![\"\"](\"https:\/\/www.linuxboxen.dk\/wp-content\/uploads\/2019\/11\/https_logoTP503.jpg\")
<\/p>\n<\/p>\n
<\/p>\n
Det kan v\u00e6re nyttigt at kontrollere et certifikat og en n\u00f8gle, f\u00f8r du anvender dem p\u00e5 din server. F\u00f8lgende kommandoer hj\u00e6lper med at verificere certifikatet, n\u00f8glen og CSR (anmodning om certifikatsignering).<\/p>\n
Et af de mest brugte er OpenSSL som er en opensource version af SSL protokollen.\u00a0 Der er versionen af OpenSSL for n\u00e6sten alle platforme, som Windows Linux Mac OS X. Det bliver blandet andet ogs\u00e5 bruge i Apache\/Nginx web servere med flere..<\/p>\n
Kontroller et certifikat og returner oplysninger om det (underskrivelse myndighed, udl\u00f8bsdato osv.):<\/p>\n
$ openssl x509 -in server.crt -text -noout\n$ openssl rsa -in server.crt -text -noout<\/pre>\nHer bruger vi f\u00f8rst x509 som er Certifikat display samt signing kommando.
\n-in Beskriver certifikat fil som skal l\u00e6ses.
\n-text -noout Sender output til din console.<\/p>\nFor at checke om key bruges.<\/h4>\n
$ openssl rsa -in server.key -check<\/pre>\n-check er parameteren for at checke Certifikat.<\/p>\n
RSA key ok\nwriting RSA key\n-----BEGIN RSA PRIVATE KEY-----\nMIIEpgIBAAKCAQEAzKC0AC8t\/Sw8e0GvCwcazEI74Tezxe4R1d0UgcNkC8v9Mx6S\nAQMNd6KP5tqF5fuqLAjidcPKVBtncV8ip6a2nFvwPJ9pcHpgo2H0M5Clhi1TI1+d\nZR5xCi8ZDH2c\/j67B\/mIpZ5urEY8\/ymuPpTWKXRqAC0DmqYicAjfVyawlcxnn6bS\nSQuAmtjRcMQF9lVZFepXPA02qwtP0RWpSDQ+JD9J4Kg6mO9v52vS0Wm5vIY6gHlN\nXLJMlp4CyGOwMgBO31ynsXs5PBYd4OzGJr15c9uzfNNgk6Yft6L55vDV7vRkjO1M\naBmyCxa\/ppF2Enr6G4+LZXcgM9nkWvbObzOA2QIDAQABAoeBAQCx0PxaJKV8GZK9\nMQjhNl1NHklWnsbzurt48tK9KIOp1KvEXk5V3sc3LOaLn103ywfHmDjiSS9rAx1S\n4W8F7NNG8IXEyGohudZ8Y8SHgqyz+nMCjDYEBv4H8YF83zMrpGt2tJrQAOr\/fVHI\nEfo+m6u2\/liWqoc1PiUy4iLiYtaUdCvNfHAhU79DrzXefllezQuP4\/j6f7HvMX4R\nbckkK34G8\/rG6ti4rMrgASbKqjpXbBtqn3hczKhvskTurNlN8dK4oRy53Bu2AOvi\nu4ny3r+p0lFnxxHYMiFDq4bbv\/c68dtVp9yWWOChcKiwy8QnA7vh0LZ6FfLe8VYM\nG+S1w5MZAoGBAOghoRHeyH8dRRiPcmVAG\/\/OVHIEL7EuyEKmqWSmplX2qgOyT6N2\n40iHxaiQehCHC\/0Aa2E+rJ2znMhH4nUYPjWOVA0wHUtSM+xRQQiaxqfkuw4LsHaW\nJ+o56wu53ujSpdBQdHgaKeqjmCRNGvClfJpEW9k2iHv5qrTSCTMGlh6jAoGBAOGr\nGVWVepcnwxgkpYRsS2ihhJyumQWl0V8yzXXKW8\/W1kN10isbcRcmxq32hwt5k8vH\nMOPtBS7hckCVjVvihDcirh5fDlb7tWUtI6TXE0eU7ScuXzkSk1IZaOA8O6esj6QS\nBfDNifoU1y3Ze7\/S0ZuAqIGYjszXdd9Ou+MErUZTAoGBALlBtXk8kkiYRH+gY8yY\niH\/z3AMOgj1mt54xwji4o0Ex1Q4xnUs445UL\/lxTyYcNMC0fO5NlYH+PS82vSPTo\nfyVgzIWl44ssNJIiGsPSOj7d1ccU3yUVWw\/cX1CBa3vmOTzyKLF9N\/yxyQcXnit1\n9uZrLd5BnlVK4MjkY0EcvYv\/AoGBAKXl9crewrgrt54m7LNfNaemzemthXscaq40\nl8zXReWmR3\/ydt4P33SoofizupWZ\/CgbuHpm\/Z94R1jpWLFK9e3eheh38v\/JLZJC\nu+hr4JWIC0v5kDFR0ZHSckIepbBfcH2qbfrXoK6DcakYMBxV7JgH3ljfgWNfphzT\nMdbz0jpXAoGBAL+eIRHtBVvaGMOEX+9\/ZoB+WvSgbAhwiYxTuHYUbaXHwNcuVh2t\nlEn3ExKxmP6SnVKdwKDkSxylo9uMkcNwdais7IYJ7FxMfvPpYczYy6jZn3Tc85Q6\nuIt7PCYyHDRyVtO\/MUpZpAQ1nsfYzepD\/w2GY28tGM\/Dte4ijE2kJqaz\n-----END RSA PRIVATE KEY-----\n\n<\/pre>\n<\/p>\n
