https://knowledge.pinon-hebert.fr/mediawiki/index.php?action=history&feed=atom&title=OpenSSL_extraire_un_certificat
OpenSSL extraire un certificat - Historique des versions
2026-05-19T11:23:07Z
Historique des versions pour cette page sur le wiki
MediaWiki 1.43.6
https://knowledge.pinon-hebert.fr/mediawiki/index.php?title=OpenSSL_extraire_un_certificat&diff=453&oldid=prev
Jpinon le 1 décembre 2023 à 14:11
2023-12-01T14:11:13Z
<p></p>
<table style="background-color: #fff; color: #202122;" data-mw="interface">
<col class="diff-marker" />
<col class="diff-content" />
<col class="diff-marker" />
<col class="diff-content" />
<tr class="diff-title" lang="fr">
<td colspan="2" style="background-color: #fff; color: #202122; text-align: center;">← Version précédente</td>
<td colspan="2" style="background-color: #fff; color: #202122; text-align: center;">Version du 1 décembre 2023 à 14:11</td>
</tr><tr><td colspan="2" class="diff-lineno" id="mw-diff-left-l63">Ligne 63 :</td>
<td colspan="2" class="diff-lineno">Ligne 63 :</td></tr>
<tr><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div>echo | openssl s_client -servername knowledge.pinon-hebert.fr -connect knowledge.pinon-hebert.fr:443 2>/dev/null | openssl x509 -text</div></td><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div>echo | openssl s_client -servername knowledge.pinon-hebert.fr -connect knowledge.pinon-hebert.fr:443 2>/dev/null | openssl x509 -text</div></td></tr>
<tr><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div></syntaxhighlight>Qui nous donne le résultat en une seule ligne et sans fichier temporaire local.</div></td><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div></syntaxhighlight>Qui nous donne le résultat en une seule ligne et sans fichier temporaire local.</div></td></tr>
<tr><td colspan="2" class="diff-side-deleted"></td><td class="diff-marker" data-marker="+"></td><td style="color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #a3d3ff; vertical-align: top; white-space: pre-wrap;"><div><ins style="font-weight: bold; text-decoration: none;"></ins></div></td></tr>
<tr><td colspan="2" class="diff-side-deleted"></td><td class="diff-marker" data-marker="+"></td><td style="color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #a3d3ff; vertical-align: top; white-space: pre-wrap;"><div><ins style="font-weight: bold; text-decoration: none;">Et ca marche pas qu'en https mais tout ce qui est en ssl/tls.</ins></div></td></tr>
<tr><td colspan="2" class="diff-side-deleted"></td><td class="diff-marker" data-marker="+"></td><td style="color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #a3d3ff; vertical-align: top; white-space: pre-wrap;"><div><ins style="font-weight: bold; text-decoration: none;"></ins></div></td></tr>
<tr><td colspan="2" class="diff-side-deleted"></td><td class="diff-marker" data-marker="+"></td><td style="color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #a3d3ff; vertical-align: top; white-space: pre-wrap;"><div><ins style="font-weight: bold; text-decoration: none;">MQTT<syntaxhighlight lang="bash"></ins></div></td></tr>
<tr><td colspan="2" class="diff-side-deleted"></td><td class="diff-marker" data-marker="+"></td><td style="color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #a3d3ff; vertical-align: top; white-space: pre-wrap;"><div><ins style="font-weight: bold; text-decoration: none;">echo | openssl s_client -servername test.mosquitto.org -connect test.mosquitto.org:8883 2> /dev/null | openssl x509 -text</ins></div></td></tr>
