我有一个 SSL 证书和 SSL 密钥,可以检查它的到期时间吗?
例如 SSL 密钥:
-----BEGIN RSA PRIVATE KEY-----
MIIEpQIBAAKCAQEAm6fSmGzOj5kZHvqyaeo0vrl910o4spr6FH/Wai+vpCmS8vN+
rk6UlYunY1i52Z/Q2yn/zSRf2gCcu0m0ukYH64ZIw3IE/YP8lvJWjIiFsi8Aa6Lr
p5kKZzUfY4A7ZKwVv8piydTGiNWSsBnJ4mvfVfwu548HuLsQBZGMNeQ4GidmnEy
3tSK/0k4LQB3WdO8To75gxcy0HKicm//rqt+F0uMTTIv50nhCoghicPdtAaP1LS
fEGD9otf2STxAlHsHNRcqTqr4fkIeFU+NjbNRWcSCFzzEE7PqOBnw+aRH5ut4BJV
o7SVNe8dVIiKhEW8mLDZMIDE27hZT2ltPRAjyQIDAQABAoIBAQCPiutd33F54XDW
LdDcdbxgakTPhkXVB7A5uU5tLD6ogCJg5AXeDt9dLaWWq1rwgz4i7o9UigfOzaO7
35PH+A8TtwlhG8PYWqBUP3VrMfdBQ7D6kgsJystaNBYXN0kOZNfFv4jsocjYpUQa
Fyatwn5QdAmvq5O70/6UdzYRkqmrF7hxZwjp6Tx16O7p8FqNPyiBDOFZBNOu8qCR
KdIOS9pZJeckxYJqJ6A3W6khmmprfVO10NjPUzexwT5A5MXatgbjnP3AQVJes9GR
2o1XGcV1YBMxk7pvijOgXDGb9Vjq3NVXT0mDLZjH+Muj0h7qKHVDmEND2EYzYVjN
pNH2m8YRAoGBAO+hUM0BquHMDmUrl5dg1h0ZHm0bF7bATooSIVLGdXoow0HxF1dN
YDHn+oeL8d3RR3IlsRKpY1TQ2H/+5gmrJv1X9Kc4ka7mycO3I/C0PKzGi8ckfbKa
cltPZ+8GRKQbyOOjjF/Ob2dyohtsB/pwwhe7BUZ1mJpevbKypKvXtEYlAoGBAKZJ
8rjFkqX2nRQ3aB5sRh5zp1deuZyjLonfdsGsSin+CIB3nk3p1PxKQMjQyI7QVE9A
1yXIhiAup0xDbwG01stMwmQg2TtDt8vWEgZRXcoA+Fs2UpN5B/SjJAJ1jUSuxxo9
7UoenxNd+10eofjHub0gZMsUJiYCF26zHCADhnvVAoGBANdwd/2oVyLkW7jXpVWi
6T2F/NXo+rwCT1pRDIaoCKyIg2wAvpRt62NTBenhhtV/tzVH79gwVC7ICS2iVN0y
dD5nWn0RHeFaeuGsAPMCiF5prveetifiNZgkXvQF9aZ5mHYY7zafmYcvB9GRoeam
g8PSex6q0UVQkkpb1DLvHpPFAoGAFWmaRq6yRoquCWdlEd3RXaR43OhGsGPW30wW
J7Q+zI94mspMaS3+DgqlsvYnjTRIVvg7fBMJKmW3hzt7tNWLfxxAP9J3BomexjGn
moaptBRR5rTlBzZjjt3fCi4G5dw3qSpmPtAYnc7RSllic/2L7k2YjQnoK6bDS67m
pTyu+Y0CgYEA4zlOFpOXxrf8bOtrUYLpeBBiMGk1YkfY+LxejunlVe3K+TS10FoE
YoWVh/PtuSCYScgdCqylVNUTBq1GRK7K9ZXpFrViefo+Md68pqiWqOCdDMi5GyY8
0LIC6HDwAbxQBV14IUvvUuUq9Dcq6qBLSP//zo7jK5raN3DBPRt6Hr4=
-----END RSA PRIVATE KEY-----
ssl 证书(省略)
因为我有时在 macos 钥匙串中知道站点的证书有到期时间。如果我只知道 ssl 密钥和 ssl 证书数据,我是否可以得到到期时间?
