我查看了该security
工具的手册页,特别是其find-certificate
参数。
我正在使用spaceship
gem 获取 Apple 开发门户中的证书列表,我想将它们与机器上安装的证书进行比较。最好的比较方法似乎是创建日期和到期日期。
但是,我不知道如何生成security
一个证书,然后可以通过该证书来openssl
确定创建/到期日期。
有什么指导吗?
答案1
-p
将以 PEM 格式转储证书,可以通过管道传输到openssl x509
实用程序进行显示。例如:
security find-certificate -p -c "Apple Worldwide Developer Relations Certification Authority" | openssl x509 -text -noout
以下是完整输出:
$ security find-certificate -p -c "Apple Worldwide Developer Relations Certification Authority" | openssl x509 -text -noout
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 25 (0x19)
Signature Algorithm: sha1WithRSAEncryption
Issuer: C = US, O = Apple Inc., OU = Apple Certification Authority, CN = Apple Root CA
Validity
Not Before: Feb 14 18:56:35 2008 GMT
Not After : Feb 14 18:56:35 2016 GMT
Subject: C = US, O = Apple Inc., OU = Apple Worldwide Developer Relations, CN = Apple Worldwide Developer Relations Certification Authority
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (2048 bit)
Modulus:
00:ca:38:54:a6:cb:56:aa:c8:24:39:48:e9:8c:ee:
ec:5f:b8:7f:26:91:bc:34:53:7a:ce:7c:63:80:61:
77:64:5e:a5:07:23:b6:39:fe:50:2d:15:56:58:70:
2d:7e:c4:6e:c1:4a:85:3e:2f:f0:de:84:1a:a1:57:
c9:af:7b:18:ff:6a:fa:15:12:49:15:08:19:ac:aa:
db:2a:32:ed:96:63:68:52:15:3d:8c:8a:ec:bf:6b:
18:95:e0:03:ac:01:7d:97:05:67:ce:0e:85:95:37:
6a:ed:09:b6:ae:67:cd:51:64:9f:c6:5c:d1:bc:57:
6e:67:35:80:76:36:a4:87:81:6e:38:8f:d8:2b:15:
4e:7b:25:d8:5a:bf:4e:83:c1:8d:d2:93:d5:1a:71:
b5:60:9c:9d:33:4e:55:f9:12:58:0c:86:b8:16:0d:
c1:e5:77:45:8d:50:48:ba:2b:2d:e4:94:85:e1:e8:
c4:9d:c6:68:a5:b0:a3:fc:67:7e:70:ba:02:59:4b:
77:42:91:39:b9:f5:cd:e1:4c:ef:c0:3b:48:8c:a6:
e5:21:5d:fd:6a:6a:bb:a7:16:35:60:d2:e6:ad:f3:
46:29:c9:e8:c3:8b:e9:79:c0:6a:61:67:15:b2:f0:
fd:e5:68:bc:62:5f:6e:cf:99:dd:ef:1b:63:fe:92:
65:ab
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Key Usage: critical
Digital Signature, Certificate Sign, CRL Sign
X509v3 Basic Constraints: critical
CA:TRUE
X509v3 Subject Key Identifier:
88:27:17:09:A9:B6:18:60:8B:EC:EB:BA:F6:47:59:C5:52:54:A3:B7
X509v3 Authority Key Identifier:
keyid:2B:D0:69:47:94:76:09:FE:F4:6B:8D:2E:40:A6:F7:47:4D:7F:08:5E
X509v3 CRL Distribution Points:
Full Name:
URI:http://www.apple.com/appleca/root.crl
1.2.840.113635.100.6.2.1:
..
Signature Algorithm: sha1WithRSAEncryption
da:32:00:96:c5:54:94:d3:3b:82:37:66:7d:2e:68:d5:c3:c6:
b8:cb:26:8c:48:90:cf:13:24:6a:46:8e:63:d4:f0:d0:13:06:
dd:d8:c4:c1:37:15:f2:33:13:39:26:2d:ce:2e:55:40:e3:0b:
03:af:fa:12:c2:e7:0d:21:b8:d5:80:cf:ac:28:2f:ce:2d:b3:
4e:af:86:19:04:c6:e9:50:dd:4c:29:47:10:23:fc:6c:bb:1b:
98:6b:48:89:e1:5b:9d:de:46:db:35:85:35:ef:3e:d0:e2:58:
4b:38:f4:ed:75:5a:1f:5c:70:1d:56:39:12:e5:e1:0d:11:e4:
89:25:06:bd:d5:b4:15:8e:5e:d0:59:97:90:e9:4b:81:e2:df:
18:af:44:74:1e:19:a0:3a:47:cc:91:1d:3a:eb:23:5a:fe:a5:
2d:97:f7:7b:bb:d6:87:46:42:85:eb:52:3d:26:b2:63:a8:b4:
b1:ca:8f:f4:cc:e2:b3:c8:47:e0:bf:9a:59:83:fa:da:98:53:
2a:82:f5:7c:65:2e:95:d9:33:5d:f5:ed:65:cc:31:37:c5:5a:
04:e8:6b:e1:e7:88:03:4a:75:9e:9b:28:cb:4a:40:88:65:43:
75:dd:cb:3a:25:23:c5:9e:57:f8:2e:ce:d2:a9:92:5e:73:2e:
2f:25:75:15
答案2
或者为了避免对 openssl 输出进行潜在的复杂解析,您可以只指定感兴趣的字段,例如:
security find-certificate -p -c "Apple Worldwide Developer Relations Certification Authority" | openssl x509 -enddate -noout