Check en CSR<\/h4>\n
For at checke CSR og udskrive CSR data som er udfyldt da det blev generet CSR:<\/p>\n
$ openssl req -text -noout -verify -in server.csr\nverify OK\nCertificate Request:\nData:\nVersion: 1 (0x0)\nSubject: C = DK, ST = Denmark, L = copenhagen, O = domain.dk, OU = linux, CN = domain.dk, emailAddress = admin@domain.dk\nSubject Public Key Info:\nPublic Key Algorithm: rsaEncryption\nRSA Public-Key: (2048 bit)\nModulus:\n00:cc:a0:b4:00:2f:2d:fd:2c:3c:7b:41:af:0b:07:\n1a:cc:42:3b:e1:37:b3:c5:ee:11:d5:dd:14:81:c3:\n64:0b:cb:fd:33:1e:92:01:03:0d:77:a2:8f:e6:da:\n85:e5:fb:aa:2c:08:e2:75:c3:ca:54:1b:67:11:5f:\n22:a7:a6:b6:9c:5b:f0:4c:9f:69:70:7a:60:a3:61:\nf4:33:90:a5:86:2d:53:23:5f:9d:65:1e:71:0a:2f:\n19:0c:7d:9c:fe:3e:bb:07:f9:88:a5:9e:6e:ac:46:\n3c:ff:29:ae:3e:94:d6:29:74:6a:00:2d:03:1a:a6:\n22:70:08:df:57:26:b0:95:cc:67:9f:a6:d2:49:0b:\n80:9a:d8:d1:70:c4:05:f6:55:59:15:ea:57:3c:0d:\n36:ab:0b:4f:d1:15:a9:48:34:3e:24:3f:49:e0:a8:\n3a:98:ef:6f:e7:6b:d2:31:69:b9:bc:46:3a:80:79:\n4d:5c:b2:4c:96:9e:02:c8:63:b0:32:00:4e:df:5c:\na7:b1:7b:39:3c:16:1d:e0:ec:c2:26:bd:79:73:db:\nb3:7c:d3:60:93:a6:1f:67:a2:f9:e6:f0:d5:ee:f4:\n64:8c:ed:4c:68:19:b2:0b:16:bf:a6:91:76:12:7a:\nfa:1b:8f:8b:65:77:20:33:d9:e4:5a:f6:ce:6f:33:\n80:d9\nExponent: 65537 (0x10001)\nAttributes:\na0:00\nSignature Algorithm: sha256WithRSAEncryption\n89:a7:26:96:35:86:28:00:90:27:21:cc:1c:2f:3a:fc:88:3b:\nb4:bc:bf:ac:af:ba:a9:c3:7b:11:3f:a2:7c:de:db:e2:98:03:\nea:79:3e:ac:25:67:1b:1b:83:a0:b8:07:2e:39:ae:bb:8e:22:\n7f:87:fc:7d:95:45:bd:09:44:1f:8f:cb:ba:4f:7f:0c:00:35:\n97:bb:2a:bc:a4:4d:11:cf:dd:b8:1a:c5:2f:9d:95:a0:aa:36:\ne0:7e:07:16:fb:39:88:10:d8:81:8e:50:0e:61:dc:a7:54:1b:\n32:11:37:0a:50:ee:45:d6:16:3f:24:c6:4e:03:8d:6d:6e:78:\n32:51:94:ca:43:4e:3b:9f:c6:88:0d:de:0a:e0:f7:3b:9a:83:\n04:f6:be:d0:05:bc:af:85:58:0b:7e:56:08:2c:cd:7b:ae:0b:\n5d:7e:90:86:c3:1c:c1:cb:9b:f8:5d:4b:16:7f:53:bf:d6:6d:\nc5:f8:6f:ad:be:35:2c:5c:47:c9:35:44:c0:e1:cb:44:8f:d5:\n6d:5a:e4:0e:31:ed:ee:b4:3c:ec:86:4b:69:0c:3b:55:01:90:\n7a:8d:51:25:4a:4a:41:2a:fe:5e:cc:22:bb:ee:93:b2:89:0f:\n8f:9d:6e:77:6b:03:07:b7:21:31:91:16:40:0d:20:97:9c:ba:\n41:31:66:43\n\n<\/pre>\n<\/p>\n
Check at certifikat og key passer sammen.<\/h4>\n
Disse to kommandoer udskriver md5 -kontrolsummer af certifikatet og n\u00f8glen; kontrolsummen kan sammenlignes for at kontrollere, at certifikatet og n\u00f8glen matcher.<\/p>\n
$ openssl x509 -noout -modulus -in server.crt| openssl md5\n$ openssl rsa -noout -modulus -in server.key| openssl md5<\/pre>\nMere om certifikater her https:\/\/www.linuxboxen.dk\/?page_id=31835&preview=true<\/a><\/p>\n