答案1
密钥不会过期。证书会过期。证书是二进制数据。如果没有工具,它们是无法被人类读取的。
根据证书的编码方式,您可以将其重命名.cer
并在 Windows 上打开它。然后它会向您显示证书中的所有数据。
使用 OpenSSL,您可以在命令行上检查证书:
openssl x509 -text -noout -in cert.pem
OpenSSL 基本上适用于所有内容,但您可能必须先安装它。
你会得到类似这样的结果:
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
04:11:24:0f:88:1e:34:22:06:94:05:d0:74:e5:be:96:00:ec
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=US, O=Let's Encrypt, CN=R3
Validity
Not Before: May 16 13:25:30 2021 GMT
Not After : Aug 14 13:25:30 2021 GMT
Subject: CN=*.stackexchange.com
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (2048 bit)
Modulus:
00:b6:91:0f:2e:ad:e9:c1:d3:44:32:5a:a3:2d:f7:
ca:2f:25:6e:6b:e0:ca:39:d9:63:36:1e:b7:d1:21:
ae:cb:43:12:aa:11:80:dc:3b:30:a9:7b:02:ed:66:
c5:42:ea:b3:9b:61:5d:17:2f:4f:36:d4:fd:7e:df:
ae:da:97:7d:23:e0:e0:f4:be:19:83:9e:a3:1b:2b:
32:a3:11:74:40:6c:dd:e3:ef:20:ee:2d:dc:0f:c2:
49:ce:89:fe:b2:fb:5f:c4:66:55:b5:4e:8b:23:2a:
79:33:2b:e7:94:7f:5d:2a:d8:ea:45:11:35:63:e5:
b6:69:b6:6d:b4:05:50:f8:15:76:36:6c:97:c6:d8:
61:6d:91:18:8a:69:a0:7a:71:aa:4c:d6:fb:b0:d9:
58:8f:f2:f9:e1:c9:9d:54:3d:82:60:81:b2:59:c5:
6a:c7:ff:69:c0:f4:31:08:a1:61:da:62:35:82:d5:
63:7a:af:4b:66:9e:73:23:63:e8:de:30:74:c4:ed:
e0:31:5f:66:70:66:27:fe:8e:a3:4f:c3:98:66:fc:
af:2c:0a:7d:f6:ce:e9:26:48:be:e7:12:7b:09:56:
7a:9a:f8:bc:9f:6d:5e:c1:56:a9:1b:70:cd:01:71:
87:a4:49:d1:3c:5b:31:bd:9d:77:4c:fe:7f:03:2d:
44:b9
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Key Usage: critical
Digital Signature, Key Encipherment
X509v3 Extended Key Usage:
TLS Web Server Authentication, TLS Web Client Authentication
X509v3 Basic Constraints: critical
CA:FALSE
X509v3 Subject Key Identifier:
9C:66:DB:15:43:B5:06:86:B1:00:76:AC:9E:8F:5E:C0:3C:29:87:E8
X509v3 Authority Key Identifier:
keyid:14:2E:B3:17:B7:58:56:CB:AE:50:09:40:E6:1F:AF:9D:8B:14:C2:C6
Authority Information Access:
OCSP - URI:http://r3.o.lencr.org
CA Issuers - URI:http://r3.i.lencr.org/
X509v3 Subject Alternative Name:
DNS:*.askubuntu.com, DNS:*.blogoverflow.com, DNS:*.mathoverflow.net, DNS:*.meta.stackexchange.com, DNS:*.meta.stackoverflow.com, DNS:*.serverfault.com, DNS:*.sstatic.net, DNS:*.stackexchange.com, DNS:*.stackoverflow.com, DNS:*.stackoverflow.email, DNS:*.superuser.com, DNS:askubuntu.com, DNS:blogoverflow.com, DNS:mathoverflow.net, DNS:openid.stackauth.com, DNS:serverfault.com, DNS:sstatic.net, DNS:stackapps.com, DNS:stackauth.com, DNS:stackexchange.com, DNS:stackoverflow.blog, DNS:stackoverflow.com, DNS:stackoverflow.email, DNS:stacksnippets.net, DNS:superuser.com
X509v3 Certificate Policies:
Policy: 2.23.140.1.2.1
Policy: 1.3.6.1.4.1.44947.1.1.1
CPS: http://cps.letsencrypt.org
1.3.6.1.4.1.11129.2.4.2:
......v.D.e......@....(.......1.?.3........yu.Y5.....G0E.!....Q...g^Mrv..."gK
..Y|.q.....|.. d?...#...<...k..V.]J.._.&........v.}>.....Uh$....R.y+..x...j.h.~".....yu.Y].....G0E. ~<H..../Z1..%k.;.Q$$3....m...q)..!....w...O.!............J.C.He...L
Signature Algorithm: sha256WithRSAEncryption
18:05:01:11:f4:4e:e7:51:c4:5e:91:9e:3f:ec:bd:8b:32:85:
5d:74:08:f7:98:15:74:7b:9f:80:49:79:64:a8:ea:7b:0a:0c:
25:ed:08:d0:09:23:e2:48:55:ca:10:4e:d6:d9:d4:34:c3:85:
9b:2b:d0:c4:22:b0:d4:66:bf:49:3a:6d:7e:78:b3:e6:56:c3:
18:83:f4:31:0e:62:3f:34:a6:9d:c4:82:cd:45:13:60:2d:ca:
9e:7f:5c:63:f7:e4:49:8d:1b:a2:75:cd:72:97:fb:2a:c0:c7:
62:76:46:93:5f:8c:84:a4:42:99:50:f6:ef:aa:a6:f7:ab:41:
91:5c:7a:9e:b6:59:4b:e5:b2:da:47:7e:30:30:56:6d:84:0c:
aa:7e:14:80:6f:31:4e:6f:fa:84:d4:42:0c:ab:b8:8c:c6:77:
b1:96:e8:a1:e2:ba:e3:57:e1:f8:b4:b9:40:52:e1:da:62:4c:
d3:0c:7e:41:05:75:a6:ab:9b:71:54:07:36:93:83:f8:f3:38:
ba:b3:41:eb:32:64:39:74:62:6a:d0:18:6d:f7:72:5a:3a:d5:
08:e9:29:b0:e3:44:95:ac:2e:d7:29:b6:7a:3c:df:ad:08:55:
1a:e3:ce:c7:57:fe:8f:1f:66:25:ba:59:73:83:e1:53:ac:38:
a2:4d:36:39