ssl证书相关

最新推荐文章于 2022-05-18 16:45:43 发布
最新推荐文章于 2022-05-18 16:45:43 发布
阅读量851 收藏
点赞数
文章标签: python
原文链接:https://my.oschina.net/u/853533/blog/215613
版权

2019独角兽企业重金招聘Python工程师标准>>> hot3.png

SSL_connect:SSLv2/v3 write client hello A
SSL_connect:SSLv3 read server hello A
depth=0 /ST=\x00B\x00e\x00i\x00j\x00i\x00n\x00g/CN=\x00a\x00p\x00p\x00t\x00e\x00
s\x00t\x00n\x00s\x00f\x00o\x00c\x00u\x00s\x00.\x00c\x00n\x00p\x00c/serialNumber=
\x00S\x000\x000\x000\x000\x000\x000\x007\x006\x002
verify error:num=20:unable to get local issuer certificate
verify return:1
depth=0 /ST=\x00B\x00e\x00i\x00j\x00i\x00n\x00g/CN=\x00a\x00p\x00p\x00t\x00e\x00
s\x00t\x00n\x00s\x00f\x00o\x00c\x00u\x00s\x00.\x00c\x00n\x00p\x00c/serialNumber=
\x00S\x000\x000\x000\x000\x000\x000\x007\x006\x002
verify error:num=27:certificate not trusted
verify return:1
depth=0 /ST=\x00B\x00e\x00i\x00j\x00i\x00n\x00g/CN=\x00a\x00p\x00p\x00t\x00e\x00
s\x00t\x00n\x00s\x00f\x00o\x00c\x00u\x00s\x00.\x00c\x00n\x00p\x00c/serialNumber=
\x00S\x000\x000\x000\x000\x000\x000\x007\x006\x002
verify error:num=21:unable to verify the first certificate
verify return:1
SSL_connect:SSLv3 read server certificate A
SSL_connect:SSLv3 read server key exchange A
SSL_connect:SSLv3 read server certificate request A
SSL_connect:SSLv3 read server done A
SSL_connect:SSLv3 write client certificate A
SSL_connect:SSLv3 write client key exchange A
SSL_connect:SSLv3 write change cipher spec A
SSL_connect:SSLv3 write finished A
SSL_connect:SSLv3 flush data
SSL_connect:SSLv3 read finished A
---
Certificate chain
 0 s:/ST=\x00B\x00e\x00i\x00j\x00i\x00n\x00g/CN=\x00a\x00p\x00p\x00t\x00e\x00s\x
00t\x00n\x00s\x00f\x00o\x00c\x00u\x00s\x00.\x00c\x00n\x00p\x00c/serialNumber=\x0
0S\x000\x000\x000\x000\x000\x000\x007\x006\x002
   i:/CN=N-V\xFDw\xF3l\xB9\x8B\xA4\x8B\xC1N-_\xC3\x00(\x00T\x00E\x00S\x00T\x00)/
serialNumber=\x00S\x001\x000\x001
-----BEGIN CERTIFICATE-----
MIIDZTCCAs6gAwIBAgICTUkwDQYJKoZIhvcNAQEFBQAwOjElMCMGA1UEAx4cTi1W
/XfzbLmLpIvBTi1fwwAoAFQARQBTAFQAKTERMA8GA1UEBR4IAFMAMQAwADEwIhgP
MjAxNDA0MDIwMDAwMDBaGA8yMDIzMDUyMTAwMDAwMFowaTEXMBUGA1UECB4OAEIA
ZQBpAGoAaQBuAGcxLzAtBgNVBAMeJgBhAHAAcAB0AGUAcwB0AG4AcwBmAG8AYwB1
AHMALgBjAG4AcABjMR0wGwYDVQQFHhQAUwAwADAAMAAwADAAMAA3ADYAMjCBnzAN
BgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAxbjOLm9a5suCg8AQiDMULVjbsMxHzome
