抽出(PEM形式のCERファイルを開くと階層を確認可能)
openssl pkcs12 -in cert2048.p12 -nokeys -out cert2048-allout.cer
#証明書のみを抽出
openssl pkcs12 -in cert2048.p12 -clcerts -nokeys -out cert2048-out.cer
#中間CA証明書のみを抽出
openssl pkcs12 -in cert2048.p12 -cacerts -nokeys -out SubordinateCA-out.cer
#秘密鍵のみを抽出
openssl pkcs12 -in cert2048.p12 -nocerts -nodes -out cert2048-out.key証明書検証
RootAndSubordinateCA.cer…ルート証明書と中間CA証明書が結合されたPEMファイル
#証明書検証
openssl verify -CAfile RootAndSubordinateCA.cer cert2048.cerOpenSSL:/docs/man1.1.1/man1/openssl-verify.htmlhttps://www.openssl.org
OCSPレスポンダーへの問い合わせ
Openssl:https://www.openssl.org/docs/man1.1.1/man1/ocsp.html
【参考】
OCSP Status Checker
PEMファイルを貼り付けるとOCSPの結果が表示される。
OCSP モデルについての説明
https://www.ipa.go.jp/security/pki/043.html
証明書ファイルから問い合わせ
openssl ocsp -sha1 -no_nonce -CAfile [ルート証明書PEMファイル名.cer] -issuer [中間CA証明書PEMファイル名.cer] -cert [TLSサーバー証明書PEMファイル名.cer] -url [HTTPから始まるOCSPレスポンダーURL]「-sha1」を「-sha256」に変更すると、Certificate IDのHash AlgorithmがSHA256になる。
実行結果
OCSP Request Data:
Version: 1 (0x0)
Requestor List:
Certificate ID:
Hash Algorithm: sha1
Issuer Name Hash: 793C84590DB75B740B4C302271956226A68E3487
Issuer Key Hash: 99451855A2DE5A1DD5A47625B4C33D5671FD9D3E
Serial Number: 73FF7B6E99E146F8674BDB72C65319E5F43A4085
OCSP Response Data:
OCSP Response Status: successful (0x0)
Response Type: Basic OCSP Response
Version: 1 (0x0)
Responder Id: C = JP, ST = Tokyo, O = CA, CN = SCA01
Produced At: Jun 9 22:50:29 2022 GMT
Responses:
Certificate ID:
Hash Algorithm: sha1
Issuer Name Hash: 793C84590DB75B740B4C302271956226A68E3487
Issuer Key Hash: 99451855A2DE5A1DD5A47625B4C33D5671FD9D3E
Serial Number: 73FF7B6E99E146F8674BDB72C65319E5F43A4085
Cert Status: revoked
Revocation Time: May 27 23:26:27 2022 GMT
Revocation Reason: superseded (0x4)
This Update: Jun 9 22:50:29 2022 GMT
Next Update: Jun 16 22:50:29 2022 GMT
Signature Algorithm: sha256WithRSAEncryption
83:c4:0a:b7:24:c9:68:d9:21:02:bc:db:b1:25:6b:1d:d3:61:
17:b0:cd:41:a0:39:b9:47:83:f2:f1:24:44:26:17:2e:24:9e:
23:82:8b:11:84:65:87:45:3b:da:ce:a5:bf:bf:f0:fc:82:05:
0e:c8:3d:c9:7a:9a:34:33:f7:86:1e:a2:88:07:72:ec:6f:f9:
46:6d:43:07:c3:56:4c:6d:e3:ed:a3:20:9d:d5:68:b7:5f:6f:
15:59:46:95:aa:72:a5:75:9d:40:6c:f8:6a:8d:7c:82:27:72:
3b:c4:97:81:6a:ce:23:fa:b1:7b:ec:91:ae:5e:4a:77:9f:37:
e2:35:19:7f:cf:6f:4f:56:ba:0e:2d:3b:c1:21:ff:8d:bb:c5:
