728x90
OpenSSL이란?
- OpenSSL이란, 인터넷상에서 데이터를 안전하게 전송하기 위해 사용되는 암호화 소프트웨어 라이브러리
- SSL(Secure Sockets Layer) 및 TLS(Transport Layer Security) 프로토콜을 지원
s_client란?
- OpenSSL 라이브러리의 명령어 중 하나
- SSL/TLS 클라이언트를 시뮬레이션하여 서버와의 SSL/TLS 연결을 설정하고 진단하는 데 사용된다.
- SSL/TLS 서버의 인증서, 연결 상태, 암호화 방법 등 확인 가능
OpenSSL로 SSL 인증서 조하기
openssl이 설치되어 있지 않다면 # yum install openssl 명령어로 설치한다.
# openssl s_client -showcerts -connect <도메인>:<포트>[root@test ~]# openssl s_client -showcerts -connect google.com:443
CONNECTED(00000003)
depth=3 C = BE, O = GlobalSign nv-sa, OU = Root CA, CN = GlobalSign Root CA
verify return:1
depth=2 C = US, O = Google Trust Services LLC, CN = GTS Root R1
verify return:1
depth=1 C = US, O = Google Trust Services LLC, CN = GTS CA 1C3
verify return:1
depth=0 CN = *.google.com
verify return:1
---
Certificate chain
0 s:/CN=*.google.com
i:/C=US/O=Google Trust Services LLC/CN=GTS CA 1C3
-----BEGIN CERTIFICATE-----
MIIPSDCCDjCgAwIBAgIQS5gPQCwxfUsSCDzvmmm65TANBgkqhkiG9w0BAQsFADBG
MQswCQYDVQQGEwJVUzEiMCAGA1UEChMZR29vZ2xlIFRydXN0IFNlcnZpY2VzIExM
QzETMBEGA1UEAxMKR1RTIENBIDFDMzAeFw0yNDA1MjEwNTMyMDNaFw0yNDA4MTMw
NTMyMDJaMBcxFTATBgNVBAMMDCouZ29vZ2xlLmNvbTCCASIwDQYJKoZIhvcNAQEB
BQADggEPADCCAQoCggEBALCLRcQsQwiB/y36p0toM599W3td+jBDshEjgY9S5HLp
8mQxTldOkBHo9uoIHqNe1ZhaILBht0abdjaHZIW2vwbK1Gbyf0KvQT6ZQzNczDGN
...
2IRzAAABj5nZme0AAAQDAEcwRQIgQnABXKtI10whm0OFqE3rzLjU6gFTqDH6fgx+
YtuiTJsCIQC0CApv0wWO4tGN3dWrgAORJ44jQXAC8PCY1DfE68fxMjANBgkqhkiG
9w0BAQsFAAOCAQEAhWa2oqFmVC/r9Vj4KvxpbYJsN2Z18d8LPnA87EvYi2JOj/vb
Tb+a/lPa/9vFIgsqkHkM96V3BboxE9tqMSfMuq7WQ6mFRaytUmOlhEInDmHdk1j4
CYuxfS8yXgmKmBtWQy+bCZZdPgBvIWNtZg2sl9/sneD2Nf5BtU6J1MZnfqSRNeej
VtX+pdgwSooSLPN5Gtq8/Hs5VpQqqqKWVALtGgo8jVpC26QsWhEFNiQ1J2LG8TkU
PE2UxspyLYLv1WsqAjFzBrjHNO//iFrBcTDY45VrfuIiSOouQI9RD37O5HKkULPO
AEg8b5f3YL9Ml5cSMh/onIKk1VEhkc7ijMOgig==
-----END CERTIFICATE-----
1 s:/C=US/O=Google Trust Services LLC/CN=GTS CA 1C3
i:/C=US/O=Google Trust Services LLC/CN=GTS Root R1
-----BEGIN CERTIFICATE-----
MIIFljCCA36gAwIBAgINAgO8U1lrNMcY9QFQZjANBgkqhkiG9w0BAQsFADBHMQsw
CQYDVQQGEwJVUzEiMCAGA1UEChMZR29vZ2xlIFRydXN0IFNlcnZpY2VzIExMQzEU
MBIGA1UEAxMLR1RTIFJvb3QgUjEwHhcNMjAwODEzMDAwMDQyWhcNMjcwOTMwMDAw
MDQyWjBGMQswCQYDVQQGEwJVUzEiMCAGA1UEChMZR29vZ2xlIFRydXN0IFNlcnZp
...
AJ2xDx8hcFH1mt0G/FX0Kw4zd8NLQsLxdxP8c4CU6x+7Nz/OAipmsHMdMqUybDKw
juDEI/9bfU1lcKwrmz3O2+BtjjKAvpafkmO8l7tdufThcV4q5O8DIrGKZTqPwJNl
1IXNDw9bg1kWRxYtnCQ6yICmJhSFm/Y3m6xv+cXDBlHz4n/FsRC6UfTd
-----END CERTIFICATE-----
2 s:/C=US/O=Google Trust Services LLC/CN=GTS Root R1
i:/C=BE/O=GlobalSign nv-sa/OU=Root CA/CN=GlobalSign Root CA
-----BEGIN CERTIFICATE-----
MIIFYjCCBEqgAwIBAgIQd70NbNs2+RrqIQ/E8FjTDTANBgkqhkiG9w0BAQsFADBX
MQswCQYDVQQGEwJCRTEZMBcGA1UEChMQR2xvYmFsU2lnbiBudi1zYTEQMA4GA1UE
CxMHUm9vdCBDQTEbMBkGA1UEAxMSR2xvYmFsU2lnbiBSb290IENBMB4XDTIwMDYx
OTAwMDA0MloXDTI4MDEyODAwMDA0MlowRzELMAkGA1UEBhMCVVMxIjAgBgNVBAoT
...