d+u8nSmmUvCNTabOrCtR0fuIT9irdlbvE4ZZYmPHCGqn3KciYiZ23KYDUlt0XN2C
3R4lz2NVzHn2FxH9DDC0KhvMzpuWyY4JqQsPGDxuBZ4e3rbN+REhZyvV5rK0k2Qx
BlihtRj1dY8CAwEAAaOCAUUwggFBMA4GA1UdDwEB/wQEAwIE8DAfBgNVHSMEGDAW
gBT3pw41tPN8HQq3yfskSfHvUebeHjAdBgNVHQ4EFgQU4zyDgE4mIrbvRVGum0sP
4B0JkgcwdwYDVR0fBHAwbjBsoGqgaIZmbGRhcDovLzEwLjIxLjE0LjQ3OjM4OS9v
dT1jcmwwMDAsb3U9Y3JsLGRjPWNucGMsZGM9Y29tLGRjPWNuP2NlcnRpZmljYXRl
UmV2b2NhdGlvbkxpc3QsKj9zdWI/Y249Y3JsMDAwMBoGCisGAQQBqUNkBQYEDBYK
UzAwMDAwMDc2MjAaBgorBgEEAalDZAUJBAwWClMwMDAwMDA3NjIwKgYKKwYBBAGp
Q2QCBAQcFhrW0Ln6yq/TzdTL06pDQdakyum53MDt1tDQxDASBgorBgEEAalDZAIB
BAQWAjE5MA0GCSqGSIb3DQEBBQUAA4GBAGDN7bBqPxi/U4JY4R5W1uNZ4Yx2bp4X
eeAFHdES2kp5LaSQuvU9ycctHLAOpcQgDsTIH4REdBkKHflvuEIR6DzfXT7r9h63
+/Z03Qn7OTMdSIt9rOimjM7WTYuZI7Cx2xvo91/Bn4qCWoNG33C7U+s38RQZQ2yA
2SBlzs0u9eyj
-----END CERTIFICATE-----
 1 s:/C=CN/ST=sc/O=nsfocus/OU=nsfocus/CN=apache
   i:/C=CN/ST=sc/L=cd/O=nsfocus/OU=nsfocus/CN=nsfocus
-----BEGIN CERTIFICATE-----
MIIC5TCCAk6gAwIBAgIBBjANBgkqhkiG9w0BAQUFADBdMQswCQYDVQQGEwJDTjEL
MAkGA1UECBMCc2MxCzAJBgNVBAcTAmNkMRAwDgYDVQQKEwduc2ZvY3VzMRAwDgYD
VQQLEwduc2ZvY3VzMRAwDgYDVQQDEwduc2ZvY3VzMB4XDTE0MDQwMjEyNDgzMFoX
DTE1MDQwMjEyNDgzMFowTzELMAkGA1UEBhMCQ04xCzAJBgNVBAgTAnNjMRAwDgYD
VQQKEwduc2ZvY3VzMRAwDgYDVQQLEwduc2ZvY3VzMQ8wDQYDVQQDEwZhcGFjaGUw
gZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAOi0DSRyI4h/pmy3LunN8sIG3Dgn
ECfclhANX98yWxFbKdjPKevOxpE2eOVoMt8N2+YDrtH10fYTk3phRRqdS6gz3gX2
I+WerW24k4fRXXwdYOWS4KWctxELwvo0eUlrxytWP4PelshdA57KwzUPPu20TcBV
eQlNol+APO7V82KnAgMBAAGjgcIwgb8wHQYDVR0OBBYEFLVTdlh8A+uSuBNUuDzV
ITWj08ntMIGPBgNVHSMEgYcwgYSAFF2xtiNEVHbEL5tvk34mvR6O1OyroWGkXzBd
MQswCQYDVQQGEwJDTjELMAkGA1UECBMCc2MxCzAJBgNVBAcTAmNkMRAwDgYDVQQK
Ewduc2ZvY3VzMRAwDgYDVQQLEwduc2ZvY3VzMRAwDgYDVQQDEwduc2ZvY3VzggkA
0LyphOPaBrowDAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQUFAAOBgQCaYcfYd11g
32mxHspisK2tpSBfYvy9kuZlYuDSDx4Qqo2W6OrrGKVrNDKD/fjAeCWJVB1Oek1O
jSNbf1IlnfdCsaUmXbHKfYVk10vNTlm/5tPCwfvHj0nuAtS9nSlLL6Cy6uPSlpPf
ppyuKVndw0rYPAWoP7aYDbqsbaVPmKBgmg==
-----END CERTIFICATE-----
 2 s:/C=CN/ST=sc/L=cd/O=nsfocus/OU=nsfocus/CN=nsfocus
   i:/C=CN/ST=sc/L=cd/O=nsfocus/OU=nsfocus/CN=nsfocus
-----BEGIN CERTIFICATE-----
MIIC+zCCAmSgAwIBAgIJANC8qYTj2ga6MA0GCSqGSIb3DQEBBQUAMF0xCzAJBgNV