a9:9b:f2:69:61:45:1b:6e:b9:f0:59:33:98:95:cc:e4:cc:97:
a6:e0:42:02:55:0d:1a:eb:de:ec:ff:f5:fc:c2:4e:e3:b0:ed:
78:1f:55:1f:3d:92:58:76:ff:79:a9:26:97:d3:de:17:ad:ef:
c9:bd:1b:e5:3d:80:fe:1a:14:48:07:af:ac:f0:97:ca:20:6c:
87:21:16:53:cd:57:84:89:cc:67:07:40:dc:dd:b3:7e:56:ce:
5d:65:f4:d5:ea:7f:17:51:5a:fe:96:34:2c:4e:35:1d:c2:8a:
6d:e4:ba:a7:b3:a7:d1:d5:84:f3:4e:6d:96:67:0d:5f:ae:a5:
e7:f5:89:26:a2:8d:cc:fb:58:da:04:60:44:61:9a:12:74:09:
bd:f7:60:e4:42:fb:96:df:3f:d6:2f:e4:b4:79:97:95:01:44:
3c:1a:22:a8:d5:dd:54:54:13:cc:a2:b7:07:48:dc:d9:91:12:
51:ea:6f:83:c4:6b:46:ea:ea:55:20:a4:a4:f4:63:ee:3e:de:
72:af:d7:d3:55:bd:f4:21:d2:86:ca:1b:cb:79:48:53:33:f1:
4c:19:c2:1d:5c:5f:bf:4b:5b:f4:5f:2d:fe:d4:20:03:c4:96:
7d:1d:44:66:63:59:c5:2c:78:35:c0:da:35:fc:06:49:59:8a:
ba:28:a0:33:6d:a9:eb:c3:c9:c0:10:aa:31:7a:bf:51:d7:c3:
81:3c:77:a0:25:b5:55:4a:40:44:06:5d:b7:7d:dc:31:58:93:
02:d6:1c:42:1b:67:8b:31:a2:6f:c6:45:5e:52:b3:35:aa:d7:
f1:06:23:4a:41:4b:09:17:91:1f:c6:16:c1:ea:5e:a4:00:a9:
68:98:16:96:d3:cd:03:21:bb:27:83:ea:b2:8e:77:a9:4d:e5:
16:89:8b:f0:65:2a:96:af:cf:1f:fe:a9:b6:7b:71:38:0f:50:
6d:f5:a0:46:ce:6e:fa:bf
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
43:5a:5a:dc:0f:03:a5:dc:3a:54:30:1f:14:39:c5:de:e9:18:c3:2d
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=JP, ST=Tokyo, O=CA, CN=RCA
Validity
Not Before: May 27 01:57:18 2022 GMT
Not After : May 23 01:57:18 2037 GMT
Subject: C=JP, ST=Tokyo, O=CA, CN=SCA01
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (4096 bit)
Modulus:
00:ce:c0:ea:15:84:2f:f1:90:db:52:2d:2b:19:56:
9e:ef:bd:bb:e9:54:18:17:9e:f9:de:57:d5:2d:48:
21:64:4f:cd:0f:62:c2:45:81:52:fb:22:71:84:39:
e6:62:47:d2:05:73:4e:87:a1:bc:4c:de:83:b0:7f:
97:0b:ec:4b:43:15:e6:d0:ba:b5:b7:92:8a:e5:ca:
5c:f1:52:b1:3d:4b:b4:f4:91:e4:a8:47:e3:9b:17:
0f:ca:51:72:40:10:1c:1d:6f:fe:d9:a2:0d:0c:c6:
8d:1f:7c:6b:98:d4:4d:2d:36:48:bc:1c:62:b3:fa:
4f:cf:2c:af:6c:bd:1d:27:08:04:49:76:1c:06:e6:
cb:4e:df:21:7d:5f:ed:2c:de:91:f6:7a:4c:3b:06:
55:3c:90:1a:d1:3f:44:4e:23:31:9b:5a:41:46:af:
87:a2:7c:bb:bf:df:64:f1:e8:32:b8:82:99:3e:61:
85:17:87:9b:4c:30:fd:16:47:f0:49:ed:50:d9:71:
c2:5d:05:4d:4a:f8:27:f4:73:e8:49:23:9f:9e:a6:
d0:49:7c:bf:48:91:82:7d:cc:1b:49:db:31:65:e7:
2a:71:c3:f8:97:0a:3a:7c:cd:c1:06:0f:1a:25:a2:
1a:44:26:ac:6e:e3:71:d4:43:bf:0a:6f:87:55:40:
