certificate 证书

  1. Linux 系统中的证书位置

在 Linux 系统中,根证书和信任的证书通常存储在以下目录中:

  • 根证书存储路径

    • /etc/ssl/certs/
    • /usr/share/ca-certificates/(某些发行版)
    • /etc/pki/tls/certs/(某些发行版,如 RedHat/CentOS)

  • 管理证书

    • ca-certificates 软件包通常用于管理信任的根证书。
    • 使用 update-ca-certificates 命令来更新系统证书库。

  • 验证证书内容

    您可以通过 openssl 命令查看该证书的详细信息,确认它是否是 USERTrust RSA Certification Authority 根证书。运行以下命令:

    1
    openssl x509 -in USERTrust_RSA_Certification_Authority.pem -text -noout

    这将显示证书的详细信息,其中包括:

    • Issuer:应为 USERTrust RSA Certification Authority
    • Subject:通常会显示证书本身的标识信息。

  • 安装证书

    • .pem 格式的证书文件拷贝到 /usr/local/share/ca-certificates/ 目录,然后运行以下命令:

      1
      sudo update-ca-certificates

  1. macOS 系统中的证书位置

macOS 中,根证书存储在 钥匙串访问(Keychain Access)中。您可以通过 钥匙串访问 查看和管理根证书。

  • 证书存储位置

    • 系统钥匙串(System Keychain):存储系统信任的根证书。
    • 用户钥匙串(Login Keychain):存储用户自己添加或信任的证书。

  • 查看证书

    • 打开 钥匙串访问(Keychain Access),选择 系统根证书(System Roots),查看所有受信任的证书。

  • 安装证书

    • 将证书拖动到 钥匙串访问 中,或双击证书文件,系统会提示是否安装该证书。




openssl s_client

openssl s_client 命令的作用

openssl s_client 是一个用于测试和调试 SSL/TLS 连接的工具,它允许您与远程服务器建立 SSL/TLS 连接,并查看服务器返回的证书链、加密算法以及其他 SSL/TLS 协议信息。


命令的常用语法:

1
openssl s_client -connect <host>:<port> -showcerts
  • -connect <host>:<port>:指定要连接的远程服务器和端口(例如 api.push.apple.com:443)。
  • -showcerts:显示服务器返回的完整证书链。

openssl s_client 输出解读:

  • Certificate chain:显示服务器返回的证书链,包含服务器证书、中间证书和根证书。
  • SSL handshake:显示 SSL/TLS 握手过程中的详细信息。
  • Verification:显示证书验证结果,通常为 Verification: OK,表示证书验证成功。
  • Server certificate:显示服务器证书的详细信息,包括证书颁发者、有效期、主题等。
  • Cipher:显示所使用的加密算法。

示例:

1
openssl s_client -connect api.push.apple.com:443 -showcerts

此命令将连接到 api.push.apple.com 服务器的 443 端口(HTTPS),并显示其证书链。

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
guowei.gong@GJVXWHGXQ1 ~ % openssl s_client -connect api.push.apple.com:443 -showcerts

