DOC《OpenSSL简介》

1 (0x0) Serial Number: 02:41:00:00:16 Signature Algorithm: md2WithRSAEncryption //CA同志的数字签名的算法 Issuer: C=US, O=RSA Data Security, Inc., OU=Commercial //CA自报家门 Certification Authority Validity Not Before: Nov

4 18:58:34

1994 GMT //证书的有效期 Not After : Nov

3 18:58:34

1999 GMT Subject: C=US, O=RSA Data Security, Inc., OU=Commercial Certification Authority Subject Public Key Info Public Key Algorithm: rsaEncryption RSA Public Key: (1000 bit) Modulus (1000 bit) 00:a4:fb:81:62:7b:ce:10:27:dd:e8:f7:be:6c:6e: c6:70:99:db:b8:d5:05:03:69:28:82:9c:72:7f:96: 3f:8e:ec:ac:29:92:3f:8a:14:f8:42:76:be:bd:5d: 03:b9:90:d4:d0:bc:06:b2:51:33:5f:c4:c2:bf:b6: 8b:8f:99:b6:62:22:60:dd:db:df:20:82:b4:ca:a2: 2f:2d:50:ed:94:32:de:e0:55:8d:d4:68:e2:e0:4c: d2:cd:05:16:2e:95:66:5c:61:52:38:1e:51:a8:82: a1:c4:ef:25:e9:0a:e6:8b:2b:8e:31:66:d9:f8:d9: fd:bd:3b:69:d9:eb Exponent:

65537 (0x10001) Signature Algorithm: md2WithRSAEncryption 76:b5:b6:10:fe:23:f7:f7:59:62:4b:b0:5f:9c:c1:68:bc:49: bb:b3:49:6f:21:47:5d:2b:9d:54:c4:00:28:3f:98:b9:f2:8a: 83:9b:60:7f:eb:50:c7:ab:05:10:2d:3d:ed:38:02:c1:a5:48: d2:fe:65:a0:c0:bc:ea:a6:23:16:66:6c:1b:24:a9:f3:ec:79: 35:18:4f:26:c8:e3:af:50:4a:c7:a7:31:6b:d0:7c:18:9d:50: bf:a9:26:fa:26:2b:46:9c:14:a9:bb:5b:30:98:42:28:b5:4b: 53:bb:43:09:92:40:ba:a8:aa:5a:a4:c6:b6:8b:57:4d:c5 其实这是我们看的懂的格式的证书内容,真正的证书都是加密过了的,其丑恶面容如下: -----BEGIN CERTIFICATE----- MIIDcTCCAtqgAwIBAgIBADANBgkqhkiG9w0BAQQFADCBiDELMAkGA1UEBhMCQ0gxEjAQBgNVBAgTCWd1YW5nZG9uZzESMBAGA1UEBxMJZ3Vhbmd6aG91MREwDwYDVQQKEwhhc2lhaW5mbzELMAkGA1UECxMCc3cxDjAMBgNVBAMTBWhlbnJ5MSEwHwYJKoZIhvcNAQkBFhJmb3JkZXNpZ25AMjFjbi5jb20wHhcNMDAwODMwMDc0MTU1WhcNMDEwODMwMDc0MTU1WjCBiDELMAkGA1UEBhMCQ0gxEjAQBgNVBAgTCWd1YW5nZG9uZzESMBAGA1UEBxMJZ3Vhbmd6aG91MREwDwYDVQQKEwhhc2lhaW5mbzELMAkGA1UECxMCc3cxDjAMBgNVBAMTBWhlbnJ5MSEwHwYJKoZIhvcNAQkBFhJmb3JkZXNpZ25AMjFjbi5jb20wgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAMDYArTAhLIFacYZwP30Zu63mAkgpAjVHaIsIEJ6wySIZl2THEHjJ0kS3i8lyMqcl7dUFcAXlLYi2+rdktoGjBQMOtOHv1/cmo0vzuf38+NrAZSZT9ZweJfIlp8W9uyz8Dv5hekQgXFg/l3L+HSxwNvQalaOEw2nyf45/np/QhNpAgMBAAGjgegwgeUwHQYDVR0OBBYEFKBL7xGeHQSmICH5wBrOiqNFiildMIG1BgNVHSMEga0wgaqAFKBL7xGeHQSmICH5wBrOiqNFiildoYGOpIGLMIGIMQswCQYDVQQGEwJDSDESMBAGA1UECBMJZ3Vhbmdkb25nMRIwEAYDVQQHEwlndWFuZ3pob3UxETAPBgNVBAoTCGFzaWFpbmZvMQswCQYDVQQLEwJzdzEOMAwGA1UEAxMFaGVucnkxITAfBgkqhkiG9w0BCQEWEmZvcmRlc2lnbkAyMWNuLmNvbYIBADAMBgNVHRMEBTADAQH/MA0GCSqGSIb3DQEBBAUAA4GBAGQa9HK2mixM7ML70jZr1QJUHrBoabX2AbDchb4Lt3qAgPOktTc3F+K7NgB3WSVbdqC9r3YpS23RexU1aFcHihDn73s+PfhVjpT8arC1RQDg9bDPvUUYphdQC0U+HF72/CvxGCTqpnWiqsgwxqeog0A8H3doDrffw8Zb7408+Iqf -----END CERTIFICATE----- 证书都是有寿命的.就是上面的那个NotBefore和NotAfter之间的日子.过期的证书,如果没有特殊原因,都要摆在证书回收列(certificate revocation list)里面.证书回收列,英文缩写是CRL.比如一个证书的key已经被破了,或者证书拥有者没有权力再使用该证书,该证书就要考虑作废.CRL详细记录了所有作废的证书.CRL的缺省格式是PEM格式.当然也可以输出成我们可以读的文本格式.下面有个CRL的例子. -----BEGIN X509 CRL----- MIICjTCCAfowDQYJKoZIhvcNAQECBQAwXzELMAkGA1UEBhMCVVMxIDAeBgNVBAoTF1JTQSBEYXRhIFNlY3VyaXR5LCBJbmMuMS4wLAYDVQQLEyVTZWN1cmUgU2VydmVyIENlcnRpZmljYXRpb24gQXV0aG9yaXR5Fw05NTA1MDIwMjEyMjZaFw05NTA2MDEwMDAxNDlaMIIBaDAWAgUCQQAABBcNOTUwMjAxMTcyNDI2WjAWAgUCQQAACRcNOTUwMjEwMDIxNjM5WjAWAgUCQQAADxcNOTUwMjI0MDAxMjQ5WjAWAgUCQQAADBcNOTUwMjI1MDA0NjQ0WjAWAgUCQQAAGxcNOTUwMzEzMTg0MDQ5WjAWAgUCQQAAFhcNOTUwMzE1MTkxNjU0WjAWAgUCQQAAGhcNOTUwMzE1MTk0MDQxWjAWAgUCQQAAHxcNOTUwMzI0MTk0NDMzWjAWAgUCcgAABRcNOTUwMzI5MjAwNzExWjAWAgUCcgAAERcNOTUwMzMwMDIzNDI2WjAWAgUCQQAAIBcNOTUwNDA3MDExMzIxWjAWAgUCcgAAHhcNOTUwNDA4MDAwMjU5WjAWAgUCcgAAQRcNOTUwNDI4MTcxNzI0WjAWAgUCcgAAOBcNOTUwNDI4MTcyNzIxWjAWAgUCcgAATBcNOTUwNTAyMDIxMjI2WjANBgkqhkiG9w0BAQIFAAN+AHqOEJXSDejYy0UwxxrH/9+N2z5........