有人可以解释一下为什么当我使用 openssl cli 检查 www.google.ca 证书时,结果与我在浏览器中看到的不同:
$ echo | openssl s_client -connect www.google.ca:443 |& openssl x509 -fingerprint -sha256 -noout SHA256 指纹=51:45:70:26:0D:90:83:07:99:BC:59:05:A9:87:0F:00:25:07:11:2F:49:BD:61:1A:88:E1:F7:7D:3D:1A:53:16
在我的浏览器中,证书是:
E0 0B 85 15 B2 53 84 09 C3 EE 2E CD 75 29 94 89 5D 0A 8F 75 0F 0F 94 0C D7 35 95 6A 50 AF 4D 5B
我的支票正在与 www.facebook.com 合作。
$ echo | openssl s_client -connect www.facebook.com:443 |& openssl x509 -fingerprint -sha256 -noout SHA256 指纹=A6:26:B1:54:CC:65:63:41:81:25:0B:81:0B:1B:D4:C8:9E:C2:77:CE:A0:8D:78:5E:EB:E7:E7:68:BD:A7:BB:00
我可以在 Chrome 中看到这个 SHA-256 指纹:
A6 26 B1 54 CC 65 63 41 81 25 0B 81 0B 1B D4 C8 9E C2 77 CE A0 8D 78 5E EB E7 E7 68 BD A7 BB 00
检查适用于 www.google.com,但不适用于其他顶级域名。我猜 Google 正在针对 .ca/.fr/.pl 做一些事情(总是相同的指纹?)...但我不明白细节。
感谢您的帮助。
编辑1
这是 www.google.pl 的详细证书:
$ echo | openssl s_client -connect www.google.pl:443 |& openssl x509 -fingerprint -sha256 -noout SHA256 指纹=51:45:70:26:0D:90:83:07:99:BC:59:05:A9:87:0F:00:25:07:11:2F:49:BD:61:1A:88:E1:F7:7D:3D:1A:53:16
$ echo | openssl s_client -connect www.google.pl:443 |& openssl x509 -text |more
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 717608466795509036 (0x9f575193728b52c)
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=US, O=Google Inc, CN=Google Internet Authority G2
Validity
Not Before: Mar 2 11:17:08 2016 GMT
Not After : May 31 00:00:00 2016 GMT
Subject: C=US, ST=California, L=Mountain View, O=Google Inc, CN=google.com
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (2048 bit)
Modulus:
00:c3:c7:c6:b6:eb:a9:d4:4e:76:f6:74:0b:77:dd:
1c:7c:91:85:00:55:60:f2:e9:9e:d8:b5:c7:b6:92:
93:46:8a:94:48:35:89:04:c0:b8:bf:56:d7:c0:f6:
a9:11:1c:74:a1:43:b9:e2:c8:24:12:9a:70:c7:5d:
c5:85:71:ca:a8:8d:a7:87:e3:5e:25:d9:72:db:49:
d0:ff:52:29:ab:ff:6b:25:7c:96:dc:5a:58:8e:b8:
b1:99:c3:12:3c:a2:8b:a9:5a:82:d7:3b:70:50:26:
1d:8c:75:a1:ce:b0:0c:50:9a:95:bc:19:2e:d6:60:
e9:8c:bd:03:aa:97:5d:23:ae:dc:ff:d9:c0:c7:82:
8f:5e:8a:11:b0:76:13:3d:13:28:99:8a:63:47:04:
06:9d:7b:77:7a:ab:38:ef:da:60:0d:01:58:6c:e4:
71:e8:c1:66:bb:b2:07:ee:6b:1d:3f:33:f0:48:06:
49:c3:fe:2e:58:89:5c:63:ff:3d:e5:fb:74:85:4f:
b0:55:a7:3c:e0:73:38:1b:dc:4e:55:66:60:9e:dd:
24:9d:5a:b7:b7:a3:33:42:04:ab:71:f1:0c:d7:ee:
f0:06:df:80:ad:e5:8f:d5:2f:c2:86:8a:98:8e:80:
f6:85:bb:26:2a:f5:5c:bc:ec:8d:c3:71:70:14:35:
b7:85
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Extended Key Usage:
TLS Web Server Authentication, TLS Web Client Authentication
X509v3 Subject Alternative Name:
DNS:google.com, DNS:*.2mdn.net, DNS:*.android.com, DNS:*.appengine.google.com, DNS:*.au.doubleclick.net, DNS:*.cc-dt.com, DNS:*.cloud.google.com, D
NS:*.de.doubleclick.net, DNS:*.doubleclick.com, DNS:*.doubleclick.net, DNS:*.fls.doubleclick.net, DNS:*.fr.doubleclick.net, DNS:*.google-analytics.com, DNS:*.googl
e.ac, DNS:*.google.ad, DNS:*.google.ae, DNS:*.google.af, DNS:*.google.ag, DNS:*.google.al, DNS:*.google.am, DNS:*.google.as, DNS:*.google.at, DNS:*.google.az, DNS:
*.google.ba, DNS:*.google.be, DNS:*.google.bf, DNS:*.google.bg, DNS:*.google.bi, DNS:*.google.bj, DNS:*.google.bs, DNS:*.google.bt, DNS:*.google.by, DNS:*.google.c
a, DNS:*.google.cat, DNS:*.google.cc, DNS:*.google.cd, DNS:*.google.cf, DNS:*.google.cg, DNS:*.google.ch, DNS:*.google.ci, DNS:*.google.cl, DNS:*.google.cm, DNS:*.
google.cn, DNS:*.google.co.ao, DNS:*.google.co.bw, DNS:*.google.co.ck, DNS:*.google.co.cr, DNS:*.google.co.hu, DNS:*.google.co.id, DNS:*.google.co.il, DNS:*.google
.co.im, DNS:*.google.co.in, DNS:*.google.co.je, DNS:*.google.co.jp, DNS:*.google.co.ke, DNS:*.google.co.kr, DNS:*.google.co.ls, DNS:*.google.co.ma, DNS:*.google.co
.mz, DNS:*.google.co.nz, DNS:*.google.co.th, DNS:*.google.co.tz, DNS:*.google.co.ug, DNS:*.google.co.uk, DNS:*.google.co.uz, DNS:*.google.co.ve, DNS:*.google.co.vi
, DNS:*.google.co.za, DNS:*.google.co.zm, DNS:*.google.co.zw, DNS:*.google.com, DNS:*.google.com.af, DNS:*.google.com.ag, DNS:*.google.com.ai, DNS:*.google.com.ar,
DNS:*.google.com.au, DNS:*.google.com.bd, DNS:*.google.com.bh, DNS:*.google.com.bn, DNS:*.google.com.bo, DNS:*.google.com.br, DNS:*.google.com.by, DNS:*.google.co
m.bz, DNS:*.google.com.cn, DNS:*.google.com.co, DNS:*.google.com.cu, DNS:*.google.com.cy, DNS:*.google.com.do, DNS:*.google.com.ec, DNS:*.google.com.eg, DNS:*.goog
le.com.et, DNS:*.google.com.fj, DNS:*.google.com.ge, DNS:*.google.com.gh, DNS:*.google.com.gi, DNS:*.google.com.gr, DNS:*.google.com.gt, DNS:*.google.com.hk, DNS:*
.google.com.iq, DNS:*.google.com.jm, DNS:*.google.com.jo, DNS:*.google.com.kh, DNS:*.google.com.kw, DNS:*.google.com.lb, DNS:*.google.com.ly, DNS:*.google.com.mm,
DNS:*.google.com.mt, DNS:*.google.com.mx, DNS:*.google.com.my, DNS:*.google.com.na, DNS:*.google.com.nf, DNS:*.google.com.ng, DNS:*.google.com.ni, DNS:*.google.com
.np, DNS:*.google.com.nr, DNS:*.google.com.om, DNS:*.google.com.pa, DNS:*.google.com.pe, DNS:*.google.com.pg, DNS:*.google.com.ph, DNS:*.google.com.pk, DNS:*.googl
e.com.pl, DNS:*.google.com.pr, DNS:*.google.com.py, DNS:*.google.com.qa, DNS:*.google.com.ru, DNS:*.google.com.sa, DNS:*.google.com.sb, DNS:*.google.com.sg, DNS:*.
google.com.sl, DNS:*.google.com.sv, DNS:*.google.com.tj, DNS:*.google.com.tn, DNS:*.google.com.tr, DNS:*.google.com.tw, DNS:*.google.com.ua, DNS:*.google.com.uy, D
NS:*.google.com.vc, DNS:*.google.com.ve, DNS:*.google.com.vn, DNS:*.google.cv, DNS:*.google.cz, DNS:*.google.de, DNS:*.google.dj, DNS:*.google.dk, DNS:*.google.dm,
DNS:*.google.dz, DNS:*.google.ee, DNS:*.google.es, DNS:*.google.eus, DNS:*.google.fi, DNS:*.google.fm, DNS:*.google.fr, DNS:*.google.frl, DNS:*.google.ga, DNS:*.g
oogle.gal, DNS:*.google.ge, DNS:*.google.gg, DNS:*.google.gl, DNS:*.google.gm, DNS:*.google.gp, DNS:*.google.gr, DNS:*.google.gy, DNS:*.google.hk, DNS:*.google.hn,
DNS:*.google.hr, DNS:*.google.ht, DNS:*.google.hu, DNS:*.google.ie, DNS:*.google.im, DNS:*.google.in, DNS:*.google.info, DNS:*.google.iq, DNS:*.google.ir, DNS:*.g
oogle.is, DNS:*.google.it, DNS:*.google.it.ao, DNS:*.google.je, DNS:*.google.jo, DNS:*.google.jobs, DNS:*.google.jp, DNS:*.google.kg, DNS:*.google.ki, DNS:*.google
.kz, DNS:*.google.la, DNS:*.google.li, DNS:*.google.lk, DNS:*.google.lt, DNS:*.google.lu, DNS:*.google.lv, DNS:*.google.md, DNS:*.google.me, DNS:*.google.mg, DNS:*
.google.mk, DNS:*.google.ml, DNS:*.google.mn, DNS:*.google.ms, DNS:*.google.mu, DNS:*.google.mv, DNS:*.google.mw, DNS:*.google.ne, DNS:*.google.ne.jp, DNS:*.google
.net, DNS:*.google.ng, DNS:*.google.nl, DNS:*.google.no, DNS:*.google.nr, DNS:*.google.nu, DNS:*.google.off.ai, DNS:*.google.pk, DNS:*.google.pl, DNS:*.google.pn,
DNS:*.google.ps, DNS:*.google.pt, DNS:*.google.ro, DNS:*.google.rs, DNS:*.google.ru, DNS:*.google.rw, DNS:*.google.sc, DNS:*.google.se, DNS:*.google.sh, DNS:*.goog
le.si, DNS:*.google.sk, DNS:*.google.sm, DNS:*.google.sn, DNS:*.google.so, DNS:*.google.sr, DNS:*.google.st, DNS:*.google.td, DNS:*.google.tel, DNS:*.google.tg, DN
S:*.google.tk, DNS:*.google.tl, DNS:*.google.tm, DNS:*.google.tn, DNS:*.google.to, DNS:*.google.tt, DNS:*.google.ua, DNS:*.google.us, DNS:*.google.uz, DNS:*.google
.vg, DNS:*.google.vu, DNS:*.google.ws, DNS:*.googleadapis.com, DNS:*.googleadsserving.cn, DNS:*.googleapis.cn, DNS:*.googlecommerce.com, DNS:*.googleusercontent.cn
, DNS:*.googlevideo.com, DNS:*.gstatic.cn, DNS:*.gstatic.com, DNS:*.gvt1.com, DNS:*.gvt2.com, DNS:*.jp.doubleclick.net, DNS:*.metric.gstatic.com, DNS:*.uk.doublecl
ick.net, DNS:*.urchin.com, DNS:*.url.google.com, DNS:*.youtube-nocookie.com, DNS:*.youtube.com, DNS:*.youtubeeducation.com, DNS:*.ytimg.com, DNS:ad.mo.doubleclick.
net, DNS:android.clients.google.com, DNS:android.com, DNS:doubleclick.net, DNS:g.co, DNS:goo.gl, DNS:google-analytics.com, DNS:google.ac, DNS:google.ad, DNS:google
.ae, DNS:google.af, DNS:google.ag, DNS:google.al, DNS:google.am, DNS:google.as, DNS:google.at, DNS:google.az, DNS:google.ba, DNS:google.be, DNS:google.bf, DNS:goog
le.bg, DNS:google.bi, DNS:google.bj, DNS:google.bs, DNS:google.bt, DNS:google.by, DNS:google.ca, DNS:google.cat, DNS:google.cc, DNS:google.cd, DNS:google.cf, DNS:g
oogle.cg, DNS:google.ch, DNS:google.ci, DNS:google.cl, DNS:google.cm, DNS:google.cn, DNS:google.co.ao, DNS:google.co.bw, DNS:google.co.ck, DNS:google.co.cr, DNS:go
ogle.co.hu, DNS:google.co.id, DNS:google.co.il, DNS:google.co.im, DNS:google.co.in, DNS:google.co.je, DNS:google.co.jp, DNS:google.co.ke, DNS:google.co.kr, DNS:goo
gle.co.ls, DNS:google.co.ma, DNS:google.co.mz, DNS:google.co.nz, DNS:google.co.th, DNS:google.co.tz, DNS:google.co.ug, DNS:google.co.uk, DNS:google.co.uz, DNS:goog
le.co.ve, DNS:google.co.vi, DNS:google.co.za, DNS:google.co.zm, DNS:google.co.zw, DNS:google.com.af, DNS:google.com.ag, DNS:google.com.ai, DNS:google.com.ar, DNS:g
oogle.com.au, DNS:google.com.bd, DNS:google.com.bh, DNS:google.com.bn, DNS:google.com.bo, DNS:google.com.br, DNS:google.com.by, DNS:google.com.bz, DNS:google.com.c
n, DNS:google.com.co, DNS:google.com.cu, DNS:google.com.cy, DNS:google.com.do, DNS:google.com.ec, DNS:google.com.eg, DNS:google.com.et, DNS:google.com.fj, DNS:goog
le.com.ge, DNS:google.com.gh, DNS:google.com.gi, DNS:google.com.gr, DNS:google.com.gt, DNS:google.com.hk, DNS:google.com.iq, DNS:google.com.jm, DNS:google.com.jo,
DNS:google.com.kh, DNS:google.com.kw, DNS:google.com.lb, DNS:google.com.ly, DNS:google.com.mm, DNS:google.com.mt, DNS:google.com.mx, DNS:google.com.my, DNS:google.
com.na, DNS:google.com.nf, DNS:google.com.ng, DNS:google.com.ni, DNS:google.com.np, DNS:google.com.nr, DNS:google.com.om, DNS:google.com.pa, DNS:google.com.pe, DNS
:google.com.pg, DNS:google.com.ph, DNS:google.com.pk, DNS:google.com.pl, DNS:google.com.pr, DNS:google.com.py, DNS:google.com.qa, DNS:google.com.ru, DNS:google.com
.sa, DNS:google.com.sb, DNS:google.com.sg, DNS:google.com.sl, DNS:google.com.sv, DNS:google.com.tj, DNS:google.com.tn, DNS:google.com.tr, DNS:google.com.tw, DNS:go
ogle.com.ua, DNS:google.com.uy, DNS:google.com.vc, DNS:google.com.ve, DNS:google.com.vn, DNS:google.cv, DNS:google.cz, DNS:google.de, DNS:google.dj, DNS:google.dk,
DNS:google.dm, DNS:google.dz, DNS:google.ee, DNS:google.es, DNS:google.eus, DNS:google.fi, DNS:google.fm, DNS:google.fr, DNS:google.frl, DNS:google.ga, DNS:google
.gal, DNS:google.ge, DNS:google.gg, DNS:google.gl, DNS:google.gm, DNS:google.gp, DNS:google.gr, DNS:google.gy, DNS:google.hk, DNS:google.hn, DNS:google.hr, DNS:goo
gle.ht, DNS:google.hu, DNS:google.ie, DNS:google.im, DNS:google.in, DNS:google.info, DNS:google.iq, DNS:google.ir, DNS:google.is, DNS:google.it, DNS:google.it.ao,
DNS:google.je, DNS:google.jo, DNS:google.jobs, DNS:google.jp, DNS:google.kg, DNS:google.ki, DNS:google.kz, DNS:google.la, DNS:google.li, DNS:google.lk, DNS:google.
lt, DNS:google.lu, DNS:google.lv, DNS:google.md, DNS:google.me, DNS:google.mg, DNS:google.mk, DNS:google.ml, DNS:google.mn, DNS:google.ms, DNS:google.mu, DNS:googl
e.mv, DNS:google.mw, DNS:google.ne, DNS:google.ne.jp, DNS:google.net, DNS:google.ng, DNS:google.nl, DNS:google.no, DNS:google.nr, DNS:google.nu, DNS:google.off.ai,
DNS:google.pk, DNS:google.pl, DNS:google.pn, DNS:google.ps, DNS:google.pt, DNS:google.ro, DNS:google.rs, DNS:google.ru, DNS:google.rw, DNS:google.sc, DNS:google.s
e, DNS:google.sh, DNS:google.si, DNS:google.sk, DNS:google.sm, DNS:google.sn, DNS:google.so, DNS:google.sr, DNS:google.st, DNS:google.td, DNS:google.tel, DNS:googl
e.tg, DNS:google.tk, DNS:google.tl, DNS:google.tm, DNS:google.tn, DNS:google.to, DNS:google.tt, DNS:google.ua, DNS:google.us, DNS:google.uz, DNS:google.vg, DNS:goo
gle.vu, DNS:google.ws, DNS:googlecommerce.com, DNS:gstatic.com, DNS:urchin.com, DNS:youtu.be, DNS:youtube.com, DNS:youtubeeducation.com
Authority Information Access:
CA Issuers - URI:http://pki.google.com/GIAG2.crt
OCSP - URI:http://clients1.google.com/ocsp
X509v3 Subject Key Identifier:
62:2D:E9:85:63:74:56:2B:7B:BC:74:B0:55:B0:BE:1A:A4:67:87:01
X509v3 Basic Constraints: critical
CA:FALSE
X509v3 Authority Key Identifier:
keyid:4A:DD:06:16:1B:BC:F6:68:B5:76:F5:81:B6:BB:62:1A:BA:5A:81:2F
X509v3 Certificate Policies:
Policy: 1.3.6.1.4.1.11129.2.5.1
Policy: 2.23.140.1.2.2
X509v3 CRL Distribution Points:
Full Name:
URI:http://pki.google.com/GIAG2.crl
Signature Algorithm: sha256WithRSAEncryption
90:ac:be:c3:95:c1:56:ae:9c:02:76:f9:da:76:6b:bd:45:34:
60:d3:fe:7f:f7:bb:72:6b:25:b2:75:88:8a:c0:06:74:ba:e2:
e5:da:71:bd:1b:9d:5b:04:e3:ea:67:fb:4f:f3:b2:05:c1:6f:
dd:c0:7b:cf:87:6e:31:f5:88:23:31:ea:c1:e1:18:5f:f7:b1:
4b:b1:97:98:f2:2c:8f:0b:e1:0d:33:a4:58:c6:4d:ac:c7:73:
11:f9:3b:53:a4:d3:7c:08:e6:bd:87:41:0b:4f:4a:62:f4:68:
c5:4a:d1:83:b5:94:55:56:db:b7:7f:fa:cd:68:73:58:32:05:
b9:fd:45:55:95:a1:f5:4b:f0:29:23:33:e8:13:85:f8:d9:f5:
ca:8e:b1:18:7b:0b:b8:28:b6:ba:ea:6b:42:f4:d0:d0:b5:da:
aa:6d:4d:48:8e:c2:ac:97:04:12:c9:45:8f:96:40:60:14:2a:
3c:62:cf:14:0c:e3:c2:82:af:a6:f9:14:8e:32:b3:b3:e2:19:
d9:71:f4:67:3f:d0:95:bf:40:a1:a5:ab:bf:c6:ca:25:a0:a0:
b9:c5:68:49:31:26:67:32:ca:15:35:0d:62:f8:ed:93:26:91:
03:00:a7:97:24:bc:bc:74:19:ae:f4:89:7e:21:59:ca:16:3f:
ac:b8:57:c6
-----BEGIN CERTIFICATE-----
MIIgEDCCHvigAwIBAgIICfV1GTcotSwwDQYJKoZIhvcNAQELBQAwSTELMAkGA1UE
BhMCVVMxEzARBgNVBAoTCkdvb2dsZSBJbmMxJTAjBgNVBAMTHEdvb2dsZSBJbnRl
cm5ldCBBdXRob3JpdHkgRzIwHhcNMTYwMzAyMTExNzA4WhcNMTYwNTMxMDAwMDAw
WjBkMQswCQYDVQQGEwJVUzETMBEGA1UECAwKQ2FsaWZvcm5pYTEWMBQGA1UEBwwN
TW91bnRhaW4gVmlldzETMBEGA1UECgwKR29vZ2xlIEluYzETMBEGA1UEAwwKZ29v
Z2xlLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMPHxrbrqdRO
dvZ0C3fdHHyRhQBVYPLpnti1x7aSk0aKlEg1iQTAuL9W18D2qREcdKFDueLIJBKa
cMddxYVxyqiNp4fjXiXZcttJ0P9SKav/ayV8ltxaWI64sZnDEjyii6lagtc7cFAm
HYx1oc6wDFCalbwZLtZg6Yy9A6qXXSOu3P/ZwMeCj16KEbB2Ez0TKJmKY0cEBp17
d3qrOO/aYA0BWGzkcejBZruyB+5rHT8z8EgGScP+LliJXGP/PeX7dIVPsFWnPOBz
OBvcTlVmYJ7dJJ1at7ejM0IEq3HxDNfu8AbfgK3lj9UvwoaKmI6A9oW7Jir1XLzs
jcNxcBQ1t4UCAwEAAaOCHN8wghzbMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEF
BQcDAjCCG6sGA1UdEQSCG6Iwghueggpnb29nbGUuY29tggoqLjJtZG4ubmV0gg0q
LmFuZHJvaWQuY29tghYqLmFwcGVuZ2luZS5nb29nbGUuY29tghQqLmF1LmRvdWJs
ZWNsaWNrLm5ldIILKi5jYy1kdC5jb22CEiouY2xvdWQuZ29vZ2xlLmNvbYIUKi5k
ZS5kb3VibGVjbGljay5uZXSCESouZG91YmxlY2xpY2suY29tghEqLmRvdWJsZWNs
aWNrLm5ldIIVKi5mbHMuZG91YmxlY2xpY2submV0ghQqLmZyLmRvdWJsZWNsaWNr
Lm5ldIIWKi5nb29nbGUtYW5hbHl0aWNzLmNvbYILKi5nb29nbGUuYWOCCyouZ29v
Z2xlLmFkggsqLmdvb2dsZS5hZYILKi5nb29nbGUuYWaCCyouZ29vZ2xlLmFnggsq
Lmdvb2dsZS5hbIILKi5nb29nbGUuYW2CCyouZ29vZ2xlLmFzggsqLmdvb2dsZS5h
dIILKi5nb29nbGUuYXqCCyouZ29vZ2xlLmJhggsqLmdvb2dsZS5iZYILKi5nb29n
bGUuYmaCCyouZ29vZ2xlLmJnggsqLmdvb2dsZS5iaYILKi5nb29nbGUuYmqCCyou
Z29vZ2xlLmJzggsqLmdvb2dsZS5idIILKi5nb29nbGUuYnmCCyouZ29vZ2xlLmNh
ggwqLmdvb2dsZS5jYXSCCyouZ29vZ2xlLmNjggsqLmdvb2dsZS5jZIILKi5nb29n
bGUuY2aCCyouZ29vZ2xlLmNnggsqLmdvb2dsZS5jaIILKi5nb29nbGUuY2mCCyou
Z29vZ2xlLmNsggsqLmdvb2dsZS5jbYILKi5nb29nbGUuY26CDiouZ29vZ2xlLmNv
LmFvgg4qLmdvb2dsZS5jby5id4IOKi5nb29nbGUuY28uY2uCDiouZ29vZ2xlLmNv
LmNygg4qLmdvb2dsZS5jby5odYIOKi5nb29nbGUuY28uaWSCDiouZ29vZ2xlLmNv
Lmlsgg4qLmdvb2dsZS5jby5pbYIOKi5nb29nbGUuY28uaW6CDiouZ29vZ2xlLmNv
Lmplgg4qLmdvb2dsZS5jby5qcIIOKi5nb29nbGUuY28ua2WCDiouZ29vZ2xlLmNv
Lmtygg4qLmdvb2dsZS5jby5sc4IOKi5nb29nbGUuY28ubWGCDiouZ29vZ2xlLmNv
Lm16gg4qLmdvb2dsZS5jby5ueoIOKi5nb29nbGUuY28udGiCDiouZ29vZ2xlLmNv
LnR6gg4qLmdvb2dsZS5jby51Z4IOKi5nb29nbGUuY28udWuCDiouZ29vZ2xlLmNv
LnV6gg4qLmdvb2dsZS5jby52ZYIOKi5nb29nbGUuY28udmmCDiouZ29vZ2xlLmNv
Lnphgg4qLmdvb2dsZS5jby56bYIOKi5nb29nbGUuY28ueneCDCouZ29vZ2xlLmNv
bYIPKi5nb29nbGUuY29tLmFmgg8qLmdvb2dsZS5jb20uYWeCDyouZ29vZ2xlLmNv
bS5haYIPKi5nb29nbGUuY29tLmFygg8qLmdvb2dsZS5jb20uYXWCDyouZ29vZ2xl
LmNvbS5iZIIPKi5nb29nbGUuY29tLmJogg8qLmdvb2dsZS5jb20uYm6CDyouZ29v
Z2xlLmNvbS5ib4IPKi5nb29nbGUuY29tLmJygg8qLmdvb2dsZS5jb20uYnmCDyou
Z29vZ2xlLmNvbS5ieoIPKi5nb29nbGUuY29tLmNugg8qLmdvb2dsZS5jb20uY2+C
DyouZ29vZ2xlLmNvbS5jdYIPKi5nb29nbGUuY29tLmN5gg8qLmdvb2dsZS5jb20u
ZG+CDyouZ29vZ2xlLmNvbS5lY4IPKi5nb29nbGUuY29tLmVngg8qLmdvb2dsZS5j
b20uZXSCDyouZ29vZ2xlLmNvbS5maoIPKi5nb29nbGUuY29tLmdlgg8qLmdvb2ds
ZS5jb20uZ2iCDyouZ29vZ2xlLmNvbS5naYIPKi5nb29nbGUuY29tLmdygg8qLmdv
b2dsZS5jb20uZ3SCDyouZ29vZ2xlLmNvbS5oa4IPKi5nb29nbGUuY29tLmlxgg8q
Lmdvb2dsZS5jb20uam2CDyouZ29vZ2xlLmNvbS5qb4IPKi5nb29nbGUuY29tLmto
gg8qLmdvb2dsZS5jb20ua3eCDyouZ29vZ2xlLmNvbS5sYoIPKi5nb29nbGUuY29t
Lmx5gg8qLmdvb2dsZS5jb20ubW2CDyouZ29vZ2xlLmNvbS5tdIIPKi5nb29nbGUu
Y29tLm14gg8qLmdvb2dsZS5jb20ubXmCDyouZ29vZ2xlLmNvbS5uYYIPKi5nb29n
bGUuY29tLm5mgg8qLmdvb2dsZS5jb20ubmeCDyouZ29vZ2xlLmNvbS5uaYIPKi5n
b29nbGUuY29tLm5wgg8qLmdvb2dsZS5jb20ubnKCDyouZ29vZ2xlLmNvbS5vbYIP
Ki5nb29nbGUuY29tLnBhgg8qLmdvb2dsZS5jb20ucGWCDyouZ29vZ2xlLmNvbS5w
Z4IPKi5nb29nbGUuY29tLnBogg8qLmdvb2dsZS5jb20ucGuCDyouZ29vZ2xlLmNv
bS5wbIIPKi5nb29nbGUuY29tLnBygg8qLmdvb2dsZS5jb20ucHmCDyouZ29vZ2xl
LmNvbS5xYYIPKi5nb29nbGUuY29tLnJ1gg8qLmdvb2dsZS5jb20uc2GCDyouZ29v
Z2xlLmNvbS5zYoIPKi5nb29nbGUuY29tLnNngg8qLmdvb2dsZS5jb20uc2yCDyou
Z29vZ2xlLmNvbS5zdoIPKi5nb29nbGUuY29tLnRqgg8qLmdvb2dsZS5jb20udG6C
DyouZ29vZ2xlLmNvbS50coIPKi5nb29nbGUuY29tLnR3gg8qLmdvb2dsZS5jb20u
dWGCDyouZ29vZ2xlLmNvbS51eYIPKi5nb29nbGUuY29tLnZjgg8qLmdvb2dsZS5j
b20udmWCDyouZ29vZ2xlLmNvbS52boILKi5nb29nbGUuY3aCCyouZ29vZ2xlLmN6
ggsqLmdvb2dsZS5kZYILKi5nb29nbGUuZGqCCyouZ29vZ2xlLmRrggsqLmdvb2ds
ZS5kbYILKi5nb29nbGUuZHqCCyouZ29vZ2xlLmVlggsqLmdvb2dsZS5lc4IMKi5n
b29nbGUuZXVzggsqLmdvb2dsZS5maYILKi5nb29nbGUuZm2CCyouZ29vZ2xlLmZy
ggwqLmdvb2dsZS5mcmyCCyouZ29vZ2xlLmdhggwqLmdvb2dsZS5nYWyCCyouZ29v
Z2xlLmdlggsqLmdvb2dsZS5nZ4ILKi5nb29nbGUuZ2yCCyouZ29vZ2xlLmdtggsq
Lmdvb2dsZS5ncIILKi5nb29nbGUuZ3KCCyouZ29vZ2xlLmd5ggsqLmdvb2dsZS5o
a4ILKi5nb29nbGUuaG6CCyouZ29vZ2xlLmhyggsqLmdvb2dsZS5odIILKi5nb29n
bGUuaHWCCyouZ29vZ2xlLmllggsqLmdvb2dsZS5pbYILKi5nb29nbGUuaW6CDSou
Z29vZ2xlLmluZm+CCyouZ29vZ2xlLmlxggsqLmdvb2dsZS5pcoILKi5nb29nbGUu
aXOCCyouZ29vZ2xlLml0gg4qLmdvb2dsZS5pdC5hb4ILKi5nb29nbGUuamWCCyou
Z29vZ2xlLmpvgg0qLmdvb2dsZS5qb2JzggsqLmdvb2dsZS5qcIILKi5nb29nbGUu
a2eCCyouZ29vZ2xlLmtpggsqLmdvb2dsZS5reoILKi5nb29nbGUubGGCCyouZ29v
Z2xlLmxpggsqLmdvb2dsZS5sa4ILKi5nb29nbGUubHSCCyouZ29vZ2xlLmx1ggsq
Lmdvb2dsZS5sdoILKi5nb29nbGUubWSCCyouZ29vZ2xlLm1lggsqLmdvb2dsZS5t
Z4ILKi5nb29nbGUubWuCCyouZ29vZ2xlLm1sggsqLmdvb2dsZS5tboILKi5nb29n
bGUubXOCCyouZ29vZ2xlLm11ggsqLmdvb2dsZS5tdoILKi5nb29nbGUubXeCCyou
Z29vZ2xlLm5lgg4qLmdvb2dsZS5uZS5qcIIMKi5nb29nbGUubmV0ggsqLmdvb2ds
ZS5uZ4ILKi5nb29nbGUubmyCCyouZ29vZ2xlLm5vggsqLmdvb2dsZS5ucoILKi5n
b29nbGUubnWCDyouZ29vZ2xlLm9mZi5haYILKi5nb29nbGUucGuCCyouZ29vZ2xl
LnBsggsqLmdvb2dsZS5wboILKi5nb29nbGUucHOCCyouZ29vZ2xlLnB0ggsqLmdv
b2dsZS5yb4ILKi5nb29nbGUucnOCCyouZ29vZ2xlLnJ1ggsqLmdvb2dsZS5yd4IL
Ki5nb29nbGUuc2OCCyouZ29vZ2xlLnNlggsqLmdvb2dsZS5zaIILKi5nb29nbGUu
c2mCCyouZ29vZ2xlLnNrggsqLmdvb2dsZS5zbYILKi5nb29nbGUuc26CCyouZ29v
Z2xlLnNvggsqLmdvb2dsZS5zcoILKi5nb29nbGUuc3SCCyouZ29vZ2xlLnRkggwq
Lmdvb2dsZS50ZWyCCyouZ29vZ2xlLnRnggsqLmdvb2dsZS50a4ILKi5nb29nbGUu
dGyCCyouZ29vZ2xlLnRtggsqLmdvb2dsZS50boILKi5nb29nbGUudG+CCyouZ29v
Z2xlLnR0ggsqLmdvb2dsZS51YYILKi5nb29nbGUudXOCCyouZ29vZ2xlLnV6ggsq
Lmdvb2dsZS52Z4ILKi5nb29nbGUudnWCCyouZ29vZ2xlLndzghIqLmdvb2dsZWFk
YXBpcy5jb22CFSouZ29vZ2xlYWRzc2VydmluZy5jboIPKi5nb29nbGVhcGlzLmNu
ghQqLmdvb2dsZWNvbW1lcmNlLmNvbYIWKi5nb29nbGV1c2VyY29udGVudC5jboIR
Ki5nb29nbGV2aWRlby5jb22CDCouZ3N0YXRpYy5jboINKi5nc3RhdGljLmNvbYIK
Ki5ndnQxLmNvbYIKKi5ndnQyLmNvbYIUKi5qcC5kb3VibGVjbGljay5uZXSCFCou
bWV0cmljLmdzdGF0aWMuY29tghQqLnVrLmRvdWJsZWNsaWNrLm5ldIIMKi51cmNo
aW4uY29tghAqLnVybC5nb29nbGUuY29tghYqLnlvdXR1YmUtbm9jb29raWUuY29t
gg0qLnlvdXR1YmUuY29tghYqLnlvdXR1YmVlZHVjYXRpb24uY29tggsqLnl0aW1n
LmNvbYIVYWQubW8uZG91YmxlY2xpY2submV0ghphbmRyb2lkLmNsaWVudHMuZ29v
Z2xlLmNvbYILYW5kcm9pZC5jb22CD2RvdWJsZWNsaWNrLm5ldIIEZy5jb4IGZ29v
LmdsghRnb29nbGUtYW5hbHl0aWNzLmNvbYIJZ29vZ2xlLmFjgglnb29nbGUuYWSC
CWdvb2dsZS5hZYIJZ29vZ2xlLmFmgglnb29nbGUuYWeCCWdvb2dsZS5hbIIJZ29v
Z2xlLmFtgglnb29nbGUuYXOCCWdvb2dsZS5hdIIJZ29vZ2xlLmF6gglnb29nbGUu
YmGCCWdvb2dsZS5iZYIJZ29vZ2xlLmJmgglnb29nbGUuYmeCCWdvb2dsZS5iaYIJ
Z29vZ2xlLmJqgglnb29nbGUuYnOCCWdvb2dsZS5idIIJZ29vZ2xlLmJ5gglnb29n
bGUuY2GCCmdvb2dsZS5jYXSCCWdvb2dsZS5jY4IJZ29vZ2xlLmNkgglnb29nbGUu
Y2aCCWdvb2dsZS5jZ4IJZ29vZ2xlLmNogglnb29nbGUuY2mCCWdvb2dsZS5jbIIJ
Z29vZ2xlLmNtgglnb29nbGUuY26CDGdvb2dsZS5jby5hb4IMZ29vZ2xlLmNvLmJ3
ggxnb29nbGUuY28uY2uCDGdvb2dsZS5jby5jcoIMZ29vZ2xlLmNvLmh1ggxnb29n
bGUuY28uaWSCDGdvb2dsZS5jby5pbIIMZ29vZ2xlLmNvLmltggxnb29nbGUuY28u
aW6CDGdvb2dsZS5jby5qZYIMZ29vZ2xlLmNvLmpwggxnb29nbGUuY28ua2WCDGdv
b2dsZS5jby5rcoIMZ29vZ2xlLmNvLmxzggxnb29nbGUuY28ubWGCDGdvb2dsZS5j
by5teoIMZ29vZ2xlLmNvLm56ggxnb29nbGUuY28udGiCDGdvb2dsZS5jby50eoIM
Z29vZ2xlLmNvLnVnggxnb29nbGUuY28udWuCDGdvb2dsZS5jby51eoIMZ29vZ2xl
LmNvLnZlggxnb29nbGUuY28udmmCDGdvb2dsZS5jby56YYIMZ29vZ2xlLmNvLnpt
ggxnb29nbGUuY28ueneCDWdvb2dsZS5jb20uYWaCDWdvb2dsZS5jb20uYWeCDWdv
b2dsZS5jb20uYWmCDWdvb2dsZS5jb20uYXKCDWdvb2dsZS5jb20uYXWCDWdvb2ds
ZS5jb20uYmSCDWdvb2dsZS5jb20uYmiCDWdvb2dsZS5jb20uYm6CDWdvb2dsZS5j
b20uYm+CDWdvb2dsZS5jb20uYnKCDWdvb2dsZS5jb20uYnmCDWdvb2dsZS5jb20u
YnqCDWdvb2dsZS5jb20uY26CDWdvb2dsZS5jb20uY2+CDWdvb2dsZS5jb20uY3WC
DWdvb2dsZS5jb20uY3mCDWdvb2dsZS5jb20uZG+CDWdvb2dsZS5jb20uZWOCDWdv
b2dsZS5jb20uZWeCDWdvb2dsZS5jb20uZXSCDWdvb2dsZS5jb20uZmqCDWdvb2ds
ZS5jb20uZ2WCDWdvb2dsZS5jb20uZ2iCDWdvb2dsZS5jb20uZ2mCDWdvb2dsZS5j
b20uZ3KCDWdvb2dsZS5jb20uZ3SCDWdvb2dsZS5jb20uaGuCDWdvb2dsZS5jb20u
aXGCDWdvb2dsZS5jb20uam2CDWdvb2dsZS5jb20uam+CDWdvb2dsZS5jb20ua2iC
DWdvb2dsZS5jb20ua3eCDWdvb2dsZS5jb20ubGKCDWdvb2dsZS5jb20ubHmCDWdv
b2dsZS5jb20ubW2CDWdvb2dsZS5jb20ubXSCDWdvb2dsZS5jb20ubXiCDWdvb2ds
ZS5jb20ubXmCDWdvb2dsZS5jb20ubmGCDWdvb2dsZS5jb20ubmaCDWdvb2dsZS5j
b20ubmeCDWdvb2dsZS5jb20ubmmCDWdvb2dsZS5jb20ubnCCDWdvb2dsZS5jb20u
bnKCDWdvb2dsZS5jb20ub22CDWdvb2dsZS5jb20ucGGCDWdvb2dsZS5jb20ucGWC
DWdvb2dsZS5jb20ucGeCDWdvb2dsZS5jb20ucGiCDWdvb2dsZS5jb20ucGuCDWdv
b2dsZS5jb20ucGyCDWdvb2dsZS5jb20ucHKCDWdvb2dsZS5jb20ucHmCDWdvb2ds
ZS5jb20ucWGCDWdvb2dsZS5jb20ucnWCDWdvb2dsZS5jb20uc2GCDWdvb2dsZS5j
b20uc2KCDWdvb2dsZS5jb20uc2eCDWdvb2dsZS5jb20uc2yCDWdvb2dsZS5jb20u
c3aCDWdvb2dsZS5jb20udGqCDWdvb2dsZS5jb20udG6CDWdvb2dsZS5jb20udHKC
DWdvb2dsZS5jb20udHeCDWdvb2dsZS5jb20udWGCDWdvb2dsZS5jb20udXmCDWdv
b2dsZS5jb20udmOCDWdvb2dsZS5jb20udmWCDWdvb2dsZS5jb20udm6CCWdvb2ds
ZS5jdoIJZ29vZ2xlLmN6gglnb29nbGUuZGWCCWdvb2dsZS5kaoIJZ29vZ2xlLmRr
gglnb29nbGUuZG2CCWdvb2dsZS5keoIJZ29vZ2xlLmVlgglnb29nbGUuZXOCCmdv
b2dsZS5ldXOCCWdvb2dsZS5maYIJZ29vZ2xlLmZtgglnb29nbGUuZnKCCmdvb2ds
ZS5mcmyCCWdvb2dsZS5nYYIKZ29vZ2xlLmdhbIIJZ29vZ2xlLmdlgglnb29nbGUu
Z2eCCWdvb2dsZS5nbIIJZ29vZ2xlLmdtgglnb29nbGUuZ3CCCWdvb2dsZS5ncoIJ
Z29vZ2xlLmd5gglnb29nbGUuaGuCCWdvb2dsZS5oboIJZ29vZ2xlLmhygglnb29n
bGUuaHSCCWdvb2dsZS5odYIJZ29vZ2xlLmllgglnb29nbGUuaW2CCWdvb2dsZS5p
boILZ29vZ2xlLmluZm+CCWdvb2dsZS5pcYIJZ29vZ2xlLmlygglnb29nbGUuaXOC
CWdvb2dsZS5pdIIMZ29vZ2xlLml0LmFvgglnb29nbGUuamWCCWdvb2dsZS5qb4IL
Z29vZ2xlLmpvYnOCCWdvb2dsZS5qcIIJZ29vZ2xlLmtngglnb29nbGUua2mCCWdv
b2dsZS5reoIJZ29vZ2xlLmxhgglnb29nbGUubGmCCWdvb2dsZS5sa4IJZ29vZ2xl
Lmx0gglnb29nbGUubHWCCWdvb2dsZS5sdoIJZ29vZ2xlLm1kgglnb29nbGUubWWC
CWdvb2dsZS5tZ4IJZ29vZ2xlLm1rgglnb29nbGUubWyCCWdvb2dsZS5tboIJZ29v
Z2xlLm1zgglnb29nbGUubXWCCWdvb2dsZS5tdoIJZ29vZ2xlLm13gglnb29nbGUu
bmWCDGdvb2dsZS5uZS5qcIIKZ29vZ2xlLm5ldIIJZ29vZ2xlLm5ngglnb29nbGUu
bmyCCWdvb2dsZS5ub4IJZ29vZ2xlLm5ygglnb29nbGUubnWCDWdvb2dsZS5vZmYu
YWmCCWdvb2dsZS5wa4IJZ29vZ2xlLnBsgglnb29nbGUucG6CCWdvb2dsZS5wc4IJ
Z29vZ2xlLnB0gglnb29nbGUucm+CCWdvb2dsZS5yc4IJZ29vZ2xlLnJ1gglnb29n
bGUucneCCWdvb2dsZS5zY4IJZ29vZ2xlLnNlgglnb29nbGUuc2iCCWdvb2dsZS5z
aYIJZ29vZ2xlLnNrgglnb29nbGUuc22CCWdvb2dsZS5zboIJZ29vZ2xlLnNvggln
b29nbGUuc3KCCWdvb2dsZS5zdIIJZ29vZ2xlLnRkggpnb29nbGUudGVsgglnb29n
bGUudGeCCWdvb2dsZS50a4IJZ29vZ2xlLnRsgglnb29nbGUudG2CCWdvb2dsZS50
boIJZ29vZ2xlLnRvgglnb29nbGUudHSCCWdvb2dsZS51YYIJZ29vZ2xlLnVzggln
b29nbGUudXqCCWdvb2dsZS52Z4IJZ29vZ2xlLnZ1gglnb29nbGUud3OCEmdvb2ds
ZWNvbW1lcmNlLmNvbYILZ3N0YXRpYy5jb22CCnVyY2hpbi5jb22CCHlvdXR1LmJl
ggt5b3V0dWJlLmNvbYIUeW91dHViZWVkdWNhdGlvbi5jb20waAYIKwYBBQUHAQEE
XDBaMCsGCCsGAQUFBzAChh9odHRwOi8vcGtpLmdvb2dsZS5jb20vR0lBRzIuY3J0
MCsGCCsGAQUFBzABhh9odHRwOi8vY2xpZW50czEuZ29vZ2xlLmNvbS9vY3NwMB0G
A1UdDgQWBBRiLemFY3RWK3u8dLBVsL4apGeHATAMBgNVHRMBAf8EAjAAMB8GA1Ud
IwQYMBaAFErdBhYbvPZotXb1gba7Yhq6WoEvMCEGA1UdIAQaMBgwDAYKKwYBBAHW
eQIFATAIBgZngQwBAgIwMAYDVR0fBCkwJzAloCOgIYYfaHR0cDovL3BraS5nb29n
bGUuY29tL0dJQUcyLmNybDANBgkqhkiG9w0BAQsFAAOCAQEAkKy+w5XBVq6cAnb5
2nZrvUU0YNP+f/e7cmslsnWIisAGdLri5dpxvRudWwTj6mf7T/OyBcFv3cB7z4du
MfWIIzHqweEYX/exS7GXmPIsjwvhDTOkWMZNrMdzEfk7U6TTfAjmvYdBC09KYvRo
xUrRg7WUVVbbt3/6zWhzWDIFuf1FVZWh9UvwKSMz6BOF+Nn1yo6xGHsLuCi2uupr
QvTQ0LXaqm1NSI7CrJcEEslFj5ZAYBQqPGLPFAzjwoKvpvkUjjKzs+IZ2XH0Zz/Q
lb9AoaWrv8bKJaCgucVoSTEmZzLKFTUNYvjtkyaRAwCnlyS8vHQZrvSJfiFZyhY/
rLhXxg==
-----END CERTIFICATE-----
这是我在 Chrome 中看到的内容
我是否应该在 Chrome 和 OpenSSL Cli 中看到相同的 SHA-256 指纹?谢谢。
答案1
Google 服务器根据客户端在 client_hello 中提供的密码套件选择不同的证书。OpenSSL 客户端获得的证书包含 RSA 公钥。Chrome 获得的证书包含椭圆曲线公钥。因此,证书不同,因此具有不同的指纹。
答案2
Google 网站使用多个站点来分派请求。
两个不同的连接(我的意思是使用两个不同的互联网连接)很可能会路由到不同的谷歌前端。
不同的网站使用的证书并不相同。正如您在输出和屏幕截图中所看到的,证书的序列号不匹配,这意味着您为同一个地址提供了两个不同的证书。
那么,不同的证书有不同的指纹是完全正常的。
答案3
由于 Google 使用多个域名,我需要在 OpenSSL 连接选项中使用 -servername。
$ echo | openssl s_client-服务器名称 www.google.pl-connect www.google.pl:443 |& openssl x509 -fingerprint -sha256 -noout SHA256 指纹=E0:0B:85:15:B2:53:84:09:C3:EE:2E:CD:75:29:94:89:5D:0A:8F:75:0F:0F:94:0C:D7:35:95:6A:50:AF:4D:5B
这样,OpenSSL 连接中的指纹与 Chrome 浏览器中显示的相同:
E0 0B 85 15 B2 53 84 09 C3 EE 2E CD 75 29 94 89 5D 0A 8F 75 0F 0F 94 0C D7 35 95 6A 50 AF 4D 5B
正如@M'vy 之前所说,根据您的 ISP,您可能会获得其他证书。
多谢你们。