Connecting to 17.188.180.78
CONNECTED(00000006)
depth=2 C=GB, ST=Greater Manchester, L=Salford, O=Comodo CA Limited, CN=AAA Certificate Services
verify return:1
depth=1 CN=Apple Public Server RSA CA 12 - G1, O=Apple Inc., ST=California, C=US
verify return:1
depth=0 C=US, ST=California, O=Apple Inc., CN=api.push.apple.com
verify return:1
---
Certificate chain
 0 s:C=US, ST=California, O=Apple Inc., CN=api.push.apple.com
   i:CN=Apple Public Server RSA CA 12 - G1, O=Apple Inc., ST=California, C=US
   a:PKEY: rsaEncryption, 2048 (bit); sigalg: RSA-SHA256
   v:NotBefore: Jun 19 16:31:31 2024 GMT; NotAfter: Apr 10 00:00:00 2025 GMT
-----BEGIN CERTIFICATE-----
MIIHqjCCBpKgAwIBAgIQKiA7SuAYHNdvnlNP26uvTDANBgkqhkiG9w0BAQsFADBk
MSswKQYDVQQDEyJBcHBsZSBQdWJsaWMgU2VydmVyIFJTQSBDQSAxMiAtIEcxMRMw
EQYDVQQKEwpBcHBsZSBJbmMuMRMwEQYDVQQIEwpDYWxpZm9ybmlhMQswCQYDVQQG
EwJVUzAeFw0yNDA2MTkxNjMxMzFaFw0yNTA0MTAwMDAwMDBaMFQxCzAJBgNVBAYT
AlVTMRMwEQYDVQQIDApDYWxpZm9ybmlhMRMwEQYDVQQKDApBcHBsZSBJbmMuMRsw
GQYDVQQDDBJhcGkucHVzaC5hcHBsZS5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDdTItGsYBuFOd8MtrkwpLbUB0Oxt4vZFPEbuLzuNj0ZISbGfV7
Hbde6MUsSwe/Z9EqktYlayPvjwlqXdarBd1FuhJDz6S+KvI7Ib2pDqBAJc2yTesM
cd8NkAzgPDUEUPtfXjSQOG/NkkMS9lETbq+xijFVo67J31PpM2w7i7o7LPmDYslO
Ja94h6PSUNj6jvKXfBn7PDLuDPNkeGOmBabnmHO/7CIrMOI6nxdOPuE1tsZ2GrmC
GOFxHZXRVuSgkEeqtucMqEIerODJl2kCzzb/udem6cm2RW9KjvRDnVaMaK8xvLR8
95iCtvTCR9sMDalSTHPVQQztVBhsBXLV1hc9AgMBAAGjggRmMIIEYjAMBgNVHRMB
Af8EAjAAMB8GA1UdIwQYMBaAFB5cF5EFVwL8d1zjcEPsa/3d0thpMHgGCCsGAQUF
BwEBBGwwajAxBggrBgEFBQcwAoYlaHR0cDovL2NlcnRzLmFwcGxlLmNvbS9hcHNy
c2ExMmcxLmRlcjA1BggrBgEFBQcwAYYpaHR0cDovL29jc3AuYXBwbGUuY29tL29j
c3AwMy1hcHNyc2ExMmcxMDEwgcoGA1UdEQSBwjCBv4ISYXBpLnB1c2guYXBwbGUu
Y29tghVtci1hcGkucHVzaC5hcHBsZS5jb22CGGFwaS1jYXJyeS5wdXNoLmFwcGxl
LmNvbYIVbXMtYXBpLnB1c2guYXBwbGUuY29tghVwdi1hcGkucHVzaC5hcHBsZS5j
b22CFWFwaS1jbi5wdXNoLmFwcGxlLmNvbYIVc3QtYXBpLnB1c2guYXBwbGUuY29t
ghxhcGktYnJvYWRjYXN0LnB1c2guYXBwbGUuY29tMGIGA1UdIARbMFkwSQYGZ4EM
AQICMD8wPQYIKwYBBQUHAgEWMWh0dHBzOi8vd3d3LmFwcGxlLmNvbS9jZXJ0aWZp
Y2F0ZWF1dGhvcml0eS9wdWJsaWMwDAYKKoZIhvdjZAULBDATBgNVHSUEDDAKBggr
BgEFBQcDATA0BgNVHR8ELTArMCmgJ6AlhiNodHRwOi8vY3JsLmFwcGxlLmNvbS9h
cHNyc2ExMmcxLmNybDAdBgNVHQ4EFgQU1ChZXxquxdC6SoKXhFmtc8t7llQwDgYD
VR0PAQH/BAQDAgWgMA8GCSqGSIb3Y2QGVgQCBQAwggH5BgorBgEEAdZ5AgQCBIIB
6QSCAeUB4wB3AH1ZHhLheCp7HGFnfF79+NCHXBSgTpWeuQMv2Q6MLnm4AAABkDFf
+coAAAQDAEgwRgIhAObiA+oBZXYO156kx74zGTaxDS4avyk6jYXtk9vHcujWAiEA
8keKJMIyXyIhMB4UFhEtRduzUL6ujSByT5uy7JirqaIAdgDM+w9qhXEJZf6Vm1PO
6bJ8IumFXA2XjbapflTA/kwNsAAAAZAxX/nBAAAEAwBHMEUCIQDkcmAG21vPbAJu
tpcff+8jo/VsVRMEc1Jgf1QOmXwlIwIgShPedMQXRAPnHQ+KhG5eWGnEf7m/PH7o
xhW5gjcnZi8AdwCi4wrkRe+9rZt+OO1HZ3dT14JbhJTXK14bLMS5UKRH5wAAAZAx
X/oiAAAEAwBIMEYCIQDKpKC72rD2spVQtsNTCjpOEsqoJ7EhNiirziuxOblx5AIh
