サーバー証明書を入れ替えした時、ちゃんと入れ替えられているかを確認するためのopensslの簡単なワンライナー
openssl s_client -connect {URL}:{PORT} < /dev/null 2> /dev/null | openssl x509 -text
例:
$ openssl s_client -connect blog.hokari.net:443 < /dev/null 2> /dev/null | openssl x509 -text
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
03:18:35:93:a4:d3:c6:3d:3f:db:ad:c9:37:af:8f:17:00:a8
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=US, O=Let’s Encrypt, CN=Let’s Encrypt Authority X3
Validity
Not Before: Jul 31 15:00:00 2017 GMT
Not After : Oct 29 15:00:00 2017 GMT
Subject: CN=blog.hokari.net
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (2048 bit)
Modulus:
00:b5:88:51:7d:f1:40:28:06:df:9f:d4:1f:5a:0f:
27:0c:07:12:e2:1b:b6:4f:00:a5:34:28:aa:f2:d7:
c0:9a:e7:e7:df:c9:ff:97:1c:7f:66:6a:ef:0c:cc:
d5:3a:5f:7c:a0:04:1b:01:00:f7:13:d0:3f:65:4d:
53:31:3a:1b:bd:fa:5c:4b:5f:e9:1d:a4:62:a7:07:
ed:03:60:e1:9d:f5:bc:95:f4:07:4f:08:7a:b2:91:
55:78:0b:b0:a2:ff:e9:0b:6c:e2:ca:1f:b8:dc:17:
93:ff:32:a1:05:a0:b1:88:b6:3d:d5:eb:1e:e2:63:
ad:9b:44:03:17:42:2d:e3:56:13:54:7d:8b:55:42:
e8:26:5b:10:bc:74:85:d2:90:76:56:ec:19:c7:70:
f6:22:e6:24:07:38:4a:52:a7:85:17:57:26:f9:29:
00:f6:6b:7d:3a:78:6a:6e:50:28:d7:1a:a0:1e:60:
4b:8b:4f:48:68:97:1c:62:d7:39:31:8e:bc:dc:5d:
13:bb:f5:b3:46:14:a4:87:18:49:cc:54:1a:9d:64:
a6:1a:e7:b3:c8:ba:33:25:26:1b:fd:50:ad:8e:fe:
06:ee:d7:4f:9c:91:92:04:8e:49:86:fa:d6:20:66:
38:54:b7:c9:ef:25:9a:80:25:e5:8d:85:52:22:cf:
89:65
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Key Usage: critical
Digital Signature, Key Encipherment
X509v3 Extended Key Usage:
TLS Web Server Authentication, TLS Web Client Authentication
X509v3 Basic Constraints: critical
CA:FALSE
X509v3 Subject Key Identifier:
AB:01:CA:87:45:73:C2:B2:1F:EC:2E:67:F8:68:6B:9B:6B:8E:98:E0
X509v3 Authority Key Identifier:
keyid:A8:4A:6A:63:04:7D:DD:BA:E6:D1:39:B7:A6:45:65:EF:F3:A8:EC:A1Authority Information Access:
OCSP – URI:http://ocsp.int-x3.letsencrypt.org
CA Issuers – URI:http://cert.int-x3.letsencrypt.org/X509v3 Subject Alternative Name:
DNS:blog.hokari.net
X509v3 Certificate Policies:
Policy: 2.23.140.1.2.1
Policy: 1.3.6.1.4.1.44947.1.1.1
CPS: http://cps.letsencrypt.org
User Notice:
Explicit Text: This Certificate may only be relied upon by Relying Parties and only in accordance with the Certificate Policy found at https://letsencrypt.org/repository/Signature Algorithm: sha256WithRSAEncryption
62:13:92:d8:32:63:a1:38:9d:cb:8c:e9:48:c8:89:b8:37:6b:
ad:30:e5:88:c7:d1:28:aa:0e:ba:9c:2b:fa:52:00:a7:63:e1:
