certificate - 如何解码自签名证书

Question

在创建公私钥对和证书时，通常我们看到的证书是这样的:

        -----BEGIN CERTIFICATE-----
        XXX
        XXX
        ...
        XXX
        -----END CERTIFICATE-----

如果我理解正确的话，证书应该包含很多信息，比如颁发者、时间、算法、公钥等。

谁能告诉我浏览器如何解码这个证书？

Answer 1

大多数编程语言都具有执行此操作的函数，或者您可以使用 OpenSSL 命令行实用程序。

例如，在 PHP 中，您可以使用 openssl_x509_parse() 函数，

这是用于获取证书信息的list of OpenSSL commands。大多数编程语言都允许您调用系统命令，例如 openssl。

以下是页面被删除时的链接信息:

# Using the -text option will give you the full breadth of information.
openssl x509 -text -in cert.pem

# who issued the cert?
openssl x509 -noout -in cert.pem -issuer

# to whom was it issued?
openssl x509 -noout -in cert.pem -subject

# for what dates is it valid?
openssl x509 -noout -in cert.pem -dates

# the above, all at once
openssl x509 -noout -in cert.pem -issuer -subject -dates

# what is its hash value?
openssl x509 -noout -in cert.pem -hash

# what is its MD5 fingerprint?
openssl x509 -noout -in cert.pem -fingerprint

以下是在 PayPal API 公钥上运行时 -text full info 选项的输出:

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 0 (0x0)
        Signature Algorithm: sha1WithRSAEncryption
        Issuer: C=US, ST=CA, L=Mountain View, O=PayPal Inc., OU=live_certs, CN=live_api/<a href="https://stackoverflow.com/cdn-cgi/l/email-protection" class="__cf_email__" data-cfemail="046169656d68456060766177773976614474657d7465682a676b69" rel="noreferrer noopener nofollow">[email protected]</a>
        Validity
            Not Before: Feb 13 10:13:15 2004 GMT
            Not After : Feb 13 10:13:15 2035 GMT
        Subject: C=US, ST=CA, L=Mountain View, O=PayPal Inc., OU=live_certs, CN=live_api/<a href="https://stackoverflow.com/cdn-cgi/l/email-protection" class="__cf_email__" data-cfemail="1f7a727e76735e7b7b6d7a6c6c226d7a5f6f7e666f7e73317c7072" rel="noreferrer noopener nofollow">[email protected]</a>
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
            RSA Public Key: (1024 bit)
                Modulus (1024 bit):
                    00:c1:47:4e:dd:fc:44:cc:4b:5c:9c:8e:d9:29:92:
                    f8:d7:65:ef:64:fb:a0:a2:78:bb:8b:b0:fb:a6:b0:
                    9e:d0:0b:5a:1d:37:3d:ec:26:20:9b:b3:6c:02:d2:
                    72:c4:d2:e2:c6:68:4b:57:ca:72:20:46:a2:1d:75:
                    80:87:c7:cf:29:6f:91:d3:5e:fe:12:65:eb:af:d1:
                    1a:aa:e3:e6:b1:5b:d3:cb:00:00:13:53:cc:34:e2:
                    aa:a3:69:25:e0:6c:62:cf:dc:d9:a8:86:a3:3a:6d:
                    5f:64:65:9c:19:2d:1f:e4:94:36:90:1a:8d:6e:f6:
                    e0:db:f6:5a:f8:62:7f:ab:05
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                96:9F:7C:BB:C6:6F:17:BD:59:3F:52:D7:0A:1B:EC:10:D6:64:94:6B
            X509v3 Authority Key Identifier:
                keyid:96:9F:7C:BB:C6:6F:17:BD:59:3F:52:D7:0A:1B:EC:10:D6:64:94:6B
                DirName:/C=US/ST=CA/L=Mountain View/O=PayPal Inc./OU=live_certs/CN=live_api/<a href="https://stackoverflow.com/cdn-cgi/l/email-protection" class="__cf_email__" data-cfemail="debbb3bfb7b29fbabaacbbadade3acbb9eaebfa7aebfb2f0bdb1b3" rel="noreferrer noopener nofollow">[email protected]</a>
                serial:00

