这篇文章讨论了卡巴斯基反病毒个人根证书在 Firefox 中的使用,哪个 CA 为 https://www.google.com 颁发了证书。
我的问题是(除了 google.com 以外)是否可以查看网站本身的 SSL 证书?
我不想禁用此功能,但据我所知,您只能查看卡巴斯基根证书。
答案1
使用卡巴斯基反病毒个人根证书时,可以查看网站的证书吗?
... 是否可以查看网站本身的 SSL 证书?
你应该可以,但你必须在浏览器之外进行。例如,这是 Google 使用 OpenSSL 的s_client
:
$ openssl s_client -connect www.google.com:443 -tls1 -servername www.google.com | openssl x509 -text -noout
...
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 3497310530607939837 (0x3088f165e61e80fd)
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=US, O=Google Inc, CN=Google Internet Authority G2
Validity
Not Before: Feb 11 11:17:05 2016 GMT
Not After : May 11 00:00:00 2016 GMT
Subject: C=US, ST=California, L=Mountain View, O=Google Inc, CN=www.google.com
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (2048 bit)
Modulus:
00:d4:90:20:6e:c9:e9:f7:1b:ce:57:59:b3:ee:45:
13:e1:e0:d1:7d:68:b2:05:69:c0:e1:0d:77:2c:89:
10:ea:b4:0a:d9:d5:5b:8d:a9:ac:9a:98:2b:b6:33:
1d:ba:53:8b:e0:1a:df:d9:01:fe:83:24:3f:6d:af:
0a:4b:c5:e0:de:75:7e:76:81:19:e0:c4:a8:ae:1f:
09:21:40:31:43:a7:52:d7:53:9c:f2:69:cc:2f:78:
ef:39:d8:ad:d4:b2:4b:7d:8c:c5:70:8b:90:c7:48:
f9:57:c2:69:85:b9:ba:4b:cb:17:f4:b1:1a:a9:e6:
50:60:ca:78:5a:7a:16:91:44:a9:56:4e:59:0f:93:
0d:23:a1:53:3c:5b:47:38:9d:76:ff:f7:b2:c2:ce:
fd:09:d7:49:48:5e:39:fb:71:e8:b8:90:59:44:ed:
85:14:15:a1:4b:67:a7:66:40:3b:04:58:0a:6c:06:
aa:df:71:f2:02:74:82:14:ad:4c:98:5a:09:53:82:
1e:40:2b:36:78:7e:31:8e:36:20:c5:c8:59:9a:dd:
8b:8e:24:2b:9e:8d:4f:94:d6:6b:0d:a2:7e:5e:a4:
7d:14:ac:c0:8a:17:5c:7a:c8:00:46:9c:24:75:50:
a5:be:ec:51:d1:60:99:2f:6d:94:17:77:ce:63:09:
01:29
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Extended Key Usage:
TLS Web Server Authentication, TLS Web Client Authentication
X509v3 Subject Alternative Name:
DNS:www.google.com
Authority Information Access:
CA Issuers - URI:http://pki.google.com/GIAG2.crt
OCSP - URI:http://clients1.google.com/ocsp
X509v3 Subject Key Identifier:
4F:C7:02:93:EC:46:43:9C:34:43:03:3E:CB:18:CB:4E:7A:B4:0E:DE
X509v3 Basic Constraints: critical
CA:FALSE
X509v3 Authority Key Identifier:
keyid:4A:DD:06:16:1B:BC:F6:68:B5:76:F5:81:B6:BB:62:1A:BA:5A:81:2F
X509v3 Certificate Policies:
Policy: 1.3.6.1.4.1.11129.2.5.1
Policy: 2.23.140.1.2.2
X509v3 CRL Distribution Points:
Full Name:
URI:http://pki.google.com/GIAG2.crl
Signature Algorithm: sha256WithRSAEncryption
19:5a:93:63:e9:3b:8a:f2:80:01:70:a9:02:8a:51:84:23:3b:
94:77:9b:4a:e1:38:d4:a1:8c:51:1d:67:79:a1:03:b5:1f:0d:
c7:77:d8:52:64:92:55:77:c0:d9:0e:1c:6a:ff:f2:a9:56:04:
66:90:66:ca:e1:21:4a:45:cd:06:09:64:23:58:75:3f:84:23:
7b:d1:c9:bb:d8:b2:d0:4f:f2:4a:09:9d:6e:cf:14:2a:8b:8e:
52:f7:a6:8b:16:14:bc:13:71:e7:b0:50:e8:a0:04:c0:c7:c6:
89:13:67:19:a0:41:da:99:83:48:bb:ed:e3:f5:b4:29:bf:bc:
2b:95:2c:3b:54:ca:cf:5a:df:00:51:47:2d:cd:5a:7d:fb:e0:
15:bf:34:9e:a0:8b:ff:ba:80:57:e0:d3:c5:71:12:df:48:49:
98:13:d1:95:ef:68:b4:f4:50:77:0e:51:3e:98:e5:8f:31:57:
a4:6a:8f:73:0b:9d:b4:ec:db:4d:04:c2:6a:ad:ec:5c:ac:02:
3a:0a:c1:96:f3:2a:53:02:f3:7a:19:94:17:80:ff:0f:4e:5d:
19:f4:b9:18:ba:89:dd:62:5d:01:39:da:4a:28:f8:32:39:84:
69:ef:5d:3b:5c:d0:9d:38:10:30:93:7b:2c:ee:0b:a2:9f:e5:
17:0c:cf:81
您可以清除验证错误:num=20:无法获取本地颁发者证书使用选项的问题-CAfile
:
$ openssl s_client -connect www.google.com:443 -tls1 -servername www.google.com -CAfile GeoTrust-Root.pem