3 月 212020
未启用双向验证时的openssl sclient请求
[root@ip-172-31-47-53 ~]# openssl s_client -connect api.iot.com:443 CONNECTED(00000003) depth=2 C = CN, ST = Guangdong, L = Shenzhen, O = YSWM, OU = YSWM Certificate Authority, CN = YSWM ROOT CA verify error:num=19:self signed certificate in certificate chain --- Certificate chain 0 s:/C=CN/ST=Guangdong/L=Shenzhen/O=YSWL/OU=IT/CN=api.iot.com i:/C=CN/ST=Guangdong/O=YSWM/OU=YSWM Certificate Authority/CN=YSWM Intermediate CA 1 s:/C=CN/ST=Guangdong/O=YSWM/OU=YSWM Certificate Authority/CN=YSWM Intermediate CA i:/C=CN/ST=Guangdong/L=Shenzhen/O=YSWM/OU=YSWM Certificate Authority/CN=YSWM ROOT CA 2 s:/C=CN/ST=Guangdong/L=Shenzhen/O=YSWM/OU=YSWM Certificate Authority/CN=YSWM ROOT CA i:/C=CN/ST=Guangdong/L=Shenzhen/O=YSWM/OU=YSWM Certificate Authority/CN=YSWM ROOT CA --- Server certificate -----BEGIN CERTIFICATE----- MIIFojCCA4qgAwIBAgICEAAwDQYJKoZIhvcNAQELBQAwdDELMAkGA1UEBhMCQ04x EjAQBgNVBAgMCUd1YW5nZG9uZzENMAsGA1UECgwEWVNXTTEjMCEGA1UECwwaWVNX TSBDZXJ0aWZpY2F0ZSBBdXRob3JpdHkxHTAbBgNVBAMMFFlTV00gSW50ZXJtZWRp YXRlIENBMB4XDTIwMDMxOTA2NDgzOVoXDTIxMDMxOTA2NDgzOVowZjELMAkGA1UE BhMCQ04xEjAQBgNVBAgMCUd1YW5nZG9uZzERMA8GA1UEBwwIU2hlbnpoZW4xDTAL BgNVBAoMBFlTV0wxCzAJBgNVBAsMAklUMRQwEgYDVQQDDAthcGkuaW90LmNvbTCC ASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAPKYx0hAmQ0SNZPXY2W7wDZM 2CoQEhMSuAvh5s1+P5QBx+llHCwk2ZNoRXiidRlA1E5Rr1YsAclEjbWcv9YKWiYn RstZ1/k0/l9xo3dhRgwptb3nXeHht2PXY++uMEOTWWe+C/Q6aYbkia87ZtNI7n82 n9/pFY3dXQatbjulxheYnoWjCz5fl7O0/uw15U7C1P/CB3XMUGLqqm3KKIJfpLmT gP7L+Q1dZVAcwrIfZdle6wG6dnpjRI7ak0GfbxOTokWAmr6YtWQoHYIoBpw8bKGS xwc0fhpvwroNAY9pSsNs96wlteVMDp7oibltq31oH10/TWB7j0qflqr9WuFjA7MC AwEAAaOCAUowggFGMAkGA1UdEwQCMAAwEQYJYIZIAYb4QgEBBAQDAgZAMDMGCWCG SAGG+EIBDQQmFiRPcGVuU1NMIEdlbmVyYXRlZCBTZXJ2ZXIgQ2VydGlmaWNhdGUw HQYDVR0OBBYEFPLQcQCz1Qhb+obRMVXL5CiTcIT7MIGsBgNVHSMEgaQwgaGAFLu/ V7kbBJBkvwKAFrDNbnmg6uPfoYGEpIGBMH8xCzAJBgNVBAYTAkNOMRIwEAYDVQQI DAlHdWFuZ2RvbmcxETAPBgNVBAcMCFNoZW56aGVuMQ0wCwYDVQQKDARZU1dNMSMw IQYDVQQLDBpZU1dNIENlcnRpZmljYXRlIEF1dGhvcml0eTEVMBMGA1UEAwwMWVNX TSBST09UIENBggIQADAOBgNVHQ8BAf8EBAMCBaAwEwYDVR0lBAwwCgYIKwYBBQUH AwEwDQYJKoZIhvcNAQELBQADggIBAAsmdvtSux+U9FV8Z/+RIHxR/zvuPlc8sVnT 0ivj069MTUwNN7Q91V+YSWzAB//17H9Lsy5f6Fxl9zNP9r9X3F3J9ha1qVZLgJFa CH3Otn/WPraS6Q1KiBwKPIMCgE0IA2Nz5ZrcIQwlTwQ2gIo41ZEMeVk0QvrXQXra vEeFTB4NHID5naJivP/ObO1y+4NKiT4hjjjn/xQxW5y0ddAkHYPPibbMlGA3htFe V/mIcVP7IeBYyJ31GPbJ9zu3hBpLFuqLh1YUdvJj9JL3wKTsPok5tL5RIM3wN9Ir BOZRkkJ8uN/hsFoMY4cFz1NS7iy/4SnslQibT8oGqa/lBxt+3ABYjI5nQUvyHkf0 +Y1mXyTLy2EbaM4streJPV48FY3vsmwk7bA5BkbjvS3aj7Mt7AW28LtD+szlK1Ix v4D06+Rl9kfZxFd6MWhLiMIYG4KfyIeficzM2X18PNZNdyxvbM/lWiLapc34aR6g