更新时间:2022-06-10 05:15:15
这有点hacky,但 openssl x509
命令可以报告发行人和主题。如果主体和发行人是相同的,则是自签名的;如果它们不同,那么它是由CA签署的。 (严格来说,许多自签名证书也由CA签署 - 他们自己。)
It's a bit hacky, but the openssl x509
command can report both the issuer and the subject. If the subject and issuer are the same, it is self-signed; if they are different, then it was signed by a CA. (Strictly speaking, a great many self-signed certificates are also signed by a CA -- themselves.)
在测试这个理论时,我进行了一些测试;它运行如下:
While testing this theory, I ran a handful of tests; it runs something like:
cd /etc/ssl/certs
for f in *.0 ; do openssl x509 -in $f -issuer | head -1 > /tmp/$f.issuer ; openssl x509 -in $f -subject | head -1 > /tmp/$f.subject ; done
cd /tmp
sed -i -e s/issuer=// *.issuer
sed -i -e s/subject=// *.subject
cd /etc/ssl/certs/
for f in *.0 ; do diff -u /tmp/$f.issuer /tmp/$f.subject ; done
希望这会有所帮助。