AOjQmwTFcqXyIQ3eOGeLHlsyJnbU7A6ggfku942tgm1qAHcATnWjJ1yaEMM4W2zU
3z9S6x3w4I4bjWnAsfpksWKaOd8AAAGQMV/5rwAABAMASDBGAiEAscBazkEk2Wgt
6stYO3hoyEIS92P3evwIO2ttt4x4eGMCIQCMLK5TZTVQ0+V+lhMiTIR73P546FXe
AFYuxlI2EsStPDANBgkqhkiG9w0BAQsFAAOCAQEAoJhiEnrwyGZSzjn0FH+vnQY/
t7u6p75wY/W/7RJ0ed4fPywLYo7U4BnSVVHuM6Zfb4DRqZe8DQ4Nw2u1uMNUbJlU
6YQkg7j+URWNzkOJVc2cuSgsaCY3ECCXQmWQGbZmHLlGUTMw5rP24PJekCvweuNs
GY086vOrireKtvs62g0i33c3wMo0PsobT0RViH3vJGh0/qkUqsY8tV14y7AlmiHD
aAI4bLWP3VlbPdelu8idp+XnGXd/QEgkxfG9AwwFex5FmhCloky5v0WTvioC4kfy
SMqIuLsBnWgk+wKk2CRXK6Xa65rbPVXo3RR4OSDn7skPF7epAOtqATzFJeO3Mw==
-----END CERTIFICATE-----
 1 s:CN=Apple Public Server RSA CA 12 - G1, O=Apple Inc., ST=California, C=US
   i:C=GB, ST=Greater Manchester, L=Salford, O=Comodo CA Limited, CN=AAA Certificate Services
   a:PKEY: rsaEncryption, 2048 (bit); sigalg: RSA-SHA256
   v:NotBefore: Jun 19 00:00:00 2019 GMT; NotAfter: Dec  6 23:59:59 2028 GMT
-----BEGIN CERTIFICATE-----
MIIEkDCCA3igAwIBAgIQCuSPIwEwZEGSWeHCmumNGDANBgkqhkiG9w0BAQsFADB7
MQswCQYDVQQGEwJHQjEbMBkGA1UECAwSR3JlYXRlciBNYW5jaGVzdGVyMRAwDgYD
VQQHDAdTYWxmb3JkMRowGAYDVQQKDBFDb21vZG8gQ0EgTGltaXRlZDEhMB8GA1UE
AwwYQUFBIENlcnRpZmljYXRlIFNlcnZpY2VzMB4XDTE5MDYxOTAwMDAwMFoXDTI4
MTIwNjIzNTk1OVowZDErMCkGA1UEAxMiQXBwbGUgUHVibGljIFNlcnZlciBSU0Eg
Q0EgMTIgLSBHMTETMBEGA1UEChMKQXBwbGUgSW5jLjETMBEGA1UECBMKQ2FsaWZv
cm5pYTELMAkGA1UEBhMCVVMwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIB
AQC9vhI3XrifeRWYC+x6U5sPCaYAPncBLBBsyQdt7ztiyROEG6fEKZG1tToZMES3
jtgqV+7RcBV9xX2jVeU+EwAnHkIpwoDWcte0gLfALL3hkVcwXJoJaojVF8mMHlJt
QYTr3FYkZ6FqALt/LFUxeis3/Zgtug7EoqBsZeF5g79lSZtZqcNLm+3NuvZUdAHB
GIzD++wVlOhy9IxahD/Z7eIkpuJTedYVpLmnX/fHq92gYoNHezlNN8vdILlsPV4k
IdrwTKso7II25Kha0/l3hx2xEBtUIQLMGxKF+fD9AjcYhSMqhTM5/2tyud4QJxIy
409Dj4OhNooHAxurBDHwV8ZlAgMBAAGjggElMIIBITAfBgNVHSMEGDAWgBSgEQoj
PpbxB+zirynvgqV/0DCktDAdBgNVHQ4EFgQUHlwXkQVXAvx3XONwQ+xr/d3S2Gkw
DgYDVR0PAQH/BAQDAgGGMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAh
BgNVHSAEGjAYMAwGCiqGSIb3Y2QFCwQwCAYGZ4EMAQICMBIGA1UdEwEB/wQIMAYB
Af8CAQAwQwYDVR0fBDwwOjA4oDagNIYyaHR0cDovL2NybC5jb21vZG9jYS5jb20v
QUFBQ2VydGlmaWNhdGVTZXJ2aWNlcy5jcmwwNAYIKwYBBQUHAQEEKDAmMCQGCCsG
AQUFBzABhhhodHRwOi8vb2NzcC5jb21vZG9jYS5jb20wDQYJKoZIhvcNAQELBQAD
ggEBAGa7XPTd+1lgnT/dDf2agLAIIXpbTn6XtEGMq9jovXbK076zHlQSWapd6Zd/
p/uWydwuTbd+cobkUTFZhKGMkY0e8gXgI2s09kQ0EfotFUOdQ7qf1U+UM7JIEZmD
gsTn9vBLNwbtwH9t6cvYxH//VhWyL07pPkfTFBVqvAprGZ9MgraZD2S9qYu9usfS
vuH4lr4b3NuZ7mh3zOs4aD3Omgx30DU8DV82LikGN4/MF+uDOGgHtPv0ozlvPrFc
8bsE+lTnjP199w5X+kPtpzrkjYPNrGxTg4nhugo6y+GPOCl00S+T/794oTq/HFlj
6IoOvOR7UaKo39qnYwA6Fs0F0to=
-----END CERTIFICATE-----
---
Server certificate
subject=C=US, ST=California, O=Apple Inc., CN=api.push.apple.com
issuer=CN=Apple Public Server RSA CA 12 - G1, O=Apple Inc., ST=California, C=US
---