            X509v3 Basic Constraints:
                CA:TRUE
    Signature Algorithm: sha1WithRSAEncryption
        81:5f:3a:56:9a:80:5a:e5:ef:5f:a3:ab:a3:8a:89:d6:d6:15:
        21:3e:43:81:6a:44:eb:dd:80:83:8d:b6:1f:bc:91:22:bf:fd:
        8f:f8:8a:1b:84:e1:89:af:ce:7e:5c:78:4d:d2:fe:20:52:41:
        03:23:ca:f6:fe:b3:64:d6:6d:06:03:c1:ca:75:db:d3:8f:21:
        b0:fd:7a:97:6b:e2:d2:4e:50:d8:92:a2:3c:3b:04:7c:18:46:
        23:e1:e7:c4:b5:c4:69:45:80:71:57:c2:b1:01:6f:77:60:35:
        b3:14:6b:eb:b8:a9:e7:2d:b0:c0:17:a5:51:e7:0f:dc:08:c9:
        f9:87
-----BEGIN CERTIFICATE-----
MIIDgzCCAuygAwIBAgIBADANBgkqhkiG9w0BAQUFADCBjjELMAkGA1UEBhMCVVMx
CzAJBgNVBAgTAkNBMRYwFAYDVQQHEw1Nb3VudGFpbiBWaWV3MRQwEgYDVQQKEwtQ
YXlQYWwgSW5jLjETMBEGA1UECxQKbGl2ZV9jZXJ0czERMA8GA1UEAxQIbGl2ZV9h
cGkxHDAaBgkqhkiG9w0BCQEWDXJlQHBheXBhbC5jb20wHhcNMDQwMjEzMTAxMzE1
WhcNMzUwMjEzMTAxMzE1WjCBjjELMAkGA1UEBhMCVVMxCzAJBgNVBAgTAkNBMRYw
FAYDVQQHEw1Nb3VudGFpbiBWaWV3MRQwEgYDVQQKEwtQYXlQYWwgSW5jLjETMBEG
A1UECxQKbGl2ZV9jZXJ0czERMA8GA1UEAxQIbGl2ZV9hcGkxHDAaBgkqhkiG9w0B
CQEWDXJlQHBheXBhbC5jb20wgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAMFH
Tt38RMxLXJyO2SmS+Ndl72T7oKJ4u4uw+6awntALWh03PewmIJuzbALScsTS4sZo
S1fKciBGoh11gIfHzylvkdNe/hJl66/RGqrj5rFb08sAABNTzDTiqqNpJeBsYs/c
2aiGozptX2RlnBktH+SUNpAajW724Nv2Wvhif6sFAgMBAAGjge4wgeswHQYDVR0O
BBYEFJaffLvGbxe9WT9S1wob7BDWZJRrMIG7BgNVHSMEgbMwgbCAFJaffLvGbxe9
WT9S1wob7BDWZJRroYGUpIGRMIGOMQswCQYDVQQGEwJVUzELMAkGA1UECBMCQ0Ex
FjAUBgNVBAcTDU1vdW50YWluIFZpZXcxFDASBgNVBAoTC1BheVBhbCBJbmMuMRMw
EQYDVQQLFApsaXZlX2NlcnRzMREwDwYDVQQDFAhsaXZlX2FwaTEcMBoGCSqGSIb3
DQEJARYNcmVAcGF5cGFsLmNvbYIBADAMBgNVHRMEBTADAQH/MA0GCSqGSIb3DQEB
BQUAA4GBAIFfOlaagFrl71+jq6OKidbWFSE+Q4FqROvdgIONth+8kSK//Y/4ihuE
4Ymvzn5ceE3S/iBSQQMjyvb+s2TWbQYDwcp129OPIbD9epdr4tJOUNiSojw7BHwY
RiPh58S1xGlFgHFXwrEBb3dgNbMUa+u4qectsMAXpVHnD9wIyfmH
-----END CERTIFICATE-----