<tr><td colspan="2" class="diff-side-deleted"></td><td class="diff-marker" data-marker="+"></td><td style="color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #a3d3ff; vertical-align: top; white-space: pre-wrap;"><div><ins style="font-weight: bold; text-decoration: none;"></syntaxhighlight>Nous donne le certificat du broker mosquitto de test.<syntaxhighlight lang="text"></ins></div></td></tr>
<tr><td colspan="2" class="diff-side-deleted"></td><td class="diff-marker" data-marker="+"></td><td style="color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #a3d3ff; vertical-align: top; white-space: pre-wrap;"><div><ins style="font-weight: bold; text-decoration: none;"> .....</ins></div></td></tr>
<tr><td colspan="2" class="diff-side-deleted"></td><td class="diff-marker" data-marker="+"></td><td style="color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #a3d3ff; vertical-align: top; white-space: pre-wrap;"><div><ins style="font-weight: bold; text-decoration: none;"> Issuer: C=GB, ST=United Kingdom, L=Derby, O=Mosquitto, OU=CA, CN=mosquitto.org/emailAddress=roger@atchoo.org</ins></div></td></tr>
<tr><td colspan="2" class="diff-side-deleted"></td><td class="diff-marker" data-marker="+"></td><td style="color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #a3d3ff; vertical-align: top; white-space: pre-wrap;"><div><ins style="font-weight: bold; text-decoration: none;"> Validity</ins></div></td></tr>
<tr><td colspan="2" class="diff-side-deleted"></td><td class="diff-marker" data-marker="+"></td><td style="color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #a3d3ff; vertical-align: top; white-space: pre-wrap;"><div><ins style="font-weight: bold; text-decoration: none;"> Not Before: Jun 9 11:21:56 2020 GMT</ins></div></td></tr>
<tr><td colspan="2" class="diff-side-deleted"></td><td class="diff-marker" data-marker="+"></td><td style="color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #a3d3ff; vertical-align: top; white-space: pre-wrap;"><div><ins style="font-weight: bold; text-decoration: none;"> Not After : Jun 6 11:21:56 2030 GMT</ins></div></td></tr>
<tr><td colspan="2" class="diff-side-deleted"></td><td class="diff-marker" data-marker="+"></td><td style="color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #a3d3ff; vertical-align: top; white-space: pre-wrap;"><div><ins style="font-weight: bold; text-decoration: none;"> Subject: C=GB, ST=United Kingdom, L=Derby, O=Mosquitto, OU=Public server, CN=test.mosquitto.org</ins></div></td></tr>
<tr><td colspan="2" class="diff-side-deleted"></td><td class="diff-marker" data-marker="+"></td><td style="color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #a3d3ff; vertical-align: top; white-space: pre-wrap;"><div><ins style="font-weight: bold; text-decoration: none;"> .....</ins></div></td></tr>
<tr><td colspan="2" class="diff-side-deleted"></td><td class="diff-marker" data-marker="+"></td><td style="color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #a3d3ff; vertical-align: top; white-space: pre-wrap;"><div><ins style="font-weight: bold; text-decoration: none;"></syntaxhighlight>Ils font des certificats autosignés qui durent 10 ans.</ins></div></td></tr>
<tr><td colspan="2" class="diff-side-deleted"></td><td class="diff-marker" data-marker="+"></td><td style="color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #a3d3ff; vertical-align: top; white-space: pre-wrap;"><div><ins style="font-weight: bold; text-decoration: none;"></ins></div></td></tr>