BAYTAkNOMQswCQYDVQQIEwJzYzELMAkGA1UEBxMCY2QxEDAOBgNVBAoTB25zZm9j
dXMxEDAOBgNVBAsTB25zZm9jdXMxEDAOBgNVBAMTB25zZm9jdXMwHhcNMTQwNDAy
MTAzNjMxWhcNMTQwNTAyMTAzNjMxWjBdMQswCQYDVQQGEwJDTjELMAkGA1UECBMC
c2MxCzAJBgNVBAcTAmNkMRAwDgYDVQQKEwduc2ZvY3VzMRAwDgYDVQQLEwduc2Zv
Y3VzMRAwDgYDVQQDEwduc2ZvY3VzMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKB
gQDtronQHDcneaBIoHjmeezqpiFdKUR+ZHIGOJ6+jsnJ3fw0cJ1wZqXcwwxNTUOm
fjPVhMgIUf3kPfPeSA1AxOdTPYKWZ9PTbiJZBSDJkcJdEFk8HNeR4qvX6uyQZlI2
nCzIGAIbNBacoIqcv77V56pke3REQaWybr+uAkb3YE5jaQIDAQABo4HCMIG/MB0G
A1UdDgQWBBRdsbYjRFR2xC+bb5N+Jr0ejtTsqzCBjwYDVR0jBIGHMIGEgBRdsbYj
RFR2xC+bb5N+Jr0ejtTsq6FhpF8wXTELMAkGA1UEBhMCQ04xCzAJBgNVBAgTAnNj
MQswCQYDVQQHEwJjZDEQMA4GA1UEChMHbnNmb2N1czEQMA4GA1UECxMHbnNmb2N1
czEQMA4GA1UEAxMHbnNmb2N1c4IJANC8qYTj2ga6MAwGA1UdEwQFMAMBAf8wDQYJ
KoZIhvcNAQEFBQADgYEAJ8+DmjHyX1bklaKc0rVpv85raSslEKYuyYrlCmaLU0gT
37pd12qPJqnmIEaMwGqLF7uyttp9hQnt6mgnyYNSHLwEksrvEbKqgsMzCogpvX+o
e/21T38dmLqr/voegt6kee1ba2sSO6d5Uee4lqvFGR3HiQKN+Hz8KwHWV2oR/Ek=
-----END CERTIFICATE-----
---
Server certificate
subject=/ST=\x00B\x00e\x00i\x00j\x00i\x00n\x00g/CN=\x00a\x00p\x00p\x00t\x00e\x00
s\x00t\x00n\x00s\x00f\x00o\x00c\x00u\x00s\x00.\x00c\x00n\x00p\x00c/serialNumber=
\x00S\x000\x000\x000\x000\x000\x000\x007\x006\x002
issuer=/CN=N-V\xFDw\xF3l\xB9\x8B\xA4\x8B\xC1N-_\xC3\x00(\x00T\x00E\x00S\x00T\x00
)/serialNumber=\x00S\x001\x000\x001
---
Acceptable client certificate CA names
/C=CN/ST=Beijing/L=Beijing/O=NSFOCUS Ltd./OU=CA/CN=NSFOCUS/emailAddress=support@
nsfocus.com
---
SSL handshake has read 3111 bytes and written 334 bytes
---
New, TLSv1/SSLv3, Cipher is DHE-RSA-AES256-SHA
Server public key is 1024 bit
Compression: NONE
Expansion: NONE
SSL-Session:
    Protocol  : TLSv1
    Cipher    : DHE-RSA-AES256-SHA
    Session-ID: A225FE98F029F290F5E9412F257689812CB2979ED4908551DEE451CEDA8212D0

    Session-ID-ctx:
    Master-Key: 796DC7B16199E8E316F5C4AB9E15EE3C47F911A0FF345A95FAC0ABA80BDA8761
77BE4A1310921C04CA5E85B963EF2BDE
    Key-Arg   : None
    Start Time: 1396445187
    Timeout   : 300 (sec)
    Verify return code: 21 (unable to verify the first certificate)
---
SSL3 alert read:warning:close notify
closed
SSL3 alert write:warning:close notify

D:\wamp\bin\apache\apache2.2.8\bin>openssl s_client -connect 10.245.34.73:443 -s
