When checking various things such as certificates with curl, you can simply use the following command.
$ curl --insecure -v https://www.google.com
You can simply check the certificate status and check the expiration with the openssl command.
The openssl's s_client option has many features. -connect Dumps certificate status with a simple function.
$ openssl s_client -connect localhost: 443
Let's check the certificate of google.com by openssl as below.
$ echo | openssl s_client -connect www.google.com:443 2> / dev / null | openssl x509 -noout -dates
notBefore = Nov 29 09:47:51 2017 GMT
notAfter = Feb 21 09:37:00 2018 GMT
$ echo | openssl s_client -connect www.google.com:443 2> / dev / null | openssl x509 -noout -enddate
notAfter = Feb 21 09:37:00 2018 GMT
You can see the status of the certificate simply by using the command below:
$ openssl x509 -in ./your.crt -noout -text | more
$ openssl x509 -in ./your.crt -noout -dates
If you are using the s_client option, you can dump or extract certificates as shown below:
$ openssl s_client -connect www.google.com:443> cert
depth = 2 C = US, O = GeoTrust Inc., CN = GeoTrust Global
verify error: num = 20: unable to get local issuer certificate
verify return: 0
Typing quit in the above state will save it to the cert file.
Save the certificate as PEM with the following command
$ openssl x509 -inform PEM -in cert -text -out cert.crt
The stored PEM type certificate can be checked as below:
$ openssl x509 -in cert.crt -noout -text
댓글 없음:
댓글 쓰기