メンテナンス・トラブルシュート - SSL 無料証明書(Let's Encrypt) - 証明書の内容を確認
1. 概要 証明書の内容を確認するときは、クライアントマシンで読みこんだものを、ブラウザなり、メールクライアントなりで表示させていたのですが・・・。 「SSL 証明書の内容を openssl で確認する - Qiita」を読んで、サーバ側でコマンドから確認できることがわかりました。 2. コマンドで確認 単に期限を見るだけの場合 $ openssl x509 -noout -dates -in /パス/cert.pem notBefore=Jan 15 14:10:51 2019 GMT notAfter=Apr 15 14:10:51 2019 GMT 全内容を確認する場合は $ openssl x509 -text -noout -in /パス/cert.pem Certificate: Data: Version: 3 (0x2) Serial Number: 03:e8:9b:18:a2:f1:81:fc:5c:57:b5:6d:d1:bd:d8:36:c5:ec Signature Algorithm: sha256WithRSAEncryption Issuer: C=US, O=Let's Encrypt, CN=Let's Encrypt Authority X3 Validity Not Before: Jan 15 14:10:51 2019 GMT Not After : Apr 15 14:10:51 2019 GMT Subject: CN=ns.sing.ne.jp Subject Public Key Info: Public Key Algorithm: rsaEncryption Public-Key: (2048 bit) Modulus: 00:aa:07:a6:34:4a:f2:eb:8a:2b:44:be:ad:6e:84: ・・・ 略 ・・・ a4:32:61:b1:12:10:4f:b1:fc:a2:fb:34:72:06:76: 64:f9 Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Key Usage: critical Digital Signature, Key Encipherment X509v3 Extended Key Usage: TLS Web Server Authentication, TLS Web Client Authentication X509v3 Basic Constraints: critical CA:FALSE X509v3 Subject Key Identifier: 86:90:1A:A9:A7:E6:5E:F5:7F:98:9D:1F:00:80:8E:34:5E:C5:05:22 X509v3 Authority Key Identifier: keyid:A8:4A:6A:63:04:7D:DD:BA:E6:D1:39:B7:A6:45:65:EF:F3:A8:EC:A1 Authority Information Access: OCSP - URI:http://ocsp.int-x3.letsencrypt.org CA Issuers - URI:http://cert.int-x3.letsencrypt.org/ X509v3 Subject Alternative Name: DNS:ns.sing.ne.jp X509v3 Certificate Policies: Policy: 2.23.140.1.2.1 Policy: 1.3.6.1.4.1.44947.1.1.1 CPS: http://cps.letsencrypt.org CT Precertificate SCTs: Signed Certificate Timestamp: Version : v1(0) Log ID : E2:69:4B:AE:26:E8:E9:40:09:E8:86:1B:B6:3B:83:D4: 3E:E7:FE:74:88:FB:A4:8F:28:93:01:9D:DD:F1:DB:FE Timestamp : Jan 15 15:10:52.477 2019 GMT Extensions: none Signature : ecdsa-with-SHA256 30:44:02:20:1C:31:6F:96:9B:9F:C7:85:CC:F6:C1:C4: ・・・ 略 ・・・ 83:45:FF:7E:37:8B Signed Certificate Timestamp: Version : v1(0) Log ID : 29:3C:51:96:54:C8:39:65:BA:AA:50:FC:58:07:D4:B7: 6F:BF:58:7A:29:72:DC:A4:C3:0C:F4:E5:45:47:F4:78 Timestamp : Jan 15 15:10:52.068 2019 GMT Extensions: none Signature : ecdsa-with-SHA256 30:46:02:21:00:C5:BC:4E:AD:0D:B8:E8:0D:8F:3C:41: ・・・ 略 ・・・ C7:AE:C0:30:01:E7:BE:D6 Signature Algorithm: sha256WithRSAEncryption 51:b1:9e:08:38:ce:cd:e5:b9:3c:67:91:7f:88:de:74:3e:5e: ・・・ 略 ・・・ 03:1c:b8:ae:65:d7:e3:49:83:9b:c6:37:cc:99:e7:79:da:34: 62:0e:27:63