Acceptable client certificate CA names
C=US, O=Apple Inc., OU=Apple Certification Authority, CN=Apple Root CA
CN=Apple Worldwide Developer Relations Certification Authority, OU=G4, O=Apple Inc., C=US
CN=Apple Application Integration 2 Certification Authority, OU=Apple Certification Authority, O=Apple Inc., C=US
CN=Apple Corporate Authentication CA 1, OU=Certification Authority, O=Apple Inc., C=US
C=US, O=Apple Inc., OU=Apple Worldwide Developer Relations, CN=Apple Worldwide Developer Relations Certification Authority
CN=Apple Corporate Root CA, OU=Certification Authority, O=Apple Inc., C=US
C=US, O=Apple Inc., OU=Apple Certification Authority, CN=Apple Application Integration Certification Authority
Requested Signature Algorithms: ECDSA+SHA256:RSA-PSS+SHA256:RSA+SHA256:ECDSA+SHA384:RSA-PSS+SHA384:RSA+SHA384:RSA-PSS+SHA512:RSA+SHA512:RSA+SHA1
Shared Requested Signature Algorithms: ECDSA+SHA256:RSA-PSS+SHA256:RSA+SHA256:ECDSA+SHA384:RSA-PSS+SHA384:RSA+SHA384:RSA-PSS+SHA512:RSA+SHA512
Peer signing digest: SHA256
Peer signature type: RSA-PSS
Server Temp Key: X25519, 253 bits
---
SSL handshake has read 4564 bytes and written 439 bytes
Verification: OK
---
New, TLSv1.3, Cipher is TLS_AES_256_GCM_SHA384
Protocol: TLSv1.3
Server public key is 2048 bit
This TLS version forbids renegotiation.
Compression: NONE
Expansion: NONE
No ALPN negotiated
Early data was not sent
Verify return code: 0 (ok)
---
---
Post-Handshake New Session Ticket arrived:
SSL-Session:
    Protocol  : TLSv1.3
    Cipher    : TLS_AES_256_GCM_SHA384
    Session-ID: C54814B61097CB6335B6AD6CCDEF4B3AAC14754BF85C03C056B33A188BD1D07B
    Session-ID-ctx: 
    Resumption PSK: A9674C3FDFF9E741D6345E090A4D12BACCED115D57AC1BE1797D1406702AE86D1D281E5D0F15AB10735F8F29A073FB4A
    PSK identity: None
    PSK identity hint: None
    SRP username: None
    TLS session ticket lifetime hint: 172800 (seconds)
    TLS session ticket:
    0000 - a5 8e ee fe 44 9d 87 ef-96 ac 2e a9 eb 89 64 d2   ....D.........d.
    0010 - bf 89 51 78 47 dd f8 4f-40 e9 42 04 57 65 70 2b   ..QxG..O@.B.Wep+
    0020 - 19 bb ec 0c 8e 43 ed e8-20 b0 55 c9 1c ab d5 c2   .....C.. .U.....
    0030 - f3 00 56 81 b9 10 70 fe-98 84 47 b7 e5 f3 4b 8a   ..V...p...G...K.
    0040 - f3 e9 09 72 7c 53 c9 df-d7 3e 97 7b 50 eb 80 8d   ...r|S...>.{P...
    0050 - 94 05 43 15 2a 3f 86 3b-b8 aa 0e 2e fd a6 16 aa   ..C.*?.;........
    0060 - ba 2a d3 68 cd cc 52 af-07 1c 5a 55 d2 9d 7c 90   .*.h..R...ZU..|.
    0070 - 13 a0 8b db 4c 46 a6 77-cd b1 bc 04 80 e9 9d 04   ....LF.w........
    0080 - 1e b4 78 eb 13 28 43 af-9a 4d 89 8e 82 3f 97 a1   ..x..(C..M...?..
    0090 - 36 e5 29 af f3 52 ef 0e-db 20 5b bf 43 d8 82 8a   6.)..R... [.C...
    00a0 - 8f 00 c8 69 4f f4 c0 19-c8 81 4c 4d 10 3d 73 6c   ...iO.....LM.=sl