<tr><td colspan="2" class="diff-side-deleted"></td><td class="diff-marker" data-marker="+"></td><td style="color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #a3d3ff; vertical-align: top; white-space: pre-wrap;"><div><ins style="font-weight: bold; text-decoration: none;">ET cette methode est valide pour tous les services sécurisés SSL/TLS.</ins></div></td></tr>
<tr><td colspan="2" class="diff-side-deleted"></td><td class="diff-marker" data-marker="+"></td><td style="color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #a3d3ff; vertical-align: top; white-space: pre-wrap;"><div><ins style="font-weight: bold; text-decoration: none;"></ins></div></td></tr>
<tr><td colspan="2" class="diff-side-deleted"></td><td class="diff-marker" data-marker="+"></td><td style="color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #a3d3ff; vertical-align: top; white-space: pre-wrap;"><div><ins style="font-weight: bold; text-decoration: none;">Même pour du ssh on a une réponse :<syntaxhighlight lang="bash"></ins></div></td></tr>
<tr><td colspan="2" class="diff-side-deleted"></td><td class="diff-marker" data-marker="+"></td><td style="color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #a3d3ff; vertical-align: top; white-space: pre-wrap;"><div><ins style="font-weight: bold; text-decoration: none;">openssl s_client -servername localhost -connect localhost:22</ins></div></td></tr>
<tr><td colspan="2" class="diff-side-deleted"></td><td class="diff-marker" data-marker="+"></td><td style="color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #a3d3ff; vertical-align: top; white-space: pre-wrap;"><div><ins style="font-weight: bold; text-decoration: none;"></syntaxhighlight>Marche très bien et nous dit que c'est bien du SSL sans certificat.<syntaxhighlight lang="text"></ins></div></td></tr>
<tr><td colspan="2" class="diff-side-deleted"></td><td class="diff-marker" data-marker="+"></td><td style="color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #a3d3ff; vertical-align: top; white-space: pre-wrap;"><div><ins style="font-weight: bold; text-decoration: none;">---</ins></div></td></tr>
<tr><td colspan="2" class="diff-side-deleted"></td><td class="diff-marker" data-marker="+"></td><td style="color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #a3d3ff; vertical-align: top; white-space: pre-wrap;"><div><ins style="font-weight: bold; text-decoration: none;">no peer certificate available</ins></div></td></tr>
<tr><td colspan="2" class="diff-side-deleted"></td><td class="diff-marker" data-marker="+"></td><td style="color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #a3d3ff; vertical-align: top; white-space: pre-wrap;"><div><ins style="font-weight: bold; text-decoration: none;">---</ins></div></td></tr>
<tr><td colspan="2" class="diff-side-deleted"></td><td class="diff-marker" data-marker="+"></td><td style="color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #a3d3ff; vertical-align: top; white-space: pre-wrap;"><div><ins style="font-weight: bold; text-decoration: none;">No client certificate CA names sent</ins></div></td></tr>
<tr><td colspan="2" class="diff-side-deleted"></td><td class="diff-marker" data-marker="+"></td><td style="color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #a3d3ff; vertical-align: top; white-space: pre-wrap;"><div><ins style="font-weight: bold; text-decoration: none;">---</ins></div></td></tr>
