是否可以检查 SSL 密钥的过期时间？

Question

密钥不会过期。证书会过期。证书是二进制数据。如果没有工具，它们是无法被人类读取的。

根据证书的编码方式，您可以将其重命名.cer并在 Windows 上打开它。然后它会向您显示证书中的所有数据。

使用 OpenSSL，您可以在命令行上检查证书：

openssl x509 -text -noout -in cert.pem

OpenSSL 基本上适用于所有内容，但您可能必须先安装它。

你会得到类似这样的结果：

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            04:11:24:0f:88:1e:34:22:06:94:05:d0:74:e5:be:96:00:ec
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: C=US, O=Let's Encrypt, CN=R3
        Validity
            Not Before: May 16 13:25:30 2021 GMT
            Not After : Aug 14 13:25:30 2021 GMT
        Subject: CN=*.stackexchange.com
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                Public-Key: (2048 bit)
                Modulus:
                    00:b6:91:0f:2e:ad:e9:c1:d3:44:32:5a:a3:2d:f7:
                    ca:2f:25:6e:6b:e0:ca:39:d9:63:36:1e:b7:d1:21:
                    ae:cb:43:12:aa:11:80:dc:3b:30:a9:7b:02:ed:66:
                    c5:42:ea:b3:9b:61:5d:17:2f:4f:36:d4:fd:7e:df:
                    ae:da:97:7d:23:e0:e0:f4:be:19:83:9e:a3:1b:2b:
                    32:a3:11:74:40:6c:dd:e3:ef:20:ee:2d:dc:0f:c2:
                    49:ce:89:fe:b2:fb:5f:c4:66:55:b5:4e:8b:23:2a:
                    79:33:2b:e7:94:7f:5d:2a:d8:ea:45:11:35:63:e5:
                    b6:69:b6:6d:b4:05:50:f8:15:76:36:6c:97:c6:d8:
                    61:6d:91:18:8a:69:a0:7a:71:aa:4c:d6:fb:b0:d9:
                    58:8f:f2:f9:e1:c9:9d:54:3d:82:60:81:b2:59:c5:
                    6a:c7:ff:69:c0:f4:31:08:a1:61:da:62:35:82:d5:
                    63:7a:af:4b:66:9e:73:23:63:e8:de:30:74:c4:ed:
                    e0:31:5f:66:70:66:27:fe:8e:a3:4f:c3:98:66:fc:
                    af:2c:0a:7d:f6:ce:e9:26:48:be:e7:12:7b:09:56:
                    7a:9a:f8:bc:9f:6d:5e:c1:56:a9:1b:70:cd:01:71:
                    87:a4:49:d1:3c:5b:31:bd:9d:77:4c:fe:7f:03:2d:
                    44:b9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Key Usage: critical
                Digital Signature, Key Encipherment
            X509v3 Extended Key Usage: 
                TLS Web Server Authentication, TLS Web Client Authentication
            X509v3 Basic Constraints: critical
                CA:FALSE
            X509v3 Subject Key Identifier: 
                9C:66:DB:15:43:B5:06:86:B1:00:76:AC:9E:8F:5E:C0:3C:29:87:E8
            X509v3 Authority Key Identifier: 
                keyid:14:2E:B3:17:B7:58:56:CB:AE:50:09:40:E6:1F:AF:9D:8B:14:C2:C6

            Authority Information Access: 
                OCSP - URI:http://r3.o.lencr.org
                CA Issuers - URI:http://r3.i.lencr.org/

            X509v3 Subject Alternative Name: 
                DNS:*.askubuntu.com, DNS:*.blogoverflow.com, DNS:*.mathoverflow.net, DNS:*.meta.stackexchange.com, DNS:*.meta.stackoverflow.com, DNS:*.serverfault.com, DNS:*.sstatic.net, DNS:*.stackexchange.com, DNS:*.stackoverflow.com, DNS:*.stackoverflow.email, DNS:*.superuser.com, DNS:askubuntu.com, DNS:blogoverflow.com, DNS:mathoverflow.net, DNS:openid.stackauth.com, DNS:serverfault.com, DNS:sstatic.net, DNS:stackapps.com, DNS:stackauth.com, DNS:stackexchange.com, DNS:stackoverflow.blog, DNS:stackoverflow.com, DNS:stackoverflow.email, DNS:stacksnippets.net, DNS:superuser.com
            X509v3 Certificate Policies: 
                Policy: 2.23.140.1.2.1
                Policy: 1.3.6.1.4.1.44947.1.1.1
                  CPS: http://cps.letsencrypt.org

            1.3.6.1.4.1.11129.2.4.2: 
                ......v.D.e......@....(.......1.?.3........yu.Y5.....G0E.!....Q...g^Mrv..."gK
..Y|.q.....|.. d?...#...<...k..V.]J.._.&........v.}>.....Uh$....R.y+..x...j.h.~".....yu.Y].....G0E. ~<H..../Z1..%k.;.Q$$3....m...q)..!....w...O.!............J.C.He...L
    Signature Algorithm: sha256WithRSAEncryption
         18:05:01:11:f4:4e:e7:51:c4:5e:91:9e:3f:ec:bd:8b:32:85:
         5d:74:08:f7:98:15:74:7b:9f:80:49:79:64:a8:ea:7b:0a:0c:
         25:ed:08:d0:09:23:e2:48:55:ca:10:4e:d6:d9:d4:34:c3:85:
         9b:2b:d0:c4:22:b0:d4:66:bf:49:3a:6d:7e:78:b3:e6:56:c3:
         18:83:f4:31:0e:62:3f:34:a6:9d:c4:82:cd:45:13:60:2d:ca:
         9e:7f:5c:63:f7:e4:49:8d:1b:a2:75:cd:72:97:fb:2a:c0:c7:
         62:76:46:93:5f:8c:84:a4:42:99:50:f6:ef:aa:a6:f7:ab:41:
         91:5c:7a:9e:b6:59:4b:e5:b2:da:47:7e:30:30:56:6d:84:0c:
         aa:7e:14:80:6f:31:4e:6f:fa:84:d4:42:0c:ab:b8:8c:c6:77:
         b1:96:e8:a1:e2:ba:e3:57:e1:f8:b4:b9:40:52:e1:da:62:4c:
         d3:0c:7e:41:05:75:a6:ab:9b:71:54:07:36:93:83:f8:f3:38:
         ba:b3:41:eb:32:64:39:74:62:6a:d0:18:6d:f7:72:5a:3a:d5:
         08:e9:29:b0:e3:44:95:ac:2e:d7:29:b6:7a:3c:df:ad:08:55:
         1a:e3:ce:c7:57:fe:8f:1f:66:25:ba:59:73:83:e1:53:ac:38:
         a2:4d:36:39

Answer 1

密钥不会过期。证书会过期。证书是二进制数据。如果没有工具，它们是无法被人类读取的。

根据证书的编码方式，您可以将其重命名.cer并在 Windows 上打开它。然后它会向您显示证书中的所有数据。

使用 OpenSSL，您可以在命令行上检查证书：

openssl x509 -text -noout -in cert.pem

OpenSSL 基本上适用于所有内容，但您可能必须先安装它。

你会得到类似这样的结果：

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            04:11:24:0f:88:1e:34:22:06:94:05:d0:74:e5:be:96:00:ec
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: C=US, O=Let's Encrypt, CN=R3
        Validity
            Not Before: May 16 13:25:30 2021 GMT
            Not After : Aug 14 13:25:30 2021 GMT
        Subject: CN=*.stackexchange.com
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                Public-Key: (2048 bit)
                Modulus:
                    00:b6:91:0f:2e:ad:e9:c1:d3:44:32:5a:a3:2d:f7:
                    ca:2f:25:6e:6b:e0:ca:39:d9:63:36:1e:b7:d1:21:
                    ae:cb:43:12:aa:11:80:dc:3b:30:a9:7b:02:ed:66:
                    c5:42:ea:b3:9b:61:5d:17:2f:4f:36:d4:fd:7e:df:
                    ae:da:97:7d:23:e0:e0:f4:be:19:83:9e:a3:1b:2b:
                    32:a3:11:74:40:6c:dd:e3:ef:20:ee:2d:dc:0f:c2:
                    49:ce:89:fe:b2:fb:5f:c4:66:55:b5:4e:8b:23:2a:
                    79:33:2b:e7:94:7f:5d:2a:d8:ea:45:11:35:63:e5:
                    b6:69:b6:6d:b4:05:50:f8:15:76:36:6c:97:c6:d8:
                    61:6d:91:18:8a:69:a0:7a:71:aa:4c:d6:fb:b0:d9:
                    58:8f:f2:f9:e1:c9:9d:54:3d:82:60:81:b2:59:c5:
                    6a:c7:ff:69:c0:f4:31:08:a1:61:da:62:35:82:d5:
                    63:7a:af:4b:66:9e:73:23:63:e8:de:30:74:c4:ed:
                    e0:31:5f:66:70:66:27:fe:8e:a3:4f:c3:98:66:fc:
                    af:2c:0a:7d:f6:ce:e9:26:48:be:e7:12:7b:09:56:
                    7a:9a:f8:bc:9f:6d:5e:c1:56:a9:1b:70:cd:01:71:
                    87:a4:49:d1:3c:5b:31:bd:9d:77:4c:fe:7f:03:2d:
                    44:b9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Key Usage: critical
                Digital Signature, Key Encipherment
            X509v3 Extended Key Usage: 
                TLS Web Server Authentication, TLS Web Client Authentication
            X509v3 Basic Constraints: critical
                CA:FALSE
            X509v3 Subject Key Identifier: 
                9C:66:DB:15:43:B5:06:86:B1:00:76:AC:9E:8F:5E:C0:3C:29:87:E8
            X509v3 Authority Key Identifier: 
                keyid:14:2E:B3:17:B7:58:56:CB:AE:50:09:40:E6:1F:AF:9D:8B:14:C2:C6

            Authority Information Access: 
                OCSP - URI:http://r3.o.lencr.org
                CA Issuers - URI:http://r3.i.lencr.org/

            X509v3 Subject Alternative Name: 
                DNS:*.askubuntu.com, DNS:*.blogoverflow.com, DNS:*.mathoverflow.net, DNS:*.meta.stackexchange.com, DNS:*.meta.stackoverflow.com, DNS:*.serverfault.com, DNS:*.sstatic.net, DNS:*.stackexchange.com, DNS:*.stackoverflow.com, DNS:*.stackoverflow.email, DNS:*.superuser.com, DNS:askubuntu.com, DNS:blogoverflow.com, DNS:mathoverflow.net, DNS:openid.stackauth.com, DNS:serverfault.com, DNS:sstatic.net, DNS:stackapps.com, DNS:stackauth.com, DNS:stackexchange.com, DNS:stackoverflow.blog, DNS:stackoverflow.com, DNS:stackoverflow.email, DNS:stacksnippets.net, DNS:superuser.com
            X509v3 Certificate Policies: 
                Policy: 2.23.140.1.2.1
                Policy: 1.3.6.1.4.1.44947.1.1.1
                  CPS: http://cps.letsencrypt.org

            1.3.6.1.4.1.11129.2.4.2: 
                ......v.D.e......@....(.......1.?.3........yu.Y5.....G0E.!....Q...g^Mrv..."gK
..Y|.q.....|.. d?...#...<...k..V.]J.._.&........v.}>.....Uh$....R.y+..x...j.h.~".....yu.Y].....G0E. ~<H..../Z1..%k.;.Q$$3....m...q)..!....w...O.!............J.C.He...L
    Signature Algorithm: sha256WithRSAEncryption
         18:05:01:11:f4:4e:e7:51:c4:5e:91:9e:3f:ec:bd:8b:32:85:
         5d:74:08:f7:98:15:74:7b:9f:80:49:79:64:a8:ea:7b:0a:0c:
         25:ed:08:d0:09:23:e2:48:55:ca:10:4e:d6:d9:d4:34:c3:85:
         9b:2b:d0:c4:22:b0:d4:66:bf:49:3a:6d:7e:78:b3:e6:56:c3:
         18:83:f4:31:0e:62:3f:34:a6:9d:c4:82:cd:45:13:60:2d:ca:
         9e:7f:5c:63:f7:e4:49:8d:1b:a2:75:cd:72:97:fb:2a:c0:c7:
         62:76:46:93:5f:8c:84:a4:42:99:50:f6:ef:aa:a6:f7:ab:41:
         91:5c:7a:9e:b6:59:4b:e5:b2:da:47:7e:30:30:56:6d:84:0c:
         aa:7e:14:80:6f:31:4e:6f:fa:84:d4:42:0c:ab:b8:8c:c6:77:
         b1:96:e8:a1:e2:ba:e3:57:e1:f8:b4:b9:40:52:e1:da:62:4c:
         d3:0c:7e:41:05:75:a6:ab:9b:71:54:07:36:93:83:f8:f3:38:
         ba:b3:41:eb:32:64:39:74:62:6a:d0:18:6d:f7:72:5a:3a:d5:
         08:e9:29:b0:e3:44:95:ac:2e:d7:29:b6:7a:3c:df:ad:08:55:
         1a:e3:ce:c7:57:fe:8f:1f:66:25:ba:59:73:83:e1:53:ac:38:
         a2:4d:36:39

是否可以检查 SSL 密钥的过期时间？

答案1

相关内容