域名证书文件包含两段证书
生活随笔
收集整理的這篇文章主要介紹了
域名证书文件包含两段证书
小編覺得挺不錯(cuò)的,現(xiàn)在分享給大家,幫大家做個(gè)參考.
域名證書文件包含兩段證書
通過阿里云生成一個(gè)單域名證書的文件
一、單域名證書文件
1.1、證書內(nèi)容
pem]$ cat 2048227_www.xxx.com.cn.pem
-----BEGIN CERTIFICATE-----
MIIFmDCCBICgAwIBAgIQCEZS6MCdneB/9dgvdbLKLDANBgkqhkiG9w0BAQsFADBu
......
q9kYr+G8Ga0ILktc0/kgDeEEYCiMj0GCdKfAdEBCWsmSo9LFMqcSCr+zUSw=
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
MIIEqjCCA5KgAwIBAgIQAnmsRYvBskWr+YBTzSybsTANBgkqhkiG9w0BAQsFADBh
......
rMKWaBFLmfK/AHNF4ZihwPGOc7w6UHczBZXH5RFzJNnww+WnKuTPI0HfnVH8lg==
-----END CERTIFICATE-----
1.2、將這兩段證書分別寫入到文件查看
第一段證書
這段證書是Encryption Everywhere DV TLS CA - G1頒發(fā)給www.xxx.com.cn的
pem]$ openssl x509 -in 1.pem -text
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
......
Signature Algorithm: sha256WithRSAEncryption
Issuer: C = US, O = DigiCert Inc, OU = www.digicert.com, CN = Encryption Everywhere DV TLS CA - G1
Validity
Not Before: Apr 11 00:00:00 2019 GMT
Not After : Apr 10 12:00:00 2020 GMT
Subject: CN = www.xxx.com.cn
Subject Public Key Info:
......
X509v3 extensions:
......
Signature Algorithm: sha256WithRSAEncryption
......
第二段證書
這段證書是DigiCert Global Root CA頒發(fā)給Encryption Everywhere DV TLS CA - G1的
pem]$ openssl x509 -in 2.pem -text
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
02:79:ac:45:8b:c1:b2:45:ab:f9:80:53:cd:2c:9b:b1
Signature Algorithm: sha256WithRSAEncryption
Issuer: C = US, O = DigiCert Inc, OU = www.digicert.com, CN = DigiCert Global Root CA
Validity
Not Before: Nov 27 12:46:10 2017 GMT
Not After : Nov 27 12:46:10 2027 GMT
Subject: C = US, O = DigiCert Inc, OU = www.digicert.com, CN = Encryption Everywhere DV TLS CA - G1
Subject Public Key Info:
......
X509v3 extensions:
......
Signature Algorithm: sha256WithRSAEncryption
......
1.3、所以
所以DigiCert Global Root CA是根CA;Encryption Everywhere DV TLS CA - G1是小弟,中級(jí)CA;中級(jí)CA給www.xxx.com.cn域名辦法域名證書
二、通配域名證書文件
使用letsencrypt生成的通配證書:xxx.com *.xxx.com
2.1、證書內(nèi)容
也是兩段證書
-----BEGIN CERTIFICATE-----
MIIFXjCCBEagAwIBAgISAybDGjCLRsJDjUnQ1qNen2QbMA0GCSqGSIb3DQEBCwUA
......
kbCSfpYWgkJhFbHnVsP8LKn9ftgudQEKJRfEEGzLwEbw9w==
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
MIIEkjCCA3qgAwIBAgIQCgFBQgAAAVOFc2oLheynCDANBgkqhkiG9w0BAQsFADA/
......
KOqkqm57TH2H3eDJAkSnh6/DNFu0Qg==
-----END CERTIFICATE-----
2.2將這兩段證書分別寫入文件查看
第一段證書
Let's Encrypt Authority X3給xxx.com頒發(fā)的
[root@ubuntu ~]$ openssl x509 -in 1.pem -text
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
......
Signature Algorithm: sha256WithRSAEncryption
Issuer: C = US, O = Let's Encrypt, CN = Let's Encrypt Authority X3
Validity
Not Before: Jun 22 22:32:16 2020 GMT
Not After : Sep 20 22:32:16 2020 GMT
Subject: CN = xxx.com
Subject Public Key Info:
......
X509v3 extensions:
......
Signature Algorithm: sha256WithRSAEncryption
......
第二段
DST Root CA X3給Let's Encrypt Authority X3頒發(fā)的中間CA
[root@ubuntu ~]$ openssl x509 -in 2.pem -text
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
0a:01:41:42:00:00:01:53:85:73:6a:0b:85:ec:a7:08
Signature Algorithm: sha256WithRSAEncryption
Issuer: O = Digital Signature Trust Co., CN = DST Root CA X3
Validity
Not Before: Mar 17 16:40:46 2016 GMT
Not After : Mar 17 16:40:46 2021 GMT
Subject: C = US, O = Let's Encrypt, CN = Let's Encrypt Authority X3
Subject Public Key Info:
......
X509v3 extensions:
......
Signature Algorithm: sha256WithRSAEncryption
......
1.3、所以
所以DST Root CA X3是根CA,它給Let's Encrypt Authority X3頒發(fā)的中間CA,Let's Encrypt Authority X3給xxx.com頒發(fā)證書
三、所以
每個(gè)域名證書里面都要有中間CA證書證書那一段
總結(jié)
以上是生活随笔為你收集整理的域名证书文件包含两段证书的全部內(nèi)容,希望文章能夠幫你解決所遇到的問題。
- 上一篇: 现代编程语言:zig
- 下一篇: 常用RGB色值表