メンテナンス・トラブルシュート - SSL 無料証明書(Let's Encrypt) - 証明書の内容を確認

1.　概要

2.　コマンドで確認

1.　概要

　証明書の内容を確認するときは、クライアントマシンで読みこんだものを、ブラウザなり、メールクライアントなりで表示させていたのですが・・・。

　「SSL 証明書の内容を openssl で確認する - Qiita」を読んで、サーバ側でコマンドから確認できることがわかりました。

2.　コマンドで確認

　単に期限を見るだけの場合


$ openssl x509 -noout -dates -in /パス/cert.pem
notBefore=Jan 15 14:10:51 2019 GMT
notAfter=Apr 15 14:10:51 2019 GMT


　全内容を確認する場合は


$ openssl x509 -text -noout -in /パス/cert.pem
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            03:e8:9b:18:a2:f1:81:fc:5c:57:b5:6d:d1:bd:d8:36:c5:ec
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: C=US, O=Let's Encrypt, CN=Let's Encrypt Authority X3
        Validity
            Not Before: Jan 15 14:10:51 2019 GMT
            Not After : Apr 15 14:10:51 2019 GMT
        Subject: CN=ns.sing.ne.jp
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                Public-Key: (2048 bit)
                Modulus:
                    00:aa:07:a6:34:4a:f2:eb:8a:2b:44:be:ad:6e:84:
・・・	略	・・・
                    a4:32:61:b1:12:10:4f:b1:fc:a2:fb:34:72:06:76:
                    64:f9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Key Usage: critical
                Digital Signature, Key Encipherment
            X509v3 Extended Key Usage:
                TLS Web Server Authentication, TLS Web Client Authentication
            X509v3 Basic Constraints: critical
                CA:FALSE
            X509v3 Subject Key Identifier:
                86:90:1A:A9:A7:E6:5E:F5:7F:98:9D:1F:00:80:8E:34:5E:C5:05:22
            X509v3 Authority Key Identifier:
                keyid:A8:4A:6A:63:04:7D:DD:BA:E6:D1:39:B7:A6:45:65:EF:F3:A8:EC:A1

            Authority Information Access:
                OCSP - URI:http://ocsp.int-x3.letsencrypt.org
                CA Issuers - URI:http://cert.int-x3.letsencrypt.org/

            X509v3 Subject Alternative Name:
                DNS:ns.sing.ne.jp
            X509v3 Certificate Policies:
                Policy: 2.23.140.1.2.1
                Policy: 1.3.6.1.4.1.44947.1.1.1
                  CPS: http://cps.letsencrypt.org

            CT Precertificate SCTs:
                Signed Certificate Timestamp:
                    Version   : v1(0)
                    Log ID    : E2:69:4B:AE:26:E8:E9:40:09:E8:86:1B:B6:3B:83:D4:
                                3E:E7:FE:74:88:FB:A4:8F:28:93:01:9D:DD:F1:DB:FE
                    Timestamp : Jan 15 15:10:52.477 2019 GMT
                    Extensions: none
                    Signature : ecdsa-with-SHA256
                                30:44:02:20:1C:31:6F:96:9B:9F:C7:85:CC:F6:C1:C4:
・・・	略	・・・
                                83:45:FF:7E:37:8B
                Signed Certificate Timestamp:
                    Version   : v1(0)
                    Log ID    : 29:3C:51:96:54:C8:39:65:BA:AA:50:FC:58:07:D4:B7:
                                6F:BF:58:7A:29:72:DC:A4:C3:0C:F4:E5:45:47:F4:78
                    Timestamp : Jan 15 15:10:52.068 2019 GMT
                    Extensions: none
                    Signature : ecdsa-with-SHA256
                                30:46:02:21:00:C5:BC:4E:AD:0D:B8:E8:0D:8F:3C:41:
・・・	略	・・・
                                C7:AE:C0:30:01:E7:BE:D6
    Signature Algorithm: sha256WithRSAEncryption
         51:b1:9e:08:38:ce:cd:e5:b9:3c:67:91:7f:88:de:74:3e:5e:
・・・	略	・・・
         03:1c:b8:ae:65:d7:e3:49:83:9b:c6:37:cc:99:e7:79:da:34:
         62:0e:27:63