$ openssl x509 -noout -dates -in /パス/cert.pem notBefore=Jan 15 14:10:51 2019 GMT notAfter=Apr 15 14:10:51 2019 GMT
$ openssl x509 -text -noout -in /パス/cert.pem Certificate: Data: Version: 3 (0x2) Serial Number: 03:e8:9b:18:a2:f1:81:fc:5c:57:b5:6d:d1:bd:d8:36:c5:ec Signature Algorithm: sha256WithRSAEncryption Issuer: C=US, O=Let's Encrypt, CN=Let's Encrypt Authority X3 Validity Not Before: Jan 15 14:10:51 2019 GMT Not After : Apr 15 14:10:51 2019 GMT Subject: CN=ns.sing.ne.jp Subject Public Key Info: Public Key Algorithm: rsaEncryption Public-Key: (2048 bit) Modulus: 00:aa:07:a6:34:4a:f2:eb:8a:2b:44:be:ad:6e:84: ・・・ 略 ・・・ a4:32:61:b1:12:10:4f:b1:fc:a2:fb:34:72:06:76: 64:f9 Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Key Usage: critical Digital Signature, Key Encipherment X509v3 Extended Key Usage: TLS Web Server Authentication, TLS Web Client Authentication X509v3 Basic Constraints: critical CA:FALSE X509v3 Subject Key Identifier: 86:90:1A:A9:A7:E6:5E:F5:7F:98:9D:1F:00:80:8E:34:5E:C5:05:22 X509v3 Authority Key Identifier: keyid:A8:4A:6A:63:04:7D:DD:BA:E6:D1:39:B7:A6:45:65:EF:F3:A8:EC:A1 Authority Information Access: OCSP - URI:http://ocsp.int-x3.letsencrypt.org CA Issuers - URI:http://cert.int-x3.letsencrypt.org/ X509v3 Subject Alternative Name: DNS:ns.sing.ne.jp X509v3 Certificate Policies: Policy: 2.23.140.1.2.1 Policy: 1.3.6.1.4.1.44947.1.1.1 CPS: http://cps.letsencrypt.org CT Precertificate SCTs: Signed Certificate Timestamp: Version : v1(0) Log ID : E2:69:4B:AE:26:E8:E9:40:09:E8:86:1B:B6:3B:83:D4: 3E:E7:FE:74:88:FB:A4:8F:28:93:01:9D:DD:F1:DB:FE Timestamp : Jan 15 15:10:52.477 2019 GMT Extensions: none Signature : ecdsa-with-SHA256 30:44:02:20:1C:31:6F:96:9B:9F:C7:85:CC:F6:C1:C4: ・・・ 略 ・・・ 83:45:FF:7E:37:8B Signed Certificate Timestamp: Version : v1(0) Log ID : 29:3C:51:96:54:C8:39:65:BA:AA:50:FC:58:07:D4:B7: 6F:BF:58:7A:29:72:DC:A4:C3:0C:F4:E5:45:47:F4:78 Timestamp : Jan 15 15:10:52.068 2019 GMT Extensions: none Signature : ecdsa-with-SHA256 30:46:02:21:00:C5:BC:4E:AD:0D:B8:E8:0D:8F:3C:41: ・・・ 略 ・・・ C7:AE:C0:30:01:E7:BE:D6 Signature Algorithm: sha256WithRSAEncryption 51:b1:9e:08:38:ce:cd:e5:b9:3c:67:91:7f:88:de:74:3e:5e: ・・・ 略 ・・・ 03:1c:b8:ae:65:d7:e3:49:83:9b:c6:37:cc:99:e7:79:da:34: 62:0e:27:63
