OpenSSL检测证书状态

因博客升级为https了 ,而且申请的是免费一年的证书,为了不让证书掉了,所以想实现检测证书状态是否过期,撤销来提醒自己来更新证书。

证书检测

openssl ocsp -issuer ca.pem -cert blog.jhonse.com.pem -url openssl x509 -in  blog.jhonse.com.pem -noout -ocsp_uri -CAfile ca.pem -header 'host' 'ocsp.int-x3.letsencrypt.org'

证书状态

撤销

blog.jhonse.com.pem: revoked
This Update: Feb 23 18:24:22 2020 GMT
Next Update: Feb 24 06:24:22 2020 GMT
Reason: keyCompromise
Revocation Time: Feb 11 17:37:40 2020 GMT
正常

blog.jhonse.com.pem: good
This Update: Feb 23 19:31:11 2020 GMT
Next Update: Feb 24 07:31:11 2020 GMT

备注

p12转pem

openssl pkcs12 -passin pass:1234 -in blog.jhonse.com.p12 -clcerts -nokeys | sed -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p' > blog.jhonse.com.pem
p12转key

openssl pkcs12 -passin pass:1234 -in blog.jhonse.com.p12 -nocerts -nodes | sed -ne '/-BEGIN PRIVATE KEY-/,/-END PRIVATE KEY-/p' > blog.jhonse.com.key
p12转ca

openssl pkcs12 -passin pass:1234 -in blog.jhonse.com.p12 -cacerts -nokeys -chain | sed -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p' > ca.pem
pem转cer 

 openssl x509 -outform der -in blog.jhonse.com.pem -out blog.jhonse.com.cer 
cer转pem

 openssl x509 -inform der -in blog.jhonse.com.cer -out blog.jhonse.com.pem 

Author: jhonse

Jhonse技术博客: http://blog.jhonse.com

Leave a Reply

Your email address will not be published. Required fields are marked *