URL=www.google.com;PORT=443;OLDIFS=$IFS; IFS=':' certificates=$(echo | openssl s_client -showcerts -servername $URL -connect $URL:$PORT 2>/dev/null | sed -n '/-----BEGIN/,/-----END/ {/-----BEGIN/ s/^/:/; p}'); for certificate in ${certificates#:}; do echo;echo $certificate | openssl x509 -noout -subject -issuer -dates ;echo; done; IFS=$OLDIFS
El resultado es este, certificado, SUBCA y CA
subject=CN = www.google.com issuer=C = US, O = Google Trust Services, CN = WR2 notBefore=Aug 12 07:19:41 2024 GMT notAfter=Nov 4 07:19:40 2024 GMT subject=C = US, O = Google Trust Services, CN = WR2 issuer=C = US, O = Google Trust Services LLC, CN = GTS Root R1 notBefore=Dec 13 09:00:00 2023 GMT notAfter=Feb 20 14:00:00 2029 GMT subject=C = US, O = Google Trust Services LLC, CN = GTS Root R1 issuer=C = BE, O = GlobalSign nv-sa, OU = Root CA, CN = GlobalSign Root CA notBefore=Jun 19 00:00:42 2020 GMT notAfter=Jan 28 00:00:42 2028 GMT
El mismo comando pero guarda el certificado, la subCA y la CA en ficheros que se llaman como el CN del subject de cada certificado, subCA y CA
URL=www.google.com;PORT=443;OLDIFS=$IFS; IFS=':' certificates=$(echo | openssl s_client -showcerts -servername $URL -connect $URL:$PORT 2>/dev/null | sed -n '/-----BEGIN/,/-----END/ {/-----BEGIN/ s/^/:/; p}'); for certificate in ${certificates#:}; do echo;echo $certificate | openssl x509 -noout -subject -issuer -dates ;fichero=`echo $certificate | openssl x509 -noout -subject|awk -F'CN = ' {'print $NF'}|sed 's/ /_/g'`; echo $certificate > ${fichero}.crt; done; IFS=$OLDIFS
En este caso creo los ficheros:
www.google.com.crt WR2.crt GTS_Root_R1.crt
Si probamos con www.elpais.es tiene 4 certificados
subject=CN = elpais.com issuer=C = US, O = Amazon, CN = Amazon RSA 2048 M03 notBefore=Jul 18 00:00:00 2024 GMT notAfter=Aug 16 23:59:59 2025 GMT subject=C = US, O = Amazon, CN = Amazon RSA 2048 M03 issuer=C = US, O = Amazon, CN = Amazon Root CA 1 notBefore=Aug 23 22:26:04 2022 GMT notAfter=Aug 23 22:26:04 2030 GMT subject=C = US, O = Amazon, CN = Amazon Root CA 1 issuer=C = US, ST = Arizona, L = Scottsdale, O = "Starfield Technologies, Inc.", CN = Starfield Services Root Certificate Authority - G2 notBefore=May 25 12:00:00 2015 GMT notAfter=Dec 31 01:00:00 2037 GMT subject=C = US, ST = Arizona, L = Scottsdale, O = "Starfield Technologies, Inc.", CN = Starfield Services Root Certificate Authority - G2 issuer=C = US, O = "Starfield Technologies, Inc.", OU = Starfield Class 2 Certification Authority notBefore=Sep 2 00:00:00 2009 GMT notAfter=Jun 28 17:39:16 2034 GMT
elpais.com.crt Amazon_RSA_2048_M03.crt Amazon_Root_CA_1.crt Starfield_Services_Root_Certificate_Authority_-_G2.crt
Para importar un certificado en firefox:
https://bugs.launchpad.net/ubuntu/+source/firefox-3.0/+bug/198841
Crear o generar Certificado autofirmado Creamos PeticiĆ³n:
openssl req -new -nodes -keyout www.lobo99.com.key -out www.lobo99.com.csr -subj "/C=ES/ST=Catalonia/L=Mataro/O=lobo99/CN=www.lobo99.com"
Firmamos el certificado:
openssl x509 -req -days 3650 -in www.lobo99.com.csr -signkey www.lobo99.com.key -out www.lobo99.com.crt