サーバー証明書の中身を見る(windows10)

  • このエントリーをはてなブックマークに追加

任天堂ホームページ (nintendo.co.jp) ExternalLinkのサーバー証明書の中身を見てみる。
windows10において、Git Bash上でコマンドを実行してサーバー証明書の中身を見た。
使用したGit Bashのバージョンは「git version 2.40.0.windows.1」である。

RFC3280では、電子証明書はX.509ver3の形式が用いられると書いてある。
任天堂のX.509はVersion: 3 (0x2)となっているな。
X509v3 CRL Distribution Points(CRLの配布ポイント)が設定されている。
X509v3 CRL Distribution Points(CRLの配布ポイント)はX.509証明書の拡張フィールドの1つである。
X509v3 CRL Distribution Points拡張フィールドは、CRLがどこで入手可能かを示すために使用される。このフィールドには、CRLのダウンロードに使用するURLやファイルパスなどの情報が含まれる。




$ openssl x509 -in www-nintendo-co-jp.pem -text -noout
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            04:4d:69:30:8a:da:e0:45:85:d0:27:cf:e5:fc:e6:fb
        Signature Algorithm: sha256WithRSAEncryption
        Issuer: C = US, O = DigiCert Inc, CN = DigiCert TLS RSA SHA256 2020 CA1
        Validity
            Not Before: Feb 21 00:00:00 2023 GMT
            Not After : Mar 23 23:59:59 2024 GMT
        Subject: C = JP, ST = Kyoto, L = Kyoto, O = "Nintendo Co., Ltd.", CN = www.nintendo.co.jp
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ba:80:a1:fd:17:aa:ec:0b:20:51:2d:4c:0c:d7:
                    f8:a7:70:7a:e0:8d:f3:ed:7b:11:44:8f:6f:2d:83:
                    e2:4d:33:76:46:37:1b:62:a8:b4:fd:f6:77:48:80:
                    f0:44:c4:81:a4:05:41:08:80:ea:44:02:e3:48:56:
                    ba:41:83:fd:20:b4:b4:d4:fd:64:fe:13:73:a6:73:
                    62:ae:20:62:53:f9:42:7d:5f:f5:a3:a7:57:30:fe:
                    67:dc:b2:fe:c0:ba:0a:25:d2:33:c3:2b:6d:63:a7:
                    dc:15:31:b2:52:14:c8:2a:8a:66:76:a5:8f:5f:13:
                    41:63:ea:f6:2f:70:6c:6a:b4:91:84:20:16:c8:b8:
                    46:00:d1:65:a3:64:cc:75:ed:86:ab:a8:ea:3e:4e:
                    64:2c:e6:57:ce:72:c8:27:7c:f2:ad:66:e4:0c:47:
                    f4:49:1f:a1:10:44:76:b0:cc:a4:8d:2d:26:fc:91:
                    90:dd:3e:c4:d6:8e:49:28:92:a8:38:ab:72:1e:bb:
                    cf:de:2d:9b:68:00:cb:0f:3d:2b:66:75:bd:6e:ad:
                    92:e9:ce:80:d9:2c:b4:49:c1:dd:9d:cb:9a:df:5e:
                    72:86:35:e2:fc:58:e4:18:8d:e3:52:fd:93:f9:79:
                    17:bd:c2:33:c5:e7:38:b6:6a:20:cc:18:19:0c:cf:
                    0d:e7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Authority Key Identifier:
                keyid:B7:6B:A2:EA:A8:AA:84:8C:79:EA:B4:DA:0F:98:B2:C5:95:76:B9:F4

            X509v3 Subject Key Identifier:
                EC:DD:40:BC:CC:14:3B:94:2B:C7:9B:A4:22:2A:20:C8:C2:FD:A6:2B
            X509v3 Subject Alternative Name:
                DNS:www.nintendo.co.jp, DNS:store.nintendo.co.jp
            X509v3 Key Usage: critical
                Digital Signature, Key Encipherment
            X509v3 Extended Key Usage:
                TLS Web Server Authentication, TLS Web Client Authentication
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:http://crl3.digicert.com/DigiCertTLSRSASHA2562020CA1-4.crl

                Full Name:
                  URI:http://crl4.digicert.com/DigiCertTLSRSASHA2562020CA1-4.crl

            X509v3 Certificate Policies:
                Policy: 2.23.140.1.2.2
                  CPS: http://www.digicert.com/CPS

            Authority Information Access:
                OCSP - URI:http://ocsp.digicert.com
                CA Issuers - URI:http://cacerts.digicert.com/DigiCertTLSRSASHA2562020CA1-1.crt