ISz6/vFD58euDAHYiQnRjsk1cL4ViF3yZVXvZWRm7Lyhwj/5CZ7EGuNXGhw/svMu RLfr8SeoKohcJGE7nAEu+Q1q6VoNG0HKWk9Y2fEX+pS8z6ET875nL6ce12d9eEYR CkhIeoqCXtd9qHof3L5Qf5yndGGkn4rt0lG6tZikyXxmzOV2pjr/STezH/2mqLS2 oEAMh2YN -----END CERTIFICATE----- subject=/C=CN/ST=Guangdong/L=Shenzhen/O=YSWL/OU=IT/CN=api.iot.com issuer=/C=CN/ST=Guangdong/O=YSWM/OU=YSWM Certificate Authority/CN=YSWM Intermediate CA --- No client certificate CA names sent Peer signing digest: SHA512 Server Temp Key: ECDH, P-256, 256 bits --- SSL handshake has read 5136 bytes and written 415 bytes --- New, TLSv1/SSLv3, Cipher is ECDHE-RSA-AES256-GCM-SHA384 Server public key is 2048 bit Secure Renegotiation IS supported Compression: NONE Expansion: NONE No ALPN negotiated SSL-Session: Protocol : TLSv1.2 Cipher : ECDHE-RSA-AES256-GCM-SHA384 Session-ID: 62D71A0E3BD96BF7FB3890E13F0BE760153A9687C8D1CF6ADED63410C54EB79A Session-ID-ctx: Master-Key: BDB9A9FD44557DA803D7B092E956CFB7A476362A98DFE195AE9567828399FFA8AA9D389A401539CE3CA4E19131F64455 Key-Arg : None Krb5 Principal: None PSK identity: None PSK identity hint: None TLS session ticket lifetime hint: 300 (seconds) TLS session ticket: 0000 - 37 ed 69 e7 17 db f4 0f-2b d1 76 a5 fd 7a 4c a9 7.i.....+.v..zL. 0010 - 81 b2 88 94 e1 61 e1 81-3a 7b e8 14 4f e7 51 65 .....a..:{..O.Qe 0020 - 73 20 e8 16 f8 b8 52 6e-b7 f9 3a 9d 94 92 e7 c9 s ....Rn..:..... 0030 - 98 6c db 55 bd eb b9 83-18 41 a0 67 16 45 b7 c0 .l.U.....A.g.E.. 0040 - 76 de 48 97 36 a8 53 c5-d3 e6 98 b0 2d 73 96 1b v.H.6.S.....-s.. 0050 - e3 a8 9e c9 ec 35 e3 06-f0 9b f4 b4 c3 e8 15 79 .....5.........y 0060 - 5d 6e 97 c4 ae 43 b0 19-43 b3 bb e2 0f 98 10 8a ]n...C..C....... 0070 - 86 99 50 44 21 5c d9 ca-3e de 0c d2 05 89 1d bf ..PD!\..>....... 0080 - 92 f7 5e e9 25 26 f9 87-9b af 3d 73 9e f9 44 b2 ..^.%&....=s..D. 0090 - 51 1b 65 ab 3c 4e e9 4b-79 04 d4 f1 49 33 0e b6 Q.e.<N.Ky...I3.. 00a0 - 6c f3 fe 74 b3 9b d4 76-cc 9f ce 69 ff f3 a4 1d l..t...v...i.... Start Time: 1584606277 Timeout : 300 (sec) Verify return code: 19 (self signed certificate in certificate chain) --- closed [root@ip-172-31-47-53 ~]#
自签CA使用openssl s_client调试时return code: 19的处理
客户端指定CA证书文件参数
-CAfile ./ca/certs/ca.cert.pem
启用双向验证(服务端启用客户端证书验证)时的openssl s_client请求