<tr><td colspan="2" class="diff-side-deleted"></td><td class="diff-marker" data-marker="+"></td><td style="color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #a3d3ff; vertical-align: top; white-space: pre-wrap;"><div><ins style="font-weight: bold; text-decoration: none;">SSL handshake has read 7 bytes and written 307 bytes</ins></div></td></tr>
<tr><td colspan="2" class="diff-side-deleted"></td><td class="diff-marker" data-marker="+"></td><td style="color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #a3d3ff; vertical-align: top; white-space: pre-wrap;"><div><ins style="font-weight: bold; text-decoration: none;">---</ins></div></td></tr>
<tr><td colspan="2" class="diff-side-deleted"></td><td class="diff-marker" data-marker="+"></td><td style="color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #a3d3ff; vertical-align: top; white-space: pre-wrap;"><div><ins style="font-weight: bold; text-decoration: none;">New, (NONE), Cipher is (NONE)</ins></div></td></tr>
<tr><td colspan="2" class="diff-side-deleted"></td><td class="diff-marker" data-marker="+"></td><td style="color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #a3d3ff; vertical-align: top; white-space: pre-wrap;"><div><ins style="font-weight: bold; text-decoration: none;"></ins></div></td></tr>
<tr><td colspan="2" class="diff-side-deleted"></td><td class="diff-marker" data-marker="+"></td><td style="color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #a3d3ff; vertical-align: top; white-space: pre-wrap;"><div><ins style="font-weight: bold; text-decoration: none;"></syntaxhighlight></ins></div></td></tr>
<!-- diff cache key knowledge:diff:1.41:old-452:rev-453:php=table -->
</table>
Jpinon
https://knowledge.pinon-hebert.fr/mediawiki/index.php?title=OpenSSL_extraire_un_certificat&diff=452&oldid=prev
Jpinon : Page créée avec « On voudrait connaitre le certificat d'un serveur en production quelque part mais nous n'y avons pas accès autrement que comme n'importe quel client. Cela marche pour n'importe quelle connexion tls (ssl) que ce soit un simple serveur web ou un serveur MQTTs ftps etc... Pour explorer le certificat en place sur le présent wiki:<syntaxhighlight lang="bash"> openssl s_client -servername knowledge.pinon-hebert.fr -connect knowledge.pinon-hebert.fr:443 2> /dev/nul <... »
2023-12-01T13:49:05Z
<p>Page créée avec « On voudrait connaitre le certificat d'un serveur en production quelque part mais nous n'y avons pas accès autrement que comme n'importe quel client. Cela marche pour n'importe quelle connexion tls (ssl) que ce soit un simple serveur web ou un serveur MQTTs ftps etc... Pour explorer le certificat en place sur le présent wiki:<syntaxhighlight lang="bash"> openssl s_client -servername knowledge.pinon-hebert.fr -connect knowledge.pinon-hebert.fr:443 2> /dev/nul <... »</p>
<p><b>Nouvelle page</b></p><div>On voudrait connaitre le certificat d'un serveur en production quelque part mais nous n'y avons pas accès autrement que comme n'importe quel client.<br />
<br />
Cela marche pour n'importe quelle connexion tls (ssl) que ce soit un simple serveur web ou un serveur MQTTs ftps etc...<br />
<br />
Pour explorer le certificat en place sur le présent wiki:<syntaxhighlight lang="bash"><br />
openssl s_client -servername knowledge.pinon-hebert.fr -connect knowledge.pinon-hebert.fr:443 2> /dev/nul<br />