dc:15:c1:b5:e0:0c:67:0a:21:db:c4:af:04:52:b4:
5f:80:41:e7:fc:7a:d9:e9:ac:57:fc:59:47:62:68:
0e:ca:53:89:55:8b:80:ac:30:af:c8:4d:9e:6c:e1:
4f:7f:ed:ce:d0:51:c8:f7:d1:06:ca:cc:be:c0:a2:
17:fb:9c:ae:f7:92:53:a3:80:e3:fe:2a:6f:52:16:
f8:83:50:53:3e:f2:4e:86:f6:7a:6f:3e:09:4d:56:
73:a4:af:c9:a7:b2:97:21:34:84:f0:72:e4:41:dd:
4a:cb:61:9d:28:ab:bc:58:1b:77:7e:db:68:e1:a3:
c6:a8:8e:c0:14:8f:2a:0d:06:f6:1e:8c:5b:79:a7:
c9:86:a5:3b:60:8e:ea:7d:15:1c:e9:a2:68:52:b7:
28:2a:16:72:db:78:75:cb:d7:ad:50:7f:8e:11:a9:
d9:f4:9a:fb:95:07:f1:ba:36:8f:fe:17:34:eb:b3:
00:af:d5:c6:f0:87:a5:39:9a:7a:ac:9c:ba:34:9e:
83:c7:30:d5:d7:d1:f1:ef:b4:d0:18:b5:54:19:95:
c3:95:e5:a2:66:39:df:2f:c4:f3:ae:fe:02:84:b9:
c2:9b:a0:18:27:71:59:6e:56:54:8f:9b:ff:d7:cb:
d1:78:d7:bc:ad:08:57:86:89:65:2b:fe:e2:62:bf:
95:90:39
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
99:45:18:55:A2:DE:5A:1D:D5:A4:76:25:B4:C3:3D:56:71:FD:9D:3E
X509v3 Authority Key Identifier:
keyid:37:3E:1B:49:3C:AE:71:72:21:3E:0F:57:A9:72:B9:36:7D:00:EE:BE
X509v3 Basic Constraints: critical
CA:TRUE
X509v3 Key Usage: critical
Digital Signature, Certificate Sign, CRL Sign
X509v3 CRL Distribution Points:
Full Name:
URI:http://www1.example.com/RCAcrl.crl
Authority Information Access:
CA Issuers - URI:http://www1.example.com/RCA.crt
Signature Algorithm: sha256WithRSAEncryption
59:dc:21:53:bd:40:fa:df:a6:b6:9d:76:51:dd:09:52:13:6a:
34:34:55:31:e5:0d:76:2b:2c:eb:e3:c3:dc:a3:86:1d:38:6d:
fc:c6:43:8e:18:b2:11:b2:ed:ea:72:65:e0:e8:7d:41:9d:f5:
be:71:d1:e8:cc:d5:f5:87:6b:e5:c2:d7:57:b0:23:e8:61:94:
3f:63:db:7c:86:08:ae:87:5a:95:c6:5a:60:bd:41:ae:3e:99:
3a:5e:aa:d1:ac:7c:86:67:0b:a4:2b:a3:49:0a:d0:2f:2f:37:
a2:30:7f:49:c8:96:f4:92:96:b8:0f:eb:6f:e3:65:de:82:f3:
27:87:73:d0:1f:b9:aa:47:65:9f:a0:09:fe:9b:91:d6:4a:dc:
76:6e:25:3f:52:4c:d6:6b:08:0a:84:26:6e:6f:65:81:ef:0b:
71:34:4f:0a:62:86:66:99:59:0a:fd:87:e8:42:a7:ac:2d:dc:
ec:4a:b2:26:6b:7d:74:da:95:fa:ea:da:13:b7:ae:f5:c6:08:
ca:86:3d:c3:e8:31:eb:c8:af:f0:d8:1a:31:88:32:8a:22:7a:
27:04:44:6c:af:6c:8b:bb:cb:f0:15:fe:a1:59:51:c9:0c:6c:
46:ba:2a:26:d3:0a:c9:d8:63:14:97:ad:67:03:f7:0a:13:8f:
28:6e:12:ab:64:56:55:7e:52:44:3c:cc:4a:8e:45:61:56:ce:
0b:fe:16:70:a4:38:6d:c4:5b:14:5c:24:3d:66:57:e0:67:14:
44:64:a9:4c:d6:ad:a3:ef:a8:aa:0a:02:c1:41:0b:09:6a:0f:
2e:a9:5e:8c:cc:26:1e:0d:58:1a:2e:8e:8a:83:3c:57:32:5e:
5f:f4:d4:4e:ca:57:32:dc:36:52:52:0f:d5:01:aa:8b:ef:a5:
fa:41:d0:ed:96:55:c0:e6:c2:4c:8b:a5:31:be:57:4a:da:89:
62:66:9a:02:00:c1:74:c8:5a:b0:6b:4e:03:81:0c:34:76:a8:
de:27:ef:03:0e:51:73:af:0c:dd:1e:0a:5f:e2:14:1a:7a:36:
ba:0e:61:dc:90:48:a9:38:e9:f4:5a:4b:c7:87:1b:9f:e5:33:
84:df:bd:2d:9d:15:51:4a:11:f8:9f:3b:be:a4:5b:cf:5f:8f:
02:2f:05:eb:63:d6:17:2e:c6:49:ee:7a:e0:5e:26:97:75:0e:
5c:59:7d:a2:27:5a:c2:a2:4c:3d:0c:3d:ce:1d:34:95:51:39:
47:bf:53:2d:0b:cc:8d:49:4f:68:eb:5f:ce:6c:f1:15:46:17:
32:f5:3c:ff:da:d7:06:6f:c6:ae:ce:17:9e:09:62:07:3a:55:
c2:c4:20:be:d1:e8:c2:28
-----BEGIN CERTIFICATE-----
MIIF1zCCA7+gAwIBAgIUQ1pa3A8Dpdw6VDAfFDnF3ukYwy0wDQYJKoZIhvcNAQEL
BQAwODELMAkGA1UEBhMCSlAxDjAMBgNVBAgMBVRva3lvMQswCQYDVQQKDAJDQTEM
MAoGA1UEAwwDUkNBMB4XDTIyMDUyNzAxNTcxOFoXDTM3MDUyMzAxNTcxOFowOjEL
MAkGA1UEBhMCSlAxDjAMBgNVBAgMBVRva3lvMQswCQYDVQQKDAJDQTEOMAwGA1UE
AwwFU0NBMDEwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQDOwOoVhC/x
kNtSLSsZVp7vvbvpVBgXnvneV9UtSCFkT80PYsJFgVL7InGEOeZiR9IFc06HobxM
3oOwf5cL7EtDFebQurW3korlylzxUrE9S7T0keSoR+ObFw/KUXJAEBwdb/7Zog0M
xo0ffGuY1E0tNki8HGKz+k/PLK9svR0nCARJdhwG5stO3yF9X+0s3pH2ekw7BlU8
kBrRP0ROIzGbWkFGr4eifLu/32Tx6DK4gpk+YYUXh5tMMP0WR/BJ7VDZccJdBU1K
+Cf0c+hJI5+eptBJfL9IkYJ9zBtJ2zFl5ypxw/iXCjp8zcEGDxolohpEJqxu43HU
Q78Kb4dVQNwVwbXgDGcKIdvErwRStF+AQef8etnprFf8WUdiaA7KU4lVi4CsMK/I
TZ5s4U9/7c7QUcj30QbKzL7Aohf7nK73klOjgOP+Km9SFviDUFM+8k6G9npvPglN
VnOkr8mnspchNITwcuRB3UrLYZ0oq7xYG3d+22jho8aojsAUjyoNBvYejFt5p8mG
pTtgjup9FRzpomhStygqFnLbeHXL161Qf44Rqdn0mvuVB/G6No/+FzTrswCv1cbw
h6U5mnqsnLo0noPHMNXX0fHvtNAYtVQZlcOV5aJmOd8vxPOu/gKEucKboBgncVlu
VlSPm//Xy9F417ytCFeGiWUr/uJiv5WQOQIDAQABo4HWMIHTMB0GA1UdDgQWBBSZ
RRhVot5aHdWkdiW0wz1Wcf2dPjAfBgNVHSMEGDAWgBQ3PhtJPK5xciE+D1epcrk2
fQDuvjAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIBhjAzBgNVHR8ELDAq
MCigJqAkhiJodHRwOi8vd3d3MS5leGFtcGxlLmNvbS9SQ0FjcmwuY3JsMDsGCCsG
AQUFBwEBBC8wLTArBggrBgEFBQcwAoYfaHR0cDovL3d3dzEuZXhhbXBsZS5jb20v
UkNBLmNydDANBgkqhkiG9w0BAQsFAAOCAgEAWdwhU71A+t+mtp12Ud0JUhNqNDRV
MeUNdiss6+PD3KOGHTht/MZDjhiyEbLt6nJl4Oh9QZ31vnHR6MzV9Ydr5cLXV7Aj
6GGUP2PbfIYIrodalcZaYL1Brj6ZOl6q0ax8hmcLpCujSQrQLy83ojB/SciW9JKW
uA/rb+Nl3oLzJ4dz0B+5qkdln6AJ/puR1krcdm4lP1JM1msICoQmbm9lge8LcTRP
CmKGZplZCv2H6EKnrC3c7EqyJmt9dNqV+uraE7eu9cYIyoY9w+gx68iv8NgaMYgy
iiJ6JwREbK9si7vL8BX+oVlRyQxsRroqJtMKydhjFJetZwP3ChOPKG4Sq2RWVX5S