NR3t5P+T4Vxfq7vqfM/b5A3Ri1fyJm9bvhdGaJQ3b2t6yMAYN/olUazsaL+yyEn9
WprKASOshIArAoyZl+tJaox118fessmXn1hIVw41oeQa1v1vg4Fv74zPl6/AhSrw
9U5pCZEt4Wi4wStz6dTZ/CLANx8LZh1J7QJVj2fhMtfTJr9w4z30Z209fOU0iOMy
+qduBmpvvYuR7hZL6Dupszfnw0Skfths18dG9ZKb59UhvmaSGZRVbNQpsg3BZlvi
d0lIKO2d1xozclOzgjXPYovJJIultzkMu34qQb9Sz/yilrbCgj8=
-----END CERTIFICATE-----
---
Server certificate
subject=/CN=*.google.com
issuer=/C=US/O=Google Trust Services LLC/CN=GTS CA 1C3
---
No client certificate CA names sent
Peer signing digest: SHA256
Server Temp Key: ECDH, P-256, 256 bits
---
SSL handshake has read 7454 bytes and written 415 bytes
---
New, TLSv1/SSLv3, Cipher is ECDHE-RSA-AES128-GCM-SHA256
Server public key is 2048 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
SSL-Session:
Protocol : TLSv1.2
Cipher : ECDHE-RSA-AES128-GCM-SHA256
Session-ID: E6BB81C91C47BEF419163ED08606D5CA3933A6183638FBCCD228712E25AE04F0
Session-ID-ctx:
Master-Key: 9F7E79EF016D5A95B27A3D4F5BFA10CFA9E1CEA47F8B6BCE8ADCAF5A34491E8685F32AAE505B897132F4DFC18E375A7B
Key-Arg : None
Krb5 Principal: None
PSK identity: None
PSK identity hint: None
TLS session ticket lifetime hint: 100800 (seconds)
TLS session ticket:
0000 - 02 33 e8 32 df 1b 16 da-a8 df ab f8 59 9c ef e7 .3.2........Y...
0010 - c5 33 ac c8 b5 d5 62 41-54 92 c9 e1 93 71 15 6e .3....bAT....q.n
0020 - 6b a3 cb 71 b1 68 0a 27-ac 50 c8 54 5a 09 77 7f k..q.h.'.P.TZ.w.
0030 - c0 b5 54 85 a8 0a 38 97-c4 a2 22 83 05 fe d0 1c ..T...8...".....
0040 - 13 4c 2a bc 5a 61 69 de-3a 0f 9b 4f a2 fb 20 f4 .L*.Zai.:..O.. .
0050 - 3d 94 ff db 71 21 53 9a-37 a1 04 2d 1b aa d3 df =...q!S.7..-....
0060 - 5a 33 45 48 58 90 cc fd-45 11 97 ef 57 0e b2 2e Z3EHX...E...W...
0070 - 88 1f 6e 01 92 58 13 6d-c6 ae 2f b5 f8 16 46 e3 ..n..X.m../...F.
0080 - 28 1d 2b f3 bf 21 51 71-dc 56 91 f0 04 29 9a 59 (.+..!Qq.V...).Y
0090 - e0 c4 ef 42 89 1f 07 b5-98 37 f6 4b 9e 33 2c 6e ...B.....7.K.3,n
00a0 - fe b7 17 7c 10 12 dc 8b-fa 35 8b 7a d1 d4 0a 62 ...|.....5.z...b
00b0 - 18 b4 50 06 7e 99 0f de-4d 1c a8 3d ee 0e e4 e5 ..P.~...M..=....
00c0 - 9f 3c a4 dd c5 da 41 97-dc 28 11 05 2e a0 1e e6 .<....A..(......
00d0 - 3c 0f 33 67 12 4e 52 54-1d 2e f2 2c 4c 5f 90 01 <.3g.NRT...,L_..
Start Time: 1718342836
Timeout : 300 (sec)
Verify return code: 0 (ok)
---
HTTP/1.0 400 Bad Request
Content-Type: text/html; charset=UTF-8
Referrer-Policy: no-referrer
Content-Length: 1555
Date: Fri, 14 Jun 2024 05:27:21 GMT
- Certificate chain : 서버가 제공한 인증서 체인.
각 인증서가 -----BEGIN CERTIFICATE-----와 -----END CERTIFICATE----- 사이에 표시된다. - Server certificate : 서버의 인증서에 대한 정보. 주체와 발급자가 표시된다.
- SSL handshake : SSL 핸드셰이크 과정에서 읽고 쓴 바이트 수 및 핸드셰이크 상태
- Verification : 인증서 검증 상태
728x90
'OS > Linux' 카테고리의 다른 글
| [Linux] Iptables란? 포트포워딩 설정 및 영구적용 방법 (0) | 2025.03.19 |
|---|---|
| [Linux] iptables란 ? iptables를 통한 트래픽 제어 (0) | 2024.06.01 |
| [Linux] telnet이란? 텔넷 서버 구축부터 활용까지_통신 테스트 방법 (0) | 2024.05.26 |
| [Linux] RPM과 YUM이란? 내용 정리 (0) | 2024.04.28 |
| [Linux] 커널 헤더 설치 방법 (1) | 2024.04.27 |