Za pomocą polecenia openssl sprawdzimy certyikat SSL w pliku jak i na stronie www.
Zaczniemy od certyfikatu na stronie, sprawdzimy to tak:
openssl s_client -connect nazwa_domeny.pl:443 -servername nazwa_domeny.plPrzykładowy output:
$ openssl s_client -connect linuxsystems.ovh:443 -servername linuxsystems.ovh
CONNECTED(00000003)
depth=2 C = US, O = Google Trust Services LLC, CN = GTS Root R1
verify return:1
depth=1 C = US, O = Google Trust Services LLC, CN = GTS CA 1P5
verify return:1
depth=0 CN = linuxsystems.ovh
verify return:1
---
Certificate chain
0 s:CN = linuxsystems.ovh
i:C = US, O = Google Trust Services LLC, CN = GTS CA 1P5
a:PKEY: rsaEncryption, 2048 (bit); sigalg: RSA-SHA256
v:NotBefore: Jun 24 02:03:19 2023 GMT; NotAfter: Sep 22 02:03:18 2023 GMT
1 s:C = US, O = Google Trust Services LLC, CN = GTS CA 1P5
i:C = US, O = Google Trust Services LLC, CN = GTS Root R1
a:PKEY: rsaEncryption, 2048 (bit); sigalg: RSA-SHA256
v:NotBefore: Aug 13 00:00:42 2020 GMT; NotAfter: Sep 30 00:00:42 2027 GMT
2 s:C = US, O = Google Trust Services LLC, CN = GTS Root R1
i:C = BE, O = GlobalSign nv-sa, OU = Root CA, CN = GlobalSign Root CA
a:PKEY: rsaEncryption, 4096 (bit); sigalg: RSA-SHA256
v:NotBefore: Jun 19 00:00:42 2020 GMT; NotAfter: Jan 28 00:00:42 2028 GMT
...ciąg_dalszy_outputu...
---
Jeżeli mamy plik np. plik cert.crt możemy sprawdzić certyfikat poleceniem:
openssl x509 -in cert.crt -text -noout Przykładowy output wygasłego już certyfikatu wildcard dla linuxsystems.ovh wygenerowanego w letsencrypcie:
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
03:9b:1d:d8:5e:58:8b:f7:e0:2f:b7:35:bf:2f:01:30:1a:5c
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=US, O=Let's Encrypt, CN=Let's Encrypt Authority X3
Validity
Not Before: Jan 19 12:26:07 2020 GMT
Not After : Apr 18 12:26:07 2020 GMT
Subject: CN=linuxsystems.ovh
...ciąg_dalszy_outputu...