Differences

This shows you the differences between two versions of the page.

--- informatica:linux:certificados [2019/10/01 16:29] – jose
+++ informatica:linux:certificados [2024/09/19 13:52] (current) – [Grabar certificado, subCA y CA] jose
@@ Line 1: / Line 1: @@
+====== Listar certificado y ver fecha y issuer ======
+  URL=www.google.com;PORT=443;OLDIFS=$IFS; IFS=':' certificates=$(echo | openssl s_client -showcerts -servername $URL -connect $URL:$PORT 2>/dev/null | sed -n '/-----BEGIN/,/-----END/ {/-----BEGIN/ s/^/:/; p}'); for certificate in ${certificates#:}; do echo;echo $certificate | openssl x509 -noout -subject -issuer -dates ;echo; done; IFS=$OLDIFS
+El resultado es este, certificado, SUBCA y CA
+<code>
+subject=CN = www.google.com
+issuer=C = US, O = Google Trust Services, CN = WR2
+notBefore=Aug 12 07:19:41 2024 GMT
+notAfter=Nov  4 07:19:40 2024 GMT
+subject=C = US, O = Google Trust Services, CN = WR2
+issuer=C = US, O = Google Trust Services LLC, CN = GTS Root R1
+notBefore=Dec 13 09:00:00 2023 GMT
+notAfter=Feb 20 14:00:00 2029 GMT
+subject=C = US, O = Google Trust Services LLC, CN = GTS Root R1
+issuer=C = BE, O = GlobalSign nv-sa, OU = Root CA, CN = GlobalSign Root CA
+notBefore=Jun 19 00:00:42 2020 GMT
+notAfter=Jan 28 00:00:42 2028 GMT
+</code>
+====== Grabar certificado, subCA y CA ======
+El mismo comando pero guarda el certificado, la subCA y la CA en ficheros que se llaman como el CN del subject de cada certificado, subCA y CA
+  URL=www.google.com;PORT=443;OLDIFS=$IFS; IFS=':' certificates=$(echo | openssl s_client -showcerts -servername $URL -connect $URL:$PORT 2>/dev/null | sed -n '/-----BEGIN/,/-----END/ {/-----BEGIN/ s/^/:/; p}'); for certificate in ${certificates#:}; do echo;echo $certificate | openssl x509 -noout -subject -issuer -dates ;fichero=`echo $certificate | openssl x509 -noout -subject|awk -F'CN = ' {'print $NF'}|sed 's/ /_/g'`; echo $certificate > ${fichero}.crt; done; IFS=$OLDIFS
+En este caso creo los ficheros:
+  www.google.com.crt
+  WR2.crt
+  GTS_Root_R1.crt
+Si probamos con www.elpais.es tiene 4 certificados
+<code>
+subject=CN = elpais.com
+issuer=C = US, O = Amazon, CN = Amazon RSA 2048 M03
+notBefore=Jul 18 00:00:00 2024 GMT
+notAfter=Aug 16 23:59:59 2025 GMT
+subject=C = US, O = Amazon, CN = Amazon RSA 2048 M03
+issuer=C = US, O = Amazon, CN = Amazon Root CA 1
+notBefore=Aug 23 22:26:04 2022 GMT
+notAfter=Aug 23 22:26:04 2030 GMT
+subject=C = US, O = Amazon, CN = Amazon Root CA 1
+issuer=C = US, ST = Arizona, L = Scottsdale, O = "Starfield Technologies, Inc.", CN = Starfield Services Root Certificate Authority - G2
+notBefore=May 25 12:00:00 2015 GMT
+notAfter=Dec 31 01:00:00 2037 GMT
+subject=C = US, ST = Arizona, L = Scottsdale, O = "Starfield Technologies, Inc.", CN = Starfield Services Root Certificate Authority - G2
+issuer=C = US, O = "Starfield Technologies, Inc.", OU = Starfield Class 2 Certification Authority
+notBefore=Sep  2 00:00:00 2009 GMT
+notAfter=Jun 28 17:39:16 2034 GMT
+</code>
+<code>
+elpais.com.crt
+Amazon_RSA_2048_M03.crt
+Amazon_Root_CA_1.crt
+Starfield_Services_Root_Certificate_Authority_-_G2.crt
+</code>
+====== Firefox ======
 Para importar un certificado en firefox:
   https://bugs.launchpad.net/ubuntu/+source/firefox-3.0/+bug/198841
@@ Line 5: / Line 67: @@
 Crear o generar Certificado autofirmado
 Creamos Petición:
-  openssl req -new -nodes -keyout www.lobo99.com.key -out www.lobo99.com.csr -subj "/C=CAT/ST=Catalonia/L=Mataro/O=lobo99/CN=www.lobo99.com"
+  openssl req -new -nodes -keyout www.lobo99.com.key -out www.lobo99.com.csr -subj "/C=ES/ST=Catalonia/L=Mataro/O=lobo99/CN=www.lobo99.com"
 Firmamos el certificado:
   openssl x509 -req -days 3650 -in www.lobo99.com.csr -signkey www.lobo99.com.key -out www.lobo99.com.crt