compare el certificado del certificado sha-256 con el informe de transparencia de google

1

Diga que quiero verificar un certificado https. Supongamos que conozco su huella dactilar SHA-256, ¿cómo la comparo con la herramienta de búsqueda este servicio , que aparentemente solo me da la número de serie?

edit1: ¿se puede considerar https://crt.sh al menos tan confiable como el servicio que vinculé anteriormente para realizar tal comprobación?

    
pregunta jj_p 28.09.2017 - 20:55
fuente

1 respuesta

2

Puede obtener toda la misma información con el siguiente comando.

$ echo -n | openssl s_client -connect www.security.us.hsbc.com:443 2>/dev/null | openssl x509 -noout -text
Certificate:
Data:
    Version: 3 (0x2)
    Serial Number:
        5e:b9:cb:83:5f:9a:71:a1:e6:78:33:0a:b2:c7:d7:0d
    Signature Algorithm: sha256WithRSAEncryption
    Issuer: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 EV SSL CA - G3
    Validity
        Not Before: Jan 15 00:00:00 2016 GMT
        Not After : Jan 15 23:59:59 2018 GMT
    Subject: 1.3.6.1.4.1.311.60.2.1.3=US/1.3.6.1.4.1.311.60.2.1.2=Virginia/businessCategory=Private Organization/serialNumber=413208, C=US/postalCode=22102, ST=Virginia, L=Mclean/street=1800 TYSONS BLVD STE 50, O=HSBC BANK USA, NATIONAL ASSOCIATION, OU=NL-01-02, CN=www.security.us.hsbc.com
    Subject Public Key Info:
        Public Key Algorithm: rsaEncryption
        RSA Public Key: (2048 bit)
            Modulus (2048 bit):
                00:d6:14:f8:83:70:19:10:10:21:8d:4a:69:fb:f7:
                a7:de:75:5d:08:6e:9a:2b:ca:7d:c4:97:c4:2f:63:
                e8:d5:13:7a:c1:8b:67:4e:98:0b:8b:f6:e9:95:ed:
                a8:74:30:7a:17:df:4e:e1:75:ac:73:0b:ec:f2:cf:
                16:c6:d9:50:86:95:23:77:61:0c:40:2f:06:73:90:
                0e:9b:dd:8e:e2:af:08:7b:52:ef:3b:d2:82:03:a6:
                6e:ff:4a:f5:86:e4:26:d0:3b:de:56:f8:09:e9:b8:
                ca:a7:22:39:f2:f6:64:3d:33:3a:76:44:d4:b8:8b:
                c0:c7:97:6a:d0:ab:4a:c2:10:5d:87:d4:dd:8b:a7:
                eb:40:1e:8b:5d:e6:22:29:4e:02:fa:01:81:39:73:
                5f:09:46:aa:c0:f5:23:5e:59:2f:d3:ef:91:86:d8:
                e2:a6:e0:fd:dc:17:26:a7:d5:60:2a:2f:a5:2c:49:
                c4:4f:8f:d5:4d:a2:10:bc:01:a9:81:2f:96:8a:60:
                c2:65:60:b6:7e:8a:2f:ab:35:99:4e:a5:43:cb:d7:
                19:9a:65:ba:be:1c:57:95:78:d5:2e:a9:ab:bc:46:
                7b:c5:56:d4:c2:83:c6:81:0b:a0:1f:b9:3d:24:2c:
                24:29:71:9f:15:33:d8:7c:a5:dc:c1:a5:41:64:86:
                ca:49
            Exponent: 65537 (0x10001)
    X509v3 extensions:
        X509v3 Subject Alternative Name: 
            DNS:security.us.hsbc.com, DNS:www.security.us.hsbc.com, DNS:www1.security.us.hsbc.com, DNS:www2.security.us.hsbc.com
        X509v3 Basic Constraints: 
            CA:FALSE
        X509v3 Key Usage: critical
            Digital Signature, Key Encipherment
        X509v3 Extended Key Usage: 
            TLS Web Server Authentication, TLS Web Client Authentication
        X509v3 Certificate Policies: 
            Policy: 2.16.840.1.113733.1.7.23.6
              CPS: https://d.symcb.com/cps
              User Notice:
                Explicit Text: https://d.symcb.com/rpa

        X509v3 Authority Key Identifier: 
            keyid:01:59:AB:E7:DD:3A:0B:59:A6:64:63:D6:CF:20:07:57:D5:91:E7:6A

        X509v3 CRL Distribution Points: 
            URI:http://sr.symcb.com/sr.crl

        Authority Information Access: 
            OCSP - URI:http://sr.symcd.com
            CA Issuers - URI:http://sr.symcb.com/sr.crt

Observe que esto contiene la misma información que crt.sh

    
respondido por el MikeSchem 28.09.2017 - 22:48
fuente

Lea otras preguntas en las etiquetas