RDzMSo5FYVbOC/4WcKQ4bcRbFFwkPWZX4GcURGSpTNato++oqgoCwUELCWoPLqle
jMwmHg1YGi6OioM8VzJeX/TUTspXMtw2UlIP1QGqi++l+kHQ7ZZVwObCTIulMb5X
StqJYmaaAgDBdMhasGtOA4EMNHao3ifvAw5Rc68M3R4KX+IUGno2ug5h3JBIqTjp
9FpLx4cbn+UzhN+9LZ0VUUoR+J87vqRbz1+PAi8F62PWFy7GSe564F4ml3UOXFl9
oidawqJMPQw9zh00lVE5R79TLQvMjUlPaOtfzmzxFUYXMvU8/9rXBm/Grs4Xngli
BzpVwsQgvtHowig=
-----END CERTIFICATE-----
Response verify OK
0x73ff7b6e99e146f8674bdb72c65319e5f43a4085: revoked
This Update: Jun 9 22:50:29 2022 GMT
Next Update: Jun 16 22:50:29 2022 GMT
Reason: superseded
Revocation Time: May 27 23:26:27 2022 GMT
シリアルナンバーから問い合わせ
openssl ocsp -sha1 -no_nonce -CAfile [ルート証明書PEMファイル名.cer] -issuer [中間CA証明書PEMファイル名.cer] -serial [シリアルナンバー] -url [HTTPから始まるOCSPレスポンダーURL][シリアルナンバー]は、16進数表記の場合、以下のようになる。
0x73ff7b6e99e146f8674bdb72c65319e5f43a4085
help
openssl help
Standard commands
asn1parse ca ciphers cms
crl crl2pkcs7 dgst dhparam
dsa dsaparam ec ecparam
enc engine errstr gendsa
genpkey genrsa help list
nseq ocsp passwd pkcs12
pkcs7 pkcs8 pkey pkeyparam
pkeyutl prime rand rehash
req rsa rsautl s_client
s_server s_time sess_id smime
speed spkac srp storeutl
ts verify version x509
Message Digest commands (see the `dgst' command for more details)
blake2b512 blake2s256 gost md4
md5 mdc2 rmd160 sha1
sha224 sha256 sha3-224 sha3-256
sha3-384 sha3-512 sha384 sha512
sha512-224 sha512-256 shake128 shake256
sm3
Cipher commands (see the `enc' command for more details)
aes-128-cbc aes-128-ecb aes-192-cbc aes-192-ecb
aes-256-cbc aes-256-ecb aria-128-cbc aria-128-cfb
aria-128-cfb1 aria-128-cfb8 aria-128-ctr aria-128-ecb
aria-128-ofb aria-192-cbc aria-192-cfb aria-192-cfb1
aria-192-cfb8 aria-192-ctr aria-192-ecb aria-192-ofb
aria-256-cbc aria-256-cfb aria-256-cfb1 aria-256-cfb8
aria-256-ctr aria-256-ecb aria-256-ofb base64
bf bf-cbc bf-cfb bf-ecb
bf-ofb camellia-128-cbc camellia-128-ecb camellia-192-cbc
camellia-192-ecb camellia-256-cbc camellia-256-ecb cast
cast-cbc cast5-cbc cast5-cfb cast5-ecb
cast5-ofb des des-cbc des-cfb
des-ecb des-ede des-ede-cbc des-ede-cfb
des-ede-ofb des-ede3 des-ede3-cbc des-ede3-cfb
des-ede3-ofb des-ofb des3 desx
idea idea-cbc idea-cfb idea-ecb
idea-ofb rc2 rc2-40-cbc rc2-64-cbc
rc2-cbc rc2-cfb rc2-ecb rc2-ofb
rc4 rc4-40 seed seed-cbc
seed-cfb seed-ecb seed-ofb sm4-cbc
sm4-cfb sm4-ctr sm4-ecb sm4-ofb