d2:1a:11:12:71:cd:42:69:b7:53:63:c8:59:ce:da:de:b3:31:
df:aa:de:6a:d6:b5:f1:26:03:df:75:03:89:3e:6c:d3:de:79:
5a:a6:ed:c1:fe:5c:0d:a2:7c:5f:9b:4d:e7:2d:56:f4:a7:2a:
cf:b1:e9:89:2f:41:ce:ea:87:6b:18:35:08:41:45:77:11:d5:
13:71:87:68:8f:47:0c:c3:f7:75:26:45:4e:06:1e:78:a4:6f:
45:f9:1d:ef:71:9e:2e:24:1f:99:fc:ae:32:50:ff:8b:e8:fd:
1c:26:c2:f6:38:52:db:81:df:1c:29:8f:56:b4:85:c4:b0:ea:
c5:fd:2e:c0:e9:7b:61:e6:13:c9:b9:8a:63:f7:59:9d:2f:76:
4a:0d:77:33:21:3d:ca:78:11:8b:93:38:2d:8e:d4:50:56:08:
64:99:7b:4f:ab:99:4a:34:7b:49:b1:48:36:6d:74:e5:f8:24:
6e:d7:38:1a:d3:2b:e2:f8:a1:c3:10:11:66:74:48:9b:21:f0:
d4:c6:f1:b2:2c:ed:6f:4a:b8:23:27:c0:98:eb:eb:72:ea:4d:
05:13:9b:8d
—–BEGIN CERTIFICATE—–
MIIFATCCA+mgAwIBAgISAxg1k6TTxj0/263JN6+PFwCoMA0GCSqGSIb3DQEBCwUA
MEoxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MSMwIQYDVQQD
ExpMZXQncyBFbmNyeXB0IEF1dGhvcml0eSBYMzAeFw0xNzA3MzExNTAwMDBaFw0x
NzEwMjkxNTAwMDBaMBoxGDAWBgNVBAMTD2Jsb2cuaG9rYXJpLm5ldDCCASIwDQYJ
KoZIhvcNAQEBBQADggEPADCCAQoCggEBALWIUX3xQCgG35/UH1oPJwwHEuIbtk8A
pTQoqvLXwJrn59/J/5ccf2Zq7wzM1TpffKAEGwEA9xPQP2VNUzE6G736XEtf6R2k
YqcH7QNg4Z31vJX0B08IerKRVXgLsKL/6Qts4sofuNwXk/8yoQWgsYi2PdXrHuJj
rZtEAxdCLeNWE1R9i1VC6CZbELx0hdKQdlbsGcdw9iLmJAc4SlKnhRdXJvkpAPZr
fTp4am5QKNcaoB5gS4tPSGiXHGLXOTGOvNxdE7v1s0YUpIcYScxUGp1kphrns8i6
MyUmG/1QrY7+Bu7XT5yRkgSOSYb61iBmOFS3ye8lmoAl5Y2FUiLPiWUCAwEAAaOC
Ag8wggILMA4GA1UdDwEB/wQEAwIFoDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYB
BQUHAwIwDAYDVR0TAQH/BAIwADAdBgNVHQ4EFgQUqwHKh0VzwrIf7C5n+Ghrm2uO
mOAwHwYDVR0jBBgwFoAUqEpqYwR93brm0Tm3pkVl7/Oo7KEwbwYIKwYBBQUHAQEE
YzBhMC4GCCsGAQUFBzABhiJodHRwOi8vb2NzcC5pbnQteDMubGV0c2VuY3J5cHQu
b3JnMC8GCCsGAQUFBzAChiNodHRwOi8vY2VydC5pbnQteDMubGV0c2VuY3J5cHQu
b3JnLzAaBgNVHREEEzARgg9ibG9nLmhva2FyaS5uZXQwgf4GA1UdIASB9jCB8zAI
BgZngQwBAgEwgeYGCysGAQQBgt8TAQEBMIHWMCYGCCsGAQUFBwIBFhpodHRwOi8v
Y3BzLmxldHNlbmNyeXB0Lm9yZzCBqwYIKwYBBQUHAgIwgZ4MgZtUaGlzIENlcnRp
ZmljYXRlIG1heSBvbmx5IGJlIHJlbGllZCB1cG9uIGJ5IFJlbHlpbmcgUGFydGll
cyBhbmQgb25seSBpbiBhY2NvcmRhbmNlIHdpdGggdGhlIENlcnRpZmljYXRlIFBv
bGljeSBmb3VuZCBhdCBodHRwczovL2xldHNlbmNyeXB0Lm9yZy9yZXBvc2l0b3J5
LzANBgkqhkiG9w0BAQsFAAOCAQEAYhOS2DJjoTidy4zpSMiJuDdrrTDliMfRKKoO
upwr+lIAp2Ph0hoREnHNQmm3U2PIWc7a3rMx36reata18SYD33UDiT5s0955Wqbt
wf5cDaJ8X5tN5y1W9Kcqz7HpiS9BzuqHaxg1CEFFdxHVE3GHaI9HDMP3dSZFTgYe
eKRvRfkd73GeLiQfmfyuMlD/i+j9HCbC9jhS24HfHCmPVrSFxLDqxf0uwOl7YeYT
ybmKY/dZnS92Sg13MyE9yngRi5M4LY7UUFYIZJl7T6uZSjR7SbFINm105fgkbtc4
GtMr4vihwxARZnRImyHw1Mbxsiztb0q4IyfAmOvrcupNBRObjQ==
—–END CERTIFICATE—–
$