單純紀錄
TODO: 有空回來整理
Test FTP certificate
1
|
openssl s_client -connect server.yourwebhoster.eu:21 -starttls ftp
|
Test POP3 certificate
1
|
openssl s_client -connect server.yourwebhoster.eu:995
|
Test IMAP certificate
1
|
openssl s_client -connect server.yourwebhoster.eu:993
|
Test SMTP SSL certificate
1
|
openssl s_client -connect server.yourwebhoster.eu:465
|
Test SMTP TLS certificate
1
|
openssl s_client -connect server.yourwebhoster.eu:587 -starttls smtp
|
Test HTTPS certificate
1
|
openssl s_client -connect server.yourwebhoster.eu:443
|
Test DirectAdmin certificate
1
|
openssl s_client -connect server.yourwebhoster.eu:2222
|
How to verify SSL certificates with SNI (Server Name Indication) using OpenSSL
Using SNI with OpenSSL is easy. Just add the -servername flag and you are good to go. Replace in the examples below mail.domain.com with the SNI name. Note: you can also use the SNI name to replace server.yourwebhoster.eu with.
Test FTP certificate
1
|
openssl s_client -connect server.yourwebhoster.eu:21 -starttls ftp -servername mail.domain.com
|
Test POP3 certificate
1
|
openssl s_client -connect server.yourwebhoster.eu:995 -servername mail.domain.com
|
Test IMAP certificate
1
|
openssl s_client -connect server.yourwebhoster.eu:993 -servername mail.domain.com
|
Test SMTP SSL certificate
1
|
openssl s_client -connect server.yourwebhoster.eu:465 -servername mail.domain.com
|
Test SMTP TLS certificate
1
|
openssl s_client -connect server.yourwebhoster.eu:587 -starttls smtp -servername mail.domain.com
|
Test HTTPS certificate
1
|
openssl s_client -connect server.yourwebhoster.eu:443 -servername mail.domain.com
|
讀取網站憑證指紋
1
|
echo | openssl s_client -connect www.cgmh.org.tw:443 |& openssl x509 -fingerprint -noout
|
網站憑證鏈指紋
1
2
3
4
5
6
|
echo "" | openssl s_client -showcerts \
-connect saucelabs.com:443 2>&1 | \
sed -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p;
/-END CERTIFICATE-/a\\x0' |\
sed -e '$ d' | xargs -0rl -I% sh -c "echo '%' | \
openssl x509 -fingerprint -noout -sha256 -subject"
|
參考sni - Different SHA1 fingerprint in browser and openssl - Stack Overflow
但根憑證好像算錯了?
sha1,sha256,md5
SHA-256
1
|
openssl x509 -noout -fingerprint -sha256 -inform pem -in [certificate-file.crt]
|
SHA-1
1
|
openssl x509 -noout -fingerprint -sha1 -inform pem -in [certificate-file.crt]
|
MD5
1
|
openssl x509 -noout -fingerprint -md5 -inform pem -in [certificate-file.crt]
|
How to view a certificate fingerprint as SHA-256, SHA-1 or MD5 using OpenSSL for RSA Authentication … - RSA Link - 4230
Certificate Decoder - Decode certificates to view their contents
SSL 相關的測試工具 – 軟體品管的專業思維
SSLScan - 瞭解網站是否安全的好用小工具
OpenSSL command cheatsheet