"SSL인증서 CN 확인"의 두 판 사이의 차이

(새 문서: ==방법== <source lang='console'> [root@zetawiki ~]# cat /etc/pki/ca-trust/extracted/pem/email-ca-bundle.pem | head -----BEGIN CERTIFICATE----- MIIE2DCCBEGgAwIBAgIEN0rSQzANBgkqhkiG9w...)
 
잔글 (봇: 자동으로 텍스트 교체 (-== 참고 자료 == +==참고==))
 
(다른 사용자 한 명의 중간 판 19개는 보이지 않습니다)
1번째 줄: 1번째 줄:
==방법==
==개요==
;SSL인증서 CN 확인
;SSL인증서 일반명칭 확인
;인증서에서 Common Name 확인
* 로컬 인증서 파일
<source lang='bash'>
openssl x509 -noout -subject -in 파일명
openssl x509 -noout -subject -in 파일명 | sed -n '/^subject/s/^.*CN=//p'
</source>
* 원격서버 인증서
<source lang='bash'>
echo | openssl s_client -showcerts -connect 서버주소:443 2>/dev/null | sed -n '/^subject/s/^.*CN=//p'
echo | openssl s_client -showcerts -connect 서버주소:443 2>/dev/null | sed -n '/^issuer/s/^.*CN=//p'
</source>
 
==실행예시 (로컬파일)==
<source lang='console'>
<source lang='console'>
[root@zetawiki ~]# cat /etc/pki/ca-trust/extracted/pem/email-ca-bundle.pem | head
[root@zetawiki ~]# cat /etc/pki/ca-trust/extracted/pem/email-ca-bundle.pem | head
15번째 줄: 30번째 줄:
</source>
</source>
<source lang='console'>
<source lang='console'>
[root@zetawiki ~]# openssl x509 -noout -subject -in /etc/pki/ca-trust/extracted/pem/email-ca-bundle.pem | sed -n '/^subject/s/^.*CN=//p'
[root@zetawiki ~]# openssl x509 -noout -subject -in /etc/pki/ca-trust/extracted/pem/email-ca-bundle.pem | sed -n '/^subject/s/^.*CN=//p'
Entrust.net Secure Server Certification Authority
Entrust.net Secure Server Certification Authority
</source>
</source>
==실행예시 (원격서버)==
<source lang='console'>
root@zetawiki:~# echo | openssl s_client -showcerts -connect google.com:443 2>/dev/null | sed -n '/^subject/s/^.*CN=//p'
*.google.com
</source>
<source lang='console'>
root@zetawiki:~# echo | openssl s_client -showcerts -connect google.com:443 2>/dev/null | sed -n '/^issuer/s/^.*CN=//p'
Google Internet Authority G2
</source>
<source lang='console'>
root@zetawiki:~# echo | openssl s_client -showcerts -connect ko.wikipedia.org:443 2>/dev/null | sed -n '/^subject/s/^.*CN=//p'
*.wikipedia.org
</source>
<source lang='console'>
root@zetawiki:~# echo | openssl s_client -showcerts -connect ko.wikipedia.org:443 2>/dev/null | sed -n '/^issuer/s/^.*CN=//p'
GlobalSign Organization Validation CA - SHA256 - G2
</source>
==같이 보기==
* [[SSL인증서 주체 확인]]
* [[SSL인증서 만료일 확인]]
* [[주체대안명칭]]
* [[x509]]
* [[리눅스 openssl]]
==참고==
* http://unix.stackexchange.com/questions/103461/get-common-name-cn-from-ssl-certificate
* http://stackoverflow.com/questions/34622899/pdo-with-self-signed-certificates
[[분류: 인증서]]

2017년 6월 27일 (화) 13:58 기준 최신판

1 개요[ | ]

SSL인증서 CN 확인
SSL인증서 일반명칭 확인
인증서에서 Common Name 확인
  • 로컬 인증서 파일
openssl x509 -noout -subject -in 파일명
openssl x509 -noout -subject -in 파일명 | sed -n '/^subject/s/^.*CN=//p'
  • 원격서버 인증서
echo | openssl s_client -showcerts -connect 서버주소:443 2>/dev/null | sed -n '/^subject/s/^.*CN=//p'
echo | openssl s_client -showcerts -connect 서버주소:443 2>/dev/null | sed -n '/^issuer/s/^.*CN=//p'

2 실행예시 (로컬파일)[ | ]

[root@zetawiki ~]# cat /etc/pki/ca-trust/extracted/pem/email-ca-bundle.pem | head
-----BEGIN CERTIFICATE-----
MIIE2DCCBEGgAwIBAgIEN0rSQzANBgkqhkiG9w0BAQUFADCBwzELMAkGA1UEBhMC
VVMxFDASBgNVBAoTC0VudHJ1c3QubmV0MTswOQYDVQQLEzJ3d3cuZW50cnVzdC5u
... (생략)
W9c3rkIO3aQab3yIVMUWbuF6aC74Or8NpDyJO3inTmODBCEIZ43ygknQW/2xzQ+D
hNQ+IIX3Sj0rnP0qCglN6oH4EZw=
-----END CERTIFICATE-----
[root@zetawiki ~]# openssl x509 -noout -subject -in /etc/pki/ca-trust/extracted/pem/email-ca-bundle.pem
subject= /C=US/O=Entrust.net/OU=www.entrust.net/CPS incorp. by ref. (limits liab.)/OU=(c) 1999 Entrust.net Limited/CN=Entrust.net Secure Server Certification Authority
[root@zetawiki ~]# openssl x509 -noout -subject -in /etc/pki/ca-trust/extracted/pem/email-ca-bundle.pem | sed -n '/^subject/s/^.*CN=//p'
Entrust.net Secure Server Certification Authority

3 실행예시 (원격서버)[ | ]

root@zetawiki:~# echo | openssl s_client -showcerts -connect google.com:443 2>/dev/null | sed -n '/^subject/s/^.*CN=//p'
*.google.com
root@zetawiki:~# echo | openssl s_client -showcerts -connect google.com:443 2>/dev/null | sed -n '/^issuer/s/^.*CN=//p'
Google Internet Authority G2
root@zetawiki:~# echo | openssl s_client -showcerts -connect ko.wikipedia.org:443 2>/dev/null | sed -n '/^subject/s/^.*CN=//p'
*.wikipedia.org
root@zetawiki:~# echo | openssl s_client -showcerts -connect ko.wikipedia.org:443 2>/dev/null | sed -n '/^issuer/s/^.*CN=//p'
GlobalSign Organization Validation CA - SHA256 - G2

4 같이 보기[ | ]

5 참고[ | ]

문서 댓글 ({{ doc_comments.length }})
{{ comment.name }} {{ comment.created | snstime }}