            X509v3 Basic Constraints:
                CA:FALSE
            CT Precertificate SCTs:
                Signed Certificate Timestamp:
                    Version   : v1 (0x0)
                    Log ID    : 76:FF:88:3F:0A:B6:FB:95:51:C2:61:CC:F5:87:BA:34:
                                B4:A4:CD:BB:29:DC:68:42:0A:9F:E6:67:4C:5A:3A:74
                    Timestamp : Feb 21 05:08:59.728 2023 GMT
                    Extensions: none
                    Signature : ecdsa-with-SHA256
                                30:45:02:20:5D:09:8B:8F:AC:F1:4B:DE:E1:DE:1B:73:
                                DB:0A:0F:36:82:AF:34:CD:4F:FF:03:45:9F:FA:CB:86:
                                61:C7:D2:B8:02:21:00:B3:EA:03:C2:0D:6F:10:6D:09:
                                A1:E1:6C:F8:7A:47:3F:41:86:D6:DB:BF:B4:CE:8A:D2:
                                D8:7E:A8:6B:01:29:60
                Signed Certificate Timestamp:
                    Version   : v1 (0x0)
                    Log ID    : 73:D9:9E:89:1B:4C:96:78:A0:20:7D:47:9D:E6:B2:C6:
                                1C:D0:51:5E:71:19:2A:8C:6B:80:10:7A:C1:77:72:B5
                    Timestamp : Feb 21 05:08:59.782 2023 GMT
                    Extensions: none
                    Signature : ecdsa-with-SHA256
                                30:45:02:21:00:D7:C5:7C:F9:B3:7A:85:3B:30:08:C8:
                                C4:46:E5:F4:67:70:12:25:C8:30:E3:95:E2:83:E0:C6:
                                34:F2:74:29:35:02:20:75:D6:6B:6B:AC:8E:73:08:3D:
                                D7:54:94:44:E4:FA:7D:F3:31:E3:1B:54:E7:8B:B9:9A:
                                E6:17:41:8A:35:54:4F
                Signed Certificate Timestamp:
                    Version   : v1 (0x0)
                    Log ID    : 48:B0:E3:6B:DA:A6:47:34:0F:E5:6A:02:FA:9D:30:EB:
                                1C:52:01:CB:56:DD:2C:81:D9:BB:BF:AB:39:D8:84:73
                    Timestamp : Feb 21 05:08:59.722 2023 GMT
                    Extensions: none
                    Signature : ecdsa-with-SHA256
                                30:45:02:21:00:9C:C9:67:22:36:68:4C:A7:A2:DD:54:
                                18:25:49:4D:B9:8B:04:2B:36:0E:B7:92:D7:16:56:82:
                                EC:3E:A8:21:91:02:20:4C:15:ED:53:AD:A5:84:CC:86:
                                97:41:55:93:0F:D4:FB:9F:28:43:AE:09:87:66:56:A9:
                                87:08:00:09:9B:AD:C9
    Signature Algorithm: sha256WithRSAEncryption
         ae:f4:44:6e:9b:4d:01:3f:b3:35:72:d0:b5:37:47:12:ef:73:
         5d:5e:9a:ea:dd:c6:6d:40:b5:5e:f0:31:14:60:9c:61:e9:cc:
         e5:e7:b6:11:9b:e7:d3:64:5f:df:d8:93:17:ce:b6:a0:08:20:
         6e:85:51:c7:ec:7b:57:af:a8:16:f9:1f:cb:c9:21:ed:59:f3:
         8b:f8:42:12:47:95:09:7a:75:21:89:bb:86:ee:e1:2f:66:2d:
         10:30:40:58:1d:66:ad:13:cb:ee:f6:ca:aa:89:46:88:b1:c7:
         f4:cb:e4:eb:d9:79:cf:95:37:44:8a:15:e5:da:48:20:47:14:
         ba:58:74:93:c2:88:18:3f:89:8a:cf:a7:d8:c0:4b:ae:96:6f:
         7b:48:53:b3:19:1d:b5:52:ff:a1:88:9f:46:ea:e7:11:dd:da:
         ca:48:54:e8:8a:f1:15:74:9c:a1:82:12:dc:00:8a:c1:20:74:
         8a:9f:3b:5e:51:74:c0:30:f1:9e:f2:ec:92:da:ef:39:1b:08:
         62:9f:50:4c:53:28:bf:bb:d7:fa:14:f9:3d:47:b2:55:3b:a8:
         d9:92:78:c7:99:d6:9f:e1:42:a8:da:17:65:aa:c0:54:d3:c1:
         be:9a:db:74:0f:db:b9:d1:7d:2e:17:20:e8:17:d5:25:94:11:
         fc:6b:d4:27
  • このエントリーをはてなブックマークに追加

SNSでもご購読できます。

コメントを残す

*