howcerts -state -CAfile chain2.pem
Loading 'screen' into random state - done
CONNECTED(000000D8)
SSL_connect:before/connect initialization
SSL_connect:SSLv2/v3 write client hello A
SSL_connect:SSLv3 read server hello A
depth=2 /C=CN/ST=sc/L=cd/O=nsfocus/OU=nsfocus/CN=nsfocus
verify return:1
depth=1 /C=CN/ST=sc/O=nsfocus/OU=nsfocus/CN=apache
verify return:1
depth=0 /C=CN/ST=sc/O=nsfocus/OU=nsfocus/CN=client
verify return:1
SSL_connect:SSLv3 read server certificate A
SSL_connect:SSLv3 read server key exchange A
SSL_connect:SSLv3 read server certificate request A
SSL_connect:SSLv3 read server done A
SSL_connect:SSLv3 write client certificate A
SSL_connect:SSLv3 write client key exchange A
SSL_connect:SSLv3 write change cipher spec A
SSL_connect:SSLv3 write finished A
SSL_connect:SSLv3 flush data
SSL_connect:SSLv3 read finished A
---
Certificate chain
 0 s:/C=CN/ST=sc/O=nsfocus/OU=nsfocus/CN=client
   i:/C=CN/ST=sc/O=nsfocus/OU=nsfocus/CN=apache
-----BEGIN CERTIFICATE-----
MIICSzCCAbSgAwIBAgIBBzANBgkqhkiG9w0BAQUFADBPMQswCQYDVQQGEwJDTjEL
MAkGA1UECBMCc2MxEDAOBgNVBAoTB25zZm9jdXMxEDAOBgNVBAsTB25zZm9jdXMx
DzANBgNVBAMTBmFwYWNoZTAeFw0xNDA0MDIxMjUzMzlaFw0xNTA0MDIxMjUzMzla
ME8xCzAJBgNVBAYTAkNOMQswCQYDVQQIEwJzYzEQMA4GA1UEChMHbnNmb2N1czEQ
MA4GA1UECxMHbnNmb2N1czEPMA0GA1UEAxMGY2xpZW50MFwwDQYJKoZIhvcNAQEB
BQADSwAwSAJBANXEwV+TOF7tVCmOpk1nH9kHzd4VjlGiCB5CG/c4hdwWKn2SXTPb
hXwT4Zdz5On1ZTJImCLHo0NxZh8dhqpSKrsCAwEAAaN7MHkwCQYDVR0TBAIwADAs
BglghkgBhvhCAQ0EHxYdT3BlblNTTCBHZW5lcmF0ZWQgQ2VydGlmaWNhdGUwHQYD
VR0OBBYEFBlprifwOrX5PVWzps0JZ97i71XkMB8GA1UdIwQYMBaAFLVTdlh8A+uS
uBNUuDzVITWj08ntMA0GCSqGSIb3DQEBBQUAA4GBANWrn94CCRWL98pYVRmJyiUe
L2NvrCwdwA+b3Ay6jkisX7GH1DWLxNtbVTZupZSBg/INmxW7Sqa/BzGsJpjl+oW1
x+K82kF25eZqpixq9+byy9j4lXAbyrNt44U782wkJ0s6V6m3m4p8GnmJIIQGcGgE
JRVZXGoRdvpWwiIGGqr5
-----END CERTIFICATE-----
 1 s:/C=CN/ST=sc/O=nsfocus/OU=nsfocus/CN=apache
   i:/C=CN/ST=sc/L=cd/O=nsfocus/OU=nsfocus/CN=nsfocus
-----BEGIN CERTIFICATE-----
MIIC5TCCAk6gAwIBAgIBBjANBgkqhkiG9w0BAQUFADBdMQswCQYDVQQGEwJDTjEL
MAkGA1UECBMCc2MxCzAJBgNVBAcTAmNkMRAwDgYDVQQKEwduc2ZvY3VzMRAwDgYD
VQQLEwduc2ZvY3VzMRAwDgYDVQQDEwduc2ZvY3VzMB4XDTE0MDQwMjEyNDgzMFoX
DTE1MDQwMjEyNDgzMFowTzELMAkGA1UEBhMCQ04xCzAJBgNVBAgTAnNjMRAwDgYD
VQQKEwduc2ZvY3VzMRAwDgYDVQQLEwduc2ZvY3VzMQ8wDQYDVQQDEwZhcGFjaGUw
gZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAOi0DSRyI4h/pmy3LunN8sIG3Dgn
ECfclhANX98yWxFbKdjPKevOxpE2eOVoMt8N2+YDrtH10fYTk3phRRqdS6gz3gX2
I+WerW24k4fRXXwdYOWS4KWctxELwvo0eUlrxytWP4PelshdA57KwzUPPu20TcBV
eQlNol+APO7V82KnAgMBAAGjgcIwgb8wHQYDVR0OBBYEFLVTdlh8A+uSuBNUuDzV
ITWj08ntMIGPBgNVHSMEgYcwgYSAFF2xtiNEVHbEL5tvk34mvR6O1OyroWGkXzBd
MQswCQYDVQQGEwJDTjELMAkGA1UECBMCc2MxCzAJBgNVBAcTAmNkMRAwDgYDVQQK
Ewduc2ZvY3VzMRAwDgYDVQQLEwduc2ZvY3VzMRAwDgYDVQQDEwduc2ZvY3VzggkA
0LyphOPaBrowDAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQUFAAOBgQCaYcfYd11g
32mxHspisK2tpSBfYvy9kuZlYuDSDx4Qqo2W6OrrGKVrNDKD/fjAeCWJVB1Oek1O
jSNbf1IlnfdCsaUmXbHKfYVk10vNTlm/5tPCwfvHj0nuAtS9nSlLL6Cy6uPSlpPf
ppyuKVndw0rYPAWoP7aYDbqsbaVPmKBgmg==
-----END CERTIFICATE-----
 2 s:/C=CN/ST=sc/L=cd/O=nsfocus/OU=nsfocus/CN=nsfocus
   i:/C=CN/ST=sc/L=cd/O=nsfocus/OU=nsfocus/CN=nsfocus
-----BEGIN CERTIFICATE-----
MIIC+zCCAmSgAwIBAgIJANC8qYTj2ga6MA0GCSqGSIb3DQEBBQUAMF0xCzAJBgNV
BAYTAkNOMQswCQYDVQQIEwJzYzELMAkGA1UEBxMCY2QxEDAOBgNVBAoTB25zZm9j
dXMxEDAOBgNVBAsTB25zZm9jdXMxEDAOBgNVBAMTB25zZm9jdXMwHhcNMTQwNDAy
MTAzNjMxWhcNMTQwNTAyMTAzNjMxWjBdMQswCQYDVQQGEwJDTjELMAkGA1UECBMC
c2MxCzAJBgNVBAcTAmNkMRAwDgYDVQQKEwduc2ZvY3VzMRAwDgYDVQQLEwduc2Zv
Y3VzMRAwDgYDVQQDEwduc2ZvY3VzMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKB
gQDtronQHDcneaBIoHjmeezqpiFdKUR+ZHIGOJ6+jsnJ3fw0cJ1wZqXcwwxNTUOm
fjPVhMgIUf3kPfPeSA1AxOdTPYKWZ9PTbiJZBSDJkcJdEFk8HNeR4qvX6uyQZlI2
nCzIGAIbNBacoIqcv77V56pke3REQaWybr+uAkb3YE5jaQIDAQABo4HCMIG/MB0G
A1UdDgQWBBRdsbYjRFR2xC+bb5N+Jr0ejtTsqzCBjwYDVR0jBIGHMIGEgBRdsbYj
RFR2xC+bb5N+Jr0ejtTsq6FhpF8wXTELMAkGA1UEBhMCQ04xCzAJBgNVBAgTAnNj
MQswCQYDVQQHEwJjZDEQMA4GA1UEChMHbnNmb2N1czEQMA4GA1UECxMHbnNmb2N1
czEQMA4GA1UEAxMHbnNmb2N1c4IJANC8qYTj2ga6MAwGA1UdEwQFMAMBAf8wDQYJ
KoZIhvcNAQEFBQADgYEAJ8+DmjHyX1bklaKc0rVpv85raSslEKYuyYrlCmaLU0gT
37pd12qPJqnmIEaMwGqLF7uyttp9hQnt6mgnyYNSHLwEksrvEbKqgsMzCogpvX+o
e/21T38dmLqr/voegt6kee1ba2sSO6d5Uee4lqvFGR3HiQKN+Hz8KwHWV2oR/Ek=
-----END CERTIFICATE-----
---
Server certificate
subject=/C=CN/ST=sc/O=nsfocus/OU=nsfocus/CN=client
issuer=/C=CN/ST=sc/O=nsfocus/OU=nsfocus/CN=apache
---
Acceptable client certificate CA names
/C=CN/ST=Beijing/L=Beijing/O=NSFOCUS Ltd./OU=CA/CN=NSFOCUS/emailAddress=support@
nsfocus.com
---
SSL handshake has read 2765 bytes and written 334 bytes
