如何使用openssl命令从SSL证书获取公用名(CN)
时间:2020-01-09 10:42:55 来源:igfitidea点击:
我在Linux服务器上的/etc/ssl /目录中配置并安装了TLS/SSL证书。
如何知道是否可以使用Linux或者Unix命令行选项从证书中找到通用名称(CN)?
是的,您可以使用openssl命令本身从证书中查找并提取公用名(CN)。
什么是通用名?
通用名称(CN)就是与您的SSL证书关联的计算机/服务器名称。
例如,www.theitroad.local或者theitroad.local或者* .theitroad.local是此网站的CN。
CN通常指示受SSL证书保护的主机/服务器/名称。
仅当主机名与CN匹配时,您的SSL证书才有效。
您的浏览器可以显示CN:
主机名和CN匹配示例显示绿色图标
如何从SSL证书获得通用名称(CN)?
语法为:
openssl x509 -noout -subject -in your-file.pem openssl x509 -noout -subject -in exmaple.com.cer openssl x509 -noout -subject -in /etc/ssl/exmaple.com.cer
例如:
$ openssl x509 -noout -subject -in /etc/ssl/glusterfs.pem
输出示例:
subject= /CN=gfs01
另一个例子:
$ openssl x509 -noout -subject -in /etc/ssl/theitroad.local.crt
输出示例:
subject= /CN=www.theitroad.local
certtool命令
您可以在Debian或者Ubuntu Linux上使用gnutls-bin软件包安装certtool。
执行以下apt-get命令/apt命令:
$ sudo apt install gnutls-bin
输出示例:
Reading package lists... Done Building dependency tree Reading state information... Done The following additional packages will be installed: libopts25 The following NEW packages will be installed: gnutls-bin libopts25 0 upgraded, 2 newly installed, 0 to remove and 0 not upgraded. Need to get 250 kB of archives. After this operation, 990 kB of additional disk space will be used. Do you want to continue? [Y/n] y Get:1 http://mirrors.linode.com/ubuntu xenial/main amd64 libopts25 amd64 1:5.18.7-3 [57.8 kB] Get:2 http://mirrors.linode.com/ubuntu xenial-updates/universe amd64 gnutls-bin amd64 3.4.10-4ubuntu1.2 [192 kB] Fetched 250 kB in 0s (14.3 MB/s) Selecting previously unselected package libopts25:amd64. (Reading database ... 34082 files and directories currently installed.) Preparing to unpack .../libopts25_1%3a5.18.7-3_amd64.deb ... Unpacking libopts25:amd64 (1:5.18.7-3) ... Selecting previously unselected package gnutls-bin. Preparing to unpack .../gnutls-bin_3.4.10-4ubuntu1.2_amd64.deb ... Unpacking gnutls-bin (3.4.10-4ubuntu1.2) ... Processing triggers for libc-bin (2.23-0ubuntu5) ... Processing triggers for man-db (2.7.5-1) ... Setting up libopts25:amd64 (1:5.18.7-3) ... Setting up gnutls-bin (3.4.10-4ubuntu1.2) ... Processing triggers for libc-bin (2.23-0ubuntu5) ...
现在运行命令,如下所示:
$ certtool -i < your-file.pem $ certtool -i < /etc/ssl/theitroad.local.crt | more
输出示例:
X.509 Certificate Information: Version: 3 Serial Number (hex): 03bb567f2ab8cd904f4168e159115389351b Issuer: C=US,O=Let's Encrypt,CN=Let's Encrypt Authority X3 Validity: Not Before: Sat Mar 04 23:01:00 UTC 2016 Not After: Fri Jun 02 23:01:00 UTC 2016 Subject: CN=www.theitroad.local Subject Public Key Algorithm: RSA Algorithm Security Level: High (4096 bits) ..... .. ..
在那里,您可以使用openssl或者certtool命令从SSL证书中找出公用名(CN)。
