当服务器有多个证书时,哪个证书具有公钥?

Posted

tags:

篇首语:本文由小常识网(cha138.com)小编为大家整理,主要介绍了当服务器有多个证书时,哪个证书具有公钥?相关的知识,希望对你有一定的参考价值。

我想拥有服务器的公钥。管理服务器的团队告诉我,我可以使用openssl提取证书,例如用命令

openssl s_client -connect hostAddress.org:443 -showcerts

并且此证书将具有公钥。

使用上面的命令,我得到3个证书。该命令的完整输出是:

depth=2 C = US, O = DigiCert Inc, OU = www.digicert.com, CN = DigiCert Assured ID Root CA
verify error:num=19:self signed certificate in certificate chain
---
Certificate chain
 0 s:/C=CZ/L=Praha/O=CESNET/CN=hostAddress
   i:/C=NL/ST=Noord-Holland/L=Amsterdam/O=TERENA/CN=TERENA SSL CA 3
-----BEGIN CERTIFICATE-----
      SOME TEXT 
-----END CERTIFICATE-----
 1 s:/C=NL/ST=Noord-Holland/L=Amsterdam/O=TERENA/CN=TERENA SSL CA 3
   i:/C=US/O=DigiCert Inc/OU=www.digicert.com/CN=DigiCert Assured ID Root CA
-----BEGIN CERTIFICATE-----
      SOME TEXT
-----END CERTIFICATE-----
 2 s:/C=US/O=DigiCert Inc/OU=www.digicert.com/CN=DigiCert Assured ID Root CA
   i:/C=US/O=DigiCert Inc/OU=www.digicert.com/CN=DigiCert Assured ID Root CA
-----BEGIN CERTIFICATE-----
       SOME TEXT
-----END CERTIFICATE-------
Server certificate
subject=/C=CZ/L=Praha/O=CESNET/CN=hostAddress
issuer=/C=NL/ST=Noord-Holland/L=Amsterdam/O=TERENA/CN=TERENA SSL CA 3
---
No client certificate CA names sent
Peer signing digest: SHA512
Server Temp Key: ECDH, P-256, 256 bits
---
SSL handshake has read 5097 bytes and written 489 bytes
---
New, TLSv1/SSLv3, Cipher is ECDHE-RSA-AES256-SHA384
Server public key is 4096 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
SSL-Session:
    Protocol  : TLSv1.2
    Cipher    : ECDHE-RSA-AES256-SHA384
    Session-ID: 5B9A6ACCEFE2608E33AEE1FAF8F3136A7C41D081416F885613A0C48A4D9556CD
    Session-ID-ctx:
    Master-Key: 83D7239981A232F1AB175F2F4980B1D6B7B1D4109878022A8FE8B3D2CD95F14D33AB2112E5F27CD1D508CE3D5EE34854
    Key-Arg   : None
    PSK identity: None
    PSK identity hint: None
    SRP username: None
    Start Time: 1536846540
    Timeout   : 300 (sec)
    Verify return code: 19 (self signed certificate in certificate chain)

从这3个证书中,我如何知道哪一个拥有主机的公钥?

答案

标记为0的证书是服务器证书。标记为1的证书是颁发服务器证书的证书颁发机构(CA)的证书(等等),直到最后一个(有点标准的“2”),这是根证书,其中“哦,我相信这“已成立。

所以,你正在寻找第一个。

以上是关于当服务器有多个证书时,哪个证书具有公钥?的主要内容,如果未能解决你的问题,请参考以下文章

使用公钥证书激活产品

公钥与证书服务---学习笔记(预习)

如何获取颁发者证书的指纹或公钥?

关于公钥私钥是否可以互相加解密的理解(附苹果开发者证书配置时非对称加密算法的应用)

国密证书双向认证客户端发送哪个

在 Servlet 中读取客户端证书