    Start Time: 1737430470
    Timeout   : 7200 (sec)
    Verify return code: 0 (ok)
    Extended master secret: no
    Max Early Data: 0
---
read R BLOCK
---
Post-Handshake New Session Ticket arrived:
SSL-Session:
    Protocol  : TLSv1.3
    Cipher    : TLS_AES_256_GCM_SHA384
    Session-ID: 3733C569A0566154B52029C29BE0F7BF234BCA0F1BC90E8468CA3C6892FD7E0B
    Session-ID-ctx: 
    Resumption PSK: 0FE6D0700E5F948E1EB061CEB86C8B4F6ACA65EF778D8EDCCFB9D2148F5AEBD9780BDA752099A9503DD7E769D94E5B58
    PSK identity: None
    PSK identity hint: None
    SRP username: None
    TLS session ticket lifetime hint: 172800 (seconds)
    TLS session ticket:
    0000 - a5 8e ee fe 44 9d 87 ef-96 ac 2e a9 eb 89 64 d2   ....D.........d.
    0010 - 88 a5 e7 e8 f1 c4 65 1e-62 c5 c0 1d 75 ad a4 ba   ......e.b...u...
    0020 - 99 95 43 96 da 48 3b cd-48 c0 61 0e 89 e9 f3 5e   ..C..H;.H.a....^
    0030 - 9e d0 2c 20 18 69 4f a3-e2 88 26 86 be cc b3 35   .., .iO...&....5
    0040 - a5 d9 86 f1 d1 8c 48 9e-25 7e 37 09 6c e4 9b 51   ......H.%~7.l..Q
    0050 - a2 c3 37 44 0d df fe 8b-5d 9a 1b 46 58 06 6d 92   ..7D....]..FX.m.
    0060 - 10 a1 52 bb ed 58 ca d4-ac 8f 62 a8 f9 a5 31 66   ..R..X....b...1f
    0070 - a4 d4 df 46 7b f4 84 5b-f4 e3 32 f7 04 66 fd 0c   ...F{..[..2..f..
    0080 - 79 92 f3 d1 5d 11 3e 4b-f5 27 f8 28 9b 36 5f 30   y...].>K.'.(.6_0
    0090 - 19 ff 65 58 43 74 c7 2c-0c 35 47 38 ed fa 46 b4   ..eXCt.,.5G8..F.
    00a0 - 6a 52 81 6f 68 90 ae 5d-1e 28 8d 3d 91 94 cd 46   jR.oh..].(.=...F