</syntaxhighlight>Nous donne beaucoup de choses dont :<br />
<br />
La chaine de certification:<syntaxhighlight lang="text"><br />
---<br />
Certificate chain<br />
0 s:/CN=knowledge.pinon-hebert.fr<br />
i:/C=US/O=Let's Encrypt/CN=R3<br />
1 s:/C=US/O=Let's Encrypt/CN=R3<br />
i:/C=US/O=Internet Security Research Group/CN=ISRG Root X1<br />
2 s:/C=US/O=Internet Security Research Group/CN=ISRG Root X1<br />
i:/O=Digital Signature Trust Co./CN=DST Root CA X3<br />
---<br />
<br />
</syntaxhighlight>Oui je suis radin j'utilise let's encrypt.<br />
<br />
Le certificat lui même:<syntaxhighlight lang="pem"><br />
-----BEGIN CERTIFICATE-----<br />
MIIE/zCCA+egAwIBAgISBDQpc+0xb1u31bGiAHV2kTeAMA0GCSqGSIb3DQEBCwUA<br />
MDIxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MQswCQYDVQQD<br />
EwJSMzAeFw0yMzEwMDYxMzU4MThaFw0yNDAxMDQxMzU4MTdaMCQxIjAgBgNVBAMT<br />
GWtub3dsZWRnZS5waW5vbi1oZWJlcnQuZnIwggEiMA0GCSqGSIb3DQEBAQUAA4IB<br />
DwAwggEKAoIBAQDHWr5U7mcSQY+RhcxKLZhzt/AMo3xtvEvJPhfZnjgDLNEEg1Hm<br />
JCXWdeG5l94H2LIbczYE5YodZKqk6ygb0Wta6daOtD0yhqx9790HnBMv242saKfv<br />
v5NTTaQX5LKzJblwmukr4lpzMdNncQwXtk+rgY38YFS2wdKTNQw8nq9GDH24iFlB<br />
KzhS3V/2YD4nsTK783kxR6VHWx/hBXPlQiLDkXyi7IxwzfcIjYNbko5omsq41d6j<br />
BHbH2xDx4AlNk09tBTIkCQTnflVWVbor8BbDOZc1Y1m1hUQ6aZbhYz+iMfk6F0ck<br />
wy4wfcPVlpBI5vX6Id98DH8G2xEmwBQkQCt7AgMBAAGjggIbMIICFzAOBgNVHQ8B<br />
Af8EBAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMAwGA1UdEwEB<br />
/wQCMAAwHQYDVR0OBBYEFMYN8/BW/lA7SKDKCna47ntiBgDgMB8GA1UdIwQYMBaA<br />
FBQusxe3WFbLrlAJQOYfr52LFMLGMFUGCCsGAQUFBwEBBEkwRzAhBggrBgEFBQcw<br />
AYYVaHR0cDovL3IzLm8ubGVuY3Iub3JnMCIGCCsGAQUFBzAChhZodHRwOi8vcjMu<br />
aS5sZW5jci5vcmcvMCQGA1UdEQQdMBuCGWtub3dsZWRnZS5waW5vbi1oZWJlcnQu<br />
ZnIwEwYDVR0gBAwwCjAIBgZngQwBAgEwggEEBgorBgEEAdZ5AgQCBIH1BIHyAPAA<br />
dgA7U3d1Pi25gE6LMFsG/kA7Z9hPw/THvQANLXJv4frUFwAAAYsFfxxCAAAEAwBH<br />
MEUCIQCggjLkLR+7zHUCZsXfsxuOHNfX49h29yRjaQ/LQAb4KgIgHxu2qMLvWenp<br />
EmvGQd5x0KDrXuLkq+afOFjfnmkoMz4AdgDuzdBk1dsazsVct520zROiModGfLzs<br />
3sNRSFlGcR+1mwAAAYsFfxx4AAAEAwBHMEUCICelplLG6uWfj5LXjCjf+boGrieh<br />
A4d6vPYJgg2awJkDAiEA1Wu5pO/YPqxzsLvK1iIcZi2k4JIchIB8SeXyhtuXBqww<br />
DQYJKoZIhvcNAQELBQADggEBACASzcuPrgDSd2g1LCWdMlojreg+wI8JfzhHQ5z1<br />
28HQEY4hIJ1eetPH5m71QHVwLwys7oiRA4mNp+G2TE95z+rLht2CTtjofj1RJq9S<br />
nXy+dCu/XrYcS9wtdCCAOVkf37WqKVeo8hEH0jAbT/u/yPCjKgsryosfPoq0+TCW<br />
gUwgpZbt145P8/OZzHQoKEumGr3bUzEiUprrfetWv4Hxl7ucsGkV6dLrV69emzeN<br />
CjvEV2QS1MrUUlUdGoyOqkeCFyQdGOxTmy7JlLzsMmdxtxDDJLYD3nsNa/D7dVtD<br />
Q5L3pbZLd+pOuawncFzvUXiyDX7YSankyvSDK+scezFfM58=<br />
-----END CERTIFICATE-----<br />
<br />
</syntaxhighlight>Pour décoder ce certificat on utilise toujours openssl. Supposons que le certificat soit dans un fichier:<syntaxhighlight lang="bash"><br />
cat cert.der | openssl x509 -text<br />
</syntaxhighlight>Qui, entre autre nous donne les infos de validité:<syntaxhighlight lang="text"><br />
Issuer: C=US, O=Let's Encrypt, CN=R3<br />
Validity<br />
Not Before: Oct 6 13:58:18 2023 GMT<br />
Not After : Jan 4 13:58:17 2024 GMT<br />
Subject: CN=knowledge.pinon-hebert.fr<br />
<br />
</syntaxhighlight>On peut même tout inclure dans la même ligne :<syntaxhighlight lang="bash"><br />
echo | openssl s_client -servername knowledge.pinon-hebert.fr -connect knowledge.pinon-hebert.fr:443 2>/dev/null | openssl x509 -text<br />
</syntaxhighlight>Qui nous donne le résultat en une seule ligne et sans fichier temporaire local.</div>
Jpinon