---
New, TLSv1/SSLv3, Cipher is DHE-RSA-AES256-SHA
Server public key is 512 bit
Compression: NONE
Expansion: NONE
SSL-Session:
    Protocol  : TLSv1
    Cipher    : DHE-RSA-AES256-SHA
    Session-ID: ACDA0FF7E269B595484FC83AE31F5E8D65A2D9AE1C36A9CB863EF4602A0975F7

    Session-ID-ctx:
    Master-Key: 7A0AF50C2EB9EADC1A492C9865A699775D8AEB9727FAF911BC1F911632D234A8
6A301F34B668E0EC9EAFC31BC1E1D756
    Key-Arg   : None
    Start Time: 1396445531
    Timeout   : 300 (sec)
    Verify return code: 0 (ok)
---
SSL3 alert read:warning:close notify
closed
SSL3 alert write:warning:close notify

D:\wamp\bin\apache\apache2.2.8\bin>openssl pkcs12 -export clcerts -in client.crt
 -inkey client.key -out client.pfx
Usage: pkcs12 [options]
where options are
-export       output PKCS12 file
-chain        add certificate chain
-inkey file   private key if not infile
-certfile f   add all certs in f
-CApath arg   - PEM format directory of CA's
-CAfile arg   - PEM format file of CA's
-name "name"  use name as friendly name
-caname "nm"  use nm as CA friendly name (can be used more than once).
-in  infile   input filename
-out outfile  output filename
-noout        don't output anything, just verify.
-nomacver     don't verify MAC.
-nocerts      don't output certificates.
-clcerts      only output client certificates.
-cacerts      only output CA certificates.
-nokeys       don't output private keys.
-info         give info about PKCS#12 structure.
-des          encrypt private keys with DES
-des3         encrypt private keys with triple DES (default)
-aes128, -aes192, -aes256
              encrypt PEM output with cbc aes
-nodes        don't encrypt private keys
-noiter       don't use encryption iteration
-maciter      use MAC iteration
-twopass      separate MAC, encryption passwords
-descert      encrypt PKCS#12 certificates with triple DES (default RC2-40)
-certpbe alg  specify certificate PBE algorithm (default RC2-40)
-keypbe alg   specify private key PBE algorithm (default 3DES)
-keyex        set MS key exchange type
-keysig       set MS key signature type
-password p   set import/export password source
-passin p     input file pass phrase source
-passout p    output file pass phrase source
-engine e     use engine e, possibly a hardware device.
-rand file;file;...
              load the file (or the files in the directory) into
              the random number generator

D:\wamp\bin\apache\apache2.2.8\bin>openssl pkcs12 -export -clcerts -in client.cr
t -inkey client.key -out client.pfx
Loading 'screen' into random state - done
Enter pass phrase for client.key:
Enter Export Password:
Verifying - Enter Export Password:

D:\wamp\bin\apache\apache2.2.8\bin>openssl x509 -in root.cer -out root.pem
unable to load certificate
131732:error:0906D06C:PEM routines:PEM_read_bio:no start line:.\crypto\pem\pem_l
ib.c:647:Expecting: TRUSTED CERTIFICATE

D:\wamp\bin\apache\apache2.2.8\bin>openssl pkcs12 -export -clcerts -in client.cr
t -inkey client.key -out client.pfx

转载于:https://my.oschina.net/u/853533/blog/215613

weixin_33949359
关注
  • 0
    点赞
  • 0
    收藏
    觉得还不错? 一键收藏
  • 0
    评论
本地ssl证书生成工具
03-19
本地ssl证书生成工具
检查服务器证书,ssl-用于检查服务器是否提供证书的OpenSSL命令
weixin_27966471的博客
07-31 2033
我试图运行openssl命令来缩小尝试从我们的系统发送出站消息时SSL问题的范围。我在另一个主题中找到了此命令:使用openssl从服务器获取证书openssl s_client -connect ip:port -prexit此输出结果为CONNECTED(00000003)15841:error:140790E5:SSL routines:SSL23_WRITE:ssl handshake f...
nginx配置https启动报错:Expecting: TRUSTED CERTIFICATE)
renzhehongyi的专栏
05-18 3952
问题:nginx配置https启动报错:Expecting: TRUSTED CERTIFICATE) nginx: [emerg] cannot load certificate "D:/certs/***.com.key": PEM_read_bio_X509_AUX() failed (SSL: error:0909006C:PEM routines:get_name:no start line:Expecting: TRUSTED CERTIFICATE) nginx: configuratio
读取cer证书报错
热门推荐
csj50的专栏
11-25 1万+
openssl x509 -in test.cer -noout -text 1、 报错: unable to load certificate 139858531157832:error:0906D06C:PEM routines:PEM_read_bio:no start line:pem_lib.c:703:Expecting: TRUSTED CERTIFICATE 原因: 头尾没有加标识 -----BEGIN CERTIFICATE----- -----END CERTIFICATE-----
关于SSL证书配置的问题总结
庹小智的博客
08-28 2418
1.SSL证书配置,首先去申请网站证书(阿里云可以申请免费版一年) 2.在服务器环境上检查确保安装了 ssl_mod模块,确保开启了扩展 3.以我的服务器为例,配置conf.d下的ssl.conf,配置如下 # # When we also provide SSL we have to listen to the # the HTTPS port in addition. # Liste...
OpenSSL学习(二十):基础-指令s_client
weixin_33981932的博客
08-12 811
为什么80%的码农都做不了架构师?>>> ...
kingbase SSL证书
04-15
kingbase SSL证书
ssl证书批量生成工具
03-19
ssl证书批量生成
SSL证书生成脚本文件
08-01
下载该证书,执行脚本,会生成证书文件。亲测有效
阿里云跨账号申请ssl证书签发
06-30
阿里云跨账号申请ssl证书签发-详细笔记总结
TLSv1.2 Alert (Level: Warning, Description: Close Notify)
weixin_30493321的博客
02-28 2068
先看一个HTTP数据包首部信息,下面的首部是HTTPS数据解密出来的。 GET / HTTP/1.1Host: xxx.comAccept: */*User-Agent: Mozilla/5.0 (Linux; U; Android 6.0; zh-CN; MI 5 Build/MRA58K) AppleWebKit/534.30 (KHTML, like Gecko) Version/4.0 ...
OpenSSL学习(二十):基础-指令s_client(方便查看与server交互的详细信息,我主要用于ssl证书双向认证)(好文章!)
