Differences

This shows you the differences between two versions of the page.

--- informatica:linux:certificados [2024/09/19 13:36] – jose
+++ informatica:linux:certificados [2024/09/19 13:52] (current) – [Grabar certificado, subCA y CA] jose
@@ Line 1: / Line 1: @@
 ====== Listar certificado y ver fecha y issuer ======
-  URL=google.com;PORT=443;OLDIFS=$IFS; IFS=':' certificates=$(echo | openssl s_client -showcerts -servername $URL -connect $URL:$PORT 2>/dev/null | sed -n '/-----BEGIN/,/-----END/ {/-----BEGIN/ s/^/:/; p}'); for certificate in ${certificates#:}; do echo;echo $certificate | openssl x509 -noout -subject -issuer -dates ;echo; done; IFS=$OLDIFS
+  URL=www.google.com;PORT=443;OLDIFS=$IFS; IFS=':' certificates=$(echo | openssl s_client -showcerts -servername $URL -connect $URL:$PORT 2>/dev/null | sed -n '/-----BEGIN/,/-----END/ {/-----BEGIN/ s/^/:/; p}'); for certificate in ${certificates#:}; do echo;echo $certificate | openssl x509 -noout -subject -issuer -dates ;echo; done; IFS=$OLDIFS
 El resultado es este, certificado, SUBCA y CA
 <code>
-subject=CN = *.google.com
+subject=CN = www.google.com
 issuer=C = US, O = Google Trust Services, CN = WR2
-notBefore=Aug 12 06:33:49 2024 GMT
+notBefore=Aug 12 07:19:41 2024 GMT
-notAfter=Nov  4 06:33:48 2024 GMT
+notAfter=Nov  4 07:19:40 2024 GMT
 subject=C = US, O = Google Trust Services, CN = WR2
@@ Line 14: / Line 13: @@
 notBefore=Dec 13 09:00:00 2023 GMT
 notAfter=Feb 20 14:00:00 2029 GMT
 subject=C = US, O = Google Trust Services LLC, CN = GTS Root R1
@@ Line 20: / Line 18: @@
 notBefore=Jun 19 00:00:42 2020 GMT
 notAfter=Jan 28 00:00:42 2028 GMT
 </code>
@@ Line 26: / Line 23: @@
 ====== Grabar certificado, subCA y CA ======
 El mismo comando pero guarda el certificado, la subCA y la CA en ficheros que se llaman como el CN del subject de cada certificado, subCA y CA
-  URL=www.google.com;PORT=443;OLDIFS=$IFS; IFS=':' certificates=$(echo | openssl s_client -showcerts -servername $URL -connect $URL:$PORT 2>/dev/null | sed -n '/-----BEGIN/,/-----END/ {/-----BEGIN/ s/^/:/; p}'); for certificate in ${certificates#:}; do echo;echo $certificate | openssl x509 -noout -subject -issuer -dates ;fichero=`echo $certificate | openssl x509 -noout -subject|awk {'print $NF'}`; echo $certificate > ${fichero}.crt; done; IFS=$OLDIFS
+  URL=www.google.com;PORT=443;OLDIFS=$IFS; IFS=':' certificates=$(echo | openssl s_client -showcerts -servername $URL -connect $URL:$PORT 2>/dev/null | sed -n '/-----BEGIN/,/-----END/ {/-----BEGIN/ s/^/:/; p}'); for certificate in ${certificates#:}; do echo;echo $certificate | openssl x509 -noout -subject -issuer -dates ;fichero=`echo $certificate | openssl x509 -noout -subject|awk -F'CN = ' {'print $NF'}|sed 's/ /_/g'`; echo $certificate > ${fichero}.crt; done; IFS=$OLDIFS
+En este caso creo los ficheros:
+  www.google.com.crt
+  WR2.crt
+  GTS_Root_R1.crt
+Si probamos con www.elpais.es tiene 4 certificados
+<code>
+subject=CN = elpais.com
+issuer=C = US, O = Amazon, CN = Amazon RSA 2048 M03
+notBefore=Jul 18 00:00:00 2024 GMT
+notAfter=Aug 16 23:59:59 2025 GMT
+subject=C = US, O = Amazon, CN = Amazon RSA 2048 M03
+issuer=C = US, O = Amazon, CN = Amazon Root CA 1
+notBefore=Aug 23 22:26:04 2022 GMT
+notAfter=Aug 23 22:26:04 2030 GMT
+subject=C = US, O = Amazon, CN = Amazon Root CA 1
+issuer=C = US, ST = Arizona, L = Scottsdale, O = "Starfield Technologies, Inc.", CN = Starfield Services Root Certificate Authority - G2
+notBefore=May 25 12:00:00 2015 GMT
+notAfter=Dec 31 01:00:00 2037 GMT
+subject=C = US, ST = Arizona, L = Scottsdale, O = "Starfield Technologies, Inc.", CN = Starfield Services Root Certificate Authority - G2
+issuer=C = US, O = "Starfield Technologies, Inc.", OU = Starfield Class 2 Certification Authority
+notBefore=Sep  2 00:00:00 2009 GMT
+notAfter=Jun 28 17:39:16 2034 GMT
+</code>
+<code>
+elpais.com.crt
+Amazon_RSA_2048_M03.crt
+Amazon_Root_CA_1.crt
+Starfield_Services_Root_Certificate_Authority_-_G2.crt
+</code>
 ====== Firefox ======
 Para importar un certificado en firefox: