网站证书文件如何被 Windows 加密读取?

网站证书文件如何被 Windows 加密读取?

我有一个由 CA 签名的 .crt 文件。我cat打开文件发现它是 ascii 文本。但是当我在 Windows 中双击 .crt 文件时,它会打开它并以某种方式显示其中的所有信息。Windows 是否会自动尝试所有已知的 CA 公钥,直到找到可以将该 .crt 文件转换为信息的公钥?我如何手动解密证书以查看信息(最好使用 Linux 命令,因为我更了解这些命令)?

答案1

根据 SSL 标准,您看到的 ASCII 字符是 ASCII 编码的证书。您可以使用多种工具来解码(而不是解密)证书;以下是示例:

[me@anni tmp]$ cat /tmp/cert
-----BEGIN CERTIFICATE-----
MIIFNDCCBBygAwIBAgIDB9RMMA0GCSqGSIb3DQEBBQUAMDwxCzAJBgNVBAYTAlVT
[many lines deleted to save space]
n0lvNATb6/RC7CmSMw5RelfVqm19YorWPeQ8c/a6uHSgYhLboPeNTA==
-----END CERTIFICATE-----
[me@anni tmp]$ openssl x509 -text -noout -in /tmp/cert
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 513100 (0x7d44c)
    Signature Algorithm: sha1WithRSAEncryption
        Issuer: C=US, O=GeoTrust, Inc., CN=RapidSSL CA
        Validity
            Not Before: Aug 16 06:07:05 2012 GMT
            Not After : Oct 16 09:42:56 2016 GMT
        Subject: serialNumber=5VXPb8ozky-0FKC/YsTB4dvcoUwVakXy, OU=GT42621204, OU=See www.rapidssl.com/resources/cps (c)12, OU=Domain Control Validated - RapidSSL(R), CN=www.teaparty.net
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                Public-Key: (2048 bit)
                Modulus:
                    00:aa:e2:fd:b3:a2:5c:fa:33:0b:fa:14:8a:3a:3d:
[...]
                    f8:01
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Authority Key Identifier: 
                keyid:6B:69:3D:6A:18:42:4A:DD:8F:02:65:39:FD:35:24:86:78:91:16:30

            X509v3 Key Usage: critical
                Digital Signature, Key Encipherment
            X509v3 Extended Key Usage: 
                TLS Web Server Authentication, TLS Web Client Authentication
            X509v3 Subject Alternative Name: 
                DNS:www.teaparty.net, DNS:teaparty.net
            X509v3 CRL Distribution Points: 

                Full Name:
                  URI:http://rapidssl-crl.geotrust.com/crls/rapidssl.crl

            X509v3 Subject Key Identifier: 
                1A:6D:59:8A:CD:C0:FD:AC:3C:D0:AF:C0:99:48:F5:5C:B9:AD:A9:E3
            X509v3 Basic Constraints: critical
                CA:FALSE
            Authority Information Access: 
                OCSP - URI:http://rapidssl-ocsp.geotrust.com
                CA Issuers - URI:http://rapidssl-aia.geotrust.com/rapidssl.crt

            X509v3 Certificate Policies: 
                Policy: 2.16.840.1.113733.1.7.54
                  CPS: http://www.geotrust.com/resources/cps

    Signature Algorithm: sha1WithRSAEncryption
         28:30:d9:19:a8:5e:8e:56:f6:98:1c:e0:be:b3:39:6e:6f:4c:
[...]
         a0:f7:8d:4c

答案2

您的 .crt 文件是 X.509 标准证书,以二进制 ASN.1 DER 格式存储,采用 Base64 编码。读取这些证书的软件知道如何解释所有这些格式并获取其中的信息。

相关内容