    Start Time: 1737430470
    Timeout   : 7200 (sec)
    Verify return code: 0 (ok)
    Extended master secret: no
    Max Early Data: 0
---
read R BLOCK
@@
命令结果分析方法

执行 openssl s_client -connect api.push.apple.com:443 -showcerts 命令后,你会得到服务器的 SSL/TLS 连接详细信息以及证书链的输出。以下是如何解读该命令的结果:


  1. 连接信息

输出的开头部分会显示与服务器建立连接的情况,类似于:

1
CONNECTED(00000003)

这表示成功连接到目标主机的 443 端口(HTTPS 默认端口)。


  1. 证书链

接下来,命令会显示服务器证书以及中间证书的详细信息(如果有)。-showcerts 选项会打印出所有证书,包括服务器证书和任何中间证书。例如:

1
2
3
-----BEGIN CERTIFICATE-----
MIIDdzCCAl+gAwIBAgIEbH1ETjANBgkqhkiG9w0BAQsFADCBhDELMAkGA1UEBhMC...
-----END CERTIFICATE-----

每个证书段之间是 -----BEGIN CERTIFICATE----------END CERTIFICATE-----,它们表示证书的开始和结束。


  1. 证书的验证信息

每个证书都包含验证的层级。例如:

1
2
3
4
5
6
depth=2 C=GB, ST=Greater Manchester, L=Salford, O=Comodo CA Limited, CN=AAA Certificate Services
verify return:1
depth=1 CN=Apple Public Server RSA CA 12 - G1, O=Apple Inc., ST=California, C=US
verify return:1
depth=0 C=US, ST=California, O=Apple Inc., CN=api.push.apple.com
verify return:1

这里的 depth 是证书链的层级(depth=0 是服务器证书,depth=1 是中间证书,depth=2 是根证书)。verify return:1 表示验证成功。


  1. SSL/TLS 握手

在连接建立之后,接下来会显示关于 SSL/TLS 握手的详细信息,类似于:

1
SSL handshake has read 4564 bytes and written 439 bytes

这部分显示了 SSL/TLS 握手中读写的字节数。


  1. 证书有效性验证

如果服务器的证书经过了正确的验证并且是可信的,输出会显示:

1
Verify return code: 0 (ok)

这意味着证书被成功验证,没有问题。如果验证失败,返回的错误码会更高,例如:

1
Verify return code: 18 (self signed certificate)

Verify return code: 18 表示证书是自签名证书,因此无法通过公共证书颁发机构的验证。


  1. 加密算法和密钥交换信息

输出中还会包含与加密算法、密钥交换算法相关的信息。例如:

1
Cipher    : TLS_AES_256_GCM_SHA384

这里的 Cipher 是当前会话使用的加密套件,表示加密通信的具体算法。


  1. 握手和证书验证通过
1
2
3
4
---
SSL handshake has read 4564 bytes and written 439 bytes
Verification: OK
---
  • SSL handshake has read 4564 bytes and written 439 bytes: 这表示在 SSL/TLS 握手过程中,客户端与服务器之间交换了数据。read 4564 bytes 表示客户端从服务器读取了 4564 字节的数据(包括证书和其他握手消息),written 439 bytes 表示客户端发送了 439 字节的数据(包括客户端的证书请求、加密参数等)。
  • Verification: OK: 这一行表示证书验证通过,即客户端成功验证了服务器的证书,包括验证证书的签名、有效期、颁发机构(CA)等信息。如果验证失败,这里会显示相关的错误信息或警告。

总结

  • CONNECTED:显示连接状态。
  • 证书链:显示服务器证书和中间证书。
  • 验证信息:证书的验证过程,查看是否通过验证。
  • SSL/TLS 握手:有关握手过程的字节数。
  • 证书验证代码:显示证书的验证结果。
  • 加密套件:显示当前使用的加密套件。

你可以通过这些信息来检查与服务器的 SSL/TLS 连接是否成功,以及证书的有效性。




SS

https://www.koogua.com/article/139