我從GeoTrust購買了SSL證書。它是如何工作的:找到一個SSL證書兩個不同的鏈和兩個不同的根CA
在檢查不同設備上的證書鏈時,我發現兩條不同鏈。兩條鏈都是有效!
在鏈中根CA結束C = US,O =的Equifax,OU = Equifax安全證書授權並且另一個在根CA C = US,O = GeoTrust的公司,CN = GeoTrust的全球CA。
這些鏈條之間的不同之處在於第一條鏈「GeoTrust Global CA」由「Equifax安全認證機構」簽署,第二條「GeoTrust Global CA」是自簽名的。但是在這兩條鏈中,「GeoTrust Global CA」的指紋都是「C0:7A:98:68:8D:89:FB:AB:05:64:0C:11:7D:AA:7D:65:B8:CA: CC:4E「,只有序列號不同。
這怎麼可能?我認爲ssl證書,他們的指紋和cahins是獨一無二的!
鏈1)
1a)中C = US,O = GeoTrust的公司,OU =域驗證SSL,CN = GeoTrust的DV SSL CA符號由C = US,O = GeoTrust的公司,CN = GeoTrust的全球CA
Data:
Version: 3 (0x2)
Serial Number: 145106 (0x236d2)
Signature Algorithm: sha1WithRSAEncryption
Issuer: C=US, O=GeoTrust Inc., CN=GeoTrust Global CA
Validity
Not Before: Feb 26 21:32:31 2010 GMT
Not After : Feb 25 21:32:31 2020 GMT
Subject: C=US, O=GeoTrust Inc., OU=Domain Validated SSL, CN=GeoTrust DV SSL CA
X509v3 extensions:
X509v3 Key Usage: critical
Certificate Sign, CRL Sign
X509v3 Subject Key Identifier:
8C:F4:D9:93:0A:47:BC:00:A0:4A:CE:4B:75:6E:A0:B6:B0:B2:7E:FC
X509v3 Authority Key Identifier:
keyid:C0:7A:98:68:8D:89:FB:AB:05:64:0C:11:7D:AA:7D:65:B8:CA:CC:4E
1b)的C = US,O = GeoTrust的公司,CN = GeoTrust的全球CA符號由C = US,O =的Equifax,OU = Equifax安全CER tificate管理局
Data:
Version: 3 (0x2)
Serial Number: 1227750 (0x12bbe6)
Signature Algorithm: sha1WithRSAEncryption
Issuer: C=US, O=Equifax, OU=Equifax Secure Certificate Authority
Validity
Not Before: May 21 04:00:00 2002 GMT
Not After : Aug 21 04:00:00 2018 GMT
Subject: C=US, O=GeoTrust Inc., CN=GeoTrust Global CA
X509v3 extensions:
X509v3 Authority Key Identifier:
keyid:48:E6:68:F9:2B:D2:B2:95:D7:47:D8:23:20:10:4F:33:98:90:9F:D4
X509v3 Subject Key Identifier:
C0:7A:98:68:8D:89:FB:AB:05:64:0C:11:7D:AA:7D:65:B8:CA:CC:4E
X509v3 Basic Constraints: critical
CA:TRUE
1c)的根CA C = US,O =的Equifax,OU = Equifax安全證書授權
Data:
Version: 3 (0x2)
Serial Number: 903804111 (0x35def4cf)
Signature Algorithm: sha1WithRSAEncryption
Issuer: C=US, O=Equifax, OU=Equifax Secure Certificate Authority
Validity
Not Before: Aug 22 16:41:51 1998 GMT
Not After : Aug 22 16:41:51 2018 GMT
Subject: C=US, O=Equifax, OU=Equifax Secure Certificate Authority
X509v3 extensions:
X509v3 Private Key Usage Period:
Not After: Aug 22 16:41:51 2018 GMT
X509v3 Key Usage:
Certificate Sign, CRL Sign
X509v3 Authority Key Identifier:
keyid:48:E6:68:F9:2B:D2:B2:95:D7:47:D8:23:20:10:4F:33:98:90:9F:D4
X509v3 Subject Key Identifier:
48:E6:68:F9:2B:D2:B2:95:D7:47:D8:23:20:10:4F:33:98:90:9F:D4
鏈2)
2a)的C = US,O = GeoTrust Inc.,OU =域驗證的SSL,CN = GeoTrust DV SSL CA簽收人C = US,O = GeoTrust的公司,CN = GeoTrust的全球CA
Data:
Version: 3 (0x2)
Serial Number: 145106 (0x236d2)
Signature Algorithm: sha1WithRSAEncryption
Issuer: C=US, O=GeoTrust Inc., CN=GeoTrust Global CA
Validity
Not Before: Feb 26 21:32:31 2010 GMT
Not After : Feb 25 21:32:31 2020 GMT
Subject: C=US, O=GeoTrust Inc., OU=Domain Validated SSL, CN=GeoTrust DV SSL CA
X509v3 extensions:
X509v3 Key Usage: critical
Certificate Sign, CRL Sign
X509v3 Subject Key Identifier:
8C:F4:D9:93:0A:47:BC:00:A0:4A:CE:4B:75:6E:A0:B6:B0:B2:7E:FC
X509v3 Authority Key Identifier:
keyid:C0:7A:98:68:8D:89:FB:AB:05:64:0C:11:7D:AA:7D:65:B8:CA:CC:4E
2b)的根CA C = US,O = GeoTrust的公司,CN = GeoTrust的全球CA
Data:
Version: 3 (0x2)
Serial Number: 144470 (0x23456)
Signature Algorithm: sha1WithRSAEncryption
Issuer: C=US, O=GeoTrust Inc., CN=GeoTrust Global CA
Validity
Not Before: May 21 04:00:00 2002 GMT
Not After : May 21 04:00:00 2022 GMT
Subject: C=US, O=GeoTrust Inc., CN=GeoTrust Global CA
X509v3 extensions:
X509v3 Basic Constraints: critical
CA:TRUE
X509v3 Subject Key Identifier:
C0:7A:98:68:8D:89:FB:AB:05:64:0C:11:7D:AA:7D:65:B8:CA:CC:4E
X509v3 Authority Key Identifier:
keyid:C0:7A:98:68:8D:89:FB:AB:05:64:0C:11:7D:AA:7D:65:B8:CA:CC:4E
哪一個是你認爲相同的兩個證書? – EJP
** 1b和2b的主題和指紋!**但發行人不同。如何可能1b和2b具有相同的指紋「C0:7A:98:68:8D:89:FB:AB:05:64:0C:11:7D:AA:7D:65:B8:CA:CC :4E「?我認爲指紋包括髮行人信息。在這種情況下,指紋必須不同。 – TimCgn74
序列號不同。 – EJP