HD243608836的博客
07-07 7255
用法: openssls_client[-connecthost:port>;][-verifydepth][-certfilename] [-keyfilename][-CApathdirectory][-CAfilefilename][-reconnect] [-pause][-showcerts][-debug][-nbio_test][-state][-nbio][-crlf] ...
SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed
风一流世的专栏
11-16 1514
前天使用salt命令部署服务时,一直显示如下错误: 172.16.97.179: - Rendering SLS 'qb:qb_bond_adapter_channel' failed: Jinja variable 'str' object has no attribute 'install_path' 查看master的日志文件:发现显示如下错误: #Command '/usr/bin/foreman-node 172.16.97.179' failed with return cod
SSL/TLS协议安全系列:SSL/TLS概述
forevertingting的博客
07-29 1970
GoSSIP_SJTU · 2015/05/08 10:39 一 前言 SSL/TLS协议是网络安全通信的重要基石,本系列将简单介绍SSL/TLS协议,主要关注SSL/TLS协议的安全性,特别是SSL规范的正确实现。 本系列的文章大体分为3个部分: SSL/TLS协议的基本流程 典型的针对SSL/TLS协议的攻击 SSL/TLS协议
trust CA 证书不完整导致return code: 21 (unable to verify the first certificate)
weixin_40455124的博客
07-05 1991
Self-signed CA在https请求时候会返回证书不可信,而trust CA如果不是完整(三段模式)的证书,那么在使用代码进行https访问时候的时候,会返回: return code: 21 (unable to verify the first certificate) 而web访问是没有问题。 如何检测是否完整,可以使用openssl s_client -showcerts -connect xxx.xxx.com:443 进行检测,以下为一个完整CA的示意 openssl s_client
应用 openssl 工具进行 SSL 故障分析
huanghuibo的专栏
11-28 2120
当前 SSL 协议有着广泛的运用,在 SSL 服务器的身份认证出现问题时,怎样才能有效快速的找出问题的根源呢?本文结合openssl 提供的命令行工具 s_client,罗列了多种认证失败的情况,并给出了问题诊断的方法。<br />SSL 握手协议<br />首先简单的介绍一下 SSL 协议建立连接的过程。如图 1 所示,主要有如下几个过程:<br /><br />图 1. SSL 身份认证及协商密钥的过程<br />客户端发起请求,包含一个hello消息,并附上客户端支持的密码算法和 SSL 协议的版本消
scrapy ssl证书
最新发布
07-28
Scrapy 是一个强大的 Python 爬虫框架,用于抓取和提取网站数据。当你使用 Scrapy 进行爬取时,可能会遇到 SSL 证书的问题。SSL 证书用于加密与网站之间的通信,以确保数据的安全性。在访问一些网站时,Scrapy 可能会因为无法验证服务器的 SSL 证书而抛出 SSL 错误。 要解决这个问题,你可以采取以下几种方法之一: 1. 忽略 SSL 错误:在 Scrapy 的设置中添加 `DOWNLOAD_HANDLERS` 配置,通过设置 `{'https': 'your_project_name.ignore_ssl.ErrorIgnoringContextFactory'}` 来忽略 SSL 错误。请注意,这种方法会导致数据传输不再安全,请谨慎使用。 2. 指定自定义的 SSL 证书:如果你拥有服务器的 SSL 证书,可以将其添加到 Scrapy 的设置中,以确保 Scrapy 可以验证服务器的证书。在 Scrapy 的设置中添加 `DOWNLOADER_CLIENTCONTEXTFACTORY` 配置,通过设置 `your_project_name.ssl.CustomContextFactory` 来指定自定义的 SSL 证书。 3. 使用代理:通过使用代理服务器来绕过 SSL 证书验证问题。你可以在 Scrapy 的设置中配置代理服务器信息,以便 Scrapy 发送请求时经过代理服务器。 请注意,在解决 SSL 证书问题时,务必确保你的操作符合相关法规和网站的使用条款,以及遵循伦理规范。

“相关推荐”对你有帮助么?

  • 非常没帮助
  • 没帮助
  • 一般
  • 有帮助
  • 非常有帮助
提交
评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值