[root@ip-172-31-47-53 ~]# openssl s_client -connect api.iot.com:443 CONNECTED(00000003) depth=2 C = CN, ST = Guangdong, L = Shenzhen, O = YSWM, OU = YSWM Certificate Authority, CN = YSWM ROOT CA verify error:num=19:self signed certificate in certificate chain --- Certificate chain 0 s:/C=CN/ST=Guangdong/L=Shenzhen/O=YSWL/OU=IT/CN=api.iot.com i:/C=CN/ST=Guangdong/O=YSWM/OU=YSWM Certificate Authority/CN=YSWM Intermediate CA 1 s:/C=CN/ST=Guangdong/O=YSWM/OU=YSWM Certificate Authority/CN=YSWM Intermediate CA i:/C=CN/ST=Guangdong/L=Shenzhen/O=YSWM/OU=YSWM Certificate Authority/CN=YSWM ROOT CA 2 s:/C=CN/ST=Guangdong/L=Shenzhen/O=YSWM/OU=YSWM Certificate Authority/CN=YSWM ROOT CA i:/C=CN/ST=Guangdong/L=Shenzhen/O=YSWM/OU=YSWM Certificate Authority/CN=YSWM ROOT CA --- Server certificate -----BEGIN CERTIFICATE----- MIIFojCCA4qgAwIBAgICEAAwDQYJKoZIhvcNAQELBQAwdDELMAkGA1UEBhMCQ04x EjAQBgNVBAgMCUd1YW5nZG9uZzENMAsGA1UECgwEWVNXTTEjMCEGA1UECwwaWVNX TSBDZXJ0aWZpY2F0ZSBBdXRob3JpdHkxHTAbBgNVBAMMFFlTV00gSW50ZXJtZWRp YXRlIENBMB4XDTIwMDMxOTA2NDgzOVoXDTIxMDMxOTA2NDgzOVowZjELMAkGA1UE BhMCQ04xEjAQBgNVBAgMCUd1YW5nZG9uZzERMA8GA1UEBwwIU2hlbnpoZW4xDTAL BgNVBAoMBFlTV0wxCzAJBgNVBAsMAklUMRQwEgYDVQQDDAthcGkuaW90LmNvbTCC ASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAPKYx0hAmQ0SNZPXY2W7wDZM 2CoQEhMSuAvh5s1+P5QBx+llHCwk2ZNoRXiidRlA1E5Rr1YsAclEjbWcv9YKWiYn RstZ1/k0/l9xo3dhRgwptb3nXeHht2PXY++uMEOTWWe+C/Q6aYbkia87ZtNI7n82 n9/pFY3dXQatbjulxheYnoWjCz5fl7O0/uw15U7C1P/CB3XMUGLqqm3KKIJfpLmT gP7L+Q1dZVAcwrIfZdle6wG6dnpjRI7ak0GfbxOTokWAmr6YtWQoHYIoBpw8bKGS xwc0fhpvwroNAY9pSsNs96wlteVMDp7oibltq31oH10/TWB7j0qflqr9WuFjA7MC AwEAAaOCAUowggFGMAkGA1UdEwQCMAAwEQYJYIZIAYb4QgEBBAQDAgZAMDMGCWCG SAGG+EIBDQQmFiRPcGVuU1NMIEdlbmVyYXRlZCBTZXJ2ZXIgQ2VydGlmaWNhdGUw HQYDVR0OBBYEFPLQcQCz1Qhb+obRMVXL5CiTcIT7MIGsBgNVHSMEgaQwgaGAFLu/ V7kbBJBkvwKAFrDNbnmg6uPfoYGEpIGBMH8xCzAJBgNVBAYTAkNOMRIwEAYDVQQI DAlHdWFuZ2RvbmcxETAPBgNVBAcMCFNoZW56aGVuMQ0wCwYDVQQKDARZU1dNMSMw IQYDVQQLDBpZU1dNIENlcnRpZmljYXRlIEF1dGhvcml0eTEVMBMGA1UEAwwMWVNX TSBST09UIENBggIQADAOBgNVHQ8BAf8EBAMCBaAwEwYDVR0lBAwwCgYIKwYBBQUH AwEwDQYJKoZIhvcNAQELBQADggIBAAsmdvtSux+U9FV8Z/+RIHxR/zvuPlc8sVnT 0ivj069MTUwNN7Q91V+YSWzAB//17H9Lsy5f6Fxl9zNP9r9X3F3J9ha1qVZLgJFa CH3Otn/WPraS6Q1KiBwKPIMCgE0IA2Nz5ZrcIQwlTwQ2gIo41ZEMeVk0QvrXQXra vEeFTB4NHID5naJivP/ObO1y+4NKiT4hjjjn/xQxW5y0ddAkHYPPibbMlGA3htFe V/mIcVP7IeBYyJ31GPbJ9zu3hBpLFuqLh1YUdvJj9JL3wKTsPok5tL5RIM3wN9Ir BOZRkkJ8uN/hsFoMY4cFz1NS7iy/4SnslQibT8oGqa/lBxt+3ABYjI5nQUvyHkf0 +Y1mXyTLy2EbaM4streJPV48FY3vsmwk7bA5BkbjvS3aj7Mt7AW28LtD+szlK1Ix v4D06+Rl9kfZxFd6MWhLiMIYG4KfyIeficzM2X18PNZNdyxvbM/lWiLapc34aR6g ISz6/vFD58euDAHYiQnRjsk1cL4ViF3yZVXvZWRm7Lyhwj/5CZ7EGuNXGhw/svMu RLfr8SeoKohcJGE7nAEu+Q1q6VoNG0HKWk9Y2fEX+pS8z6ET875nL6ce12d9eEYR CkhIeoqCXtd9qHof3L5Qf5yndGGkn4rt0lG6tZikyXxmzOV2pjr/STezH/2mqLS2 oEAMh2YN -----END CERTIFICATE----- subject=/C=CN/ST=Guangdong/L=Shenzhen/O=YSWL/OU=IT/CN=api.iot.com issuer=/C=CN/ST=Guangdong/O=YSWM/OU=YSWM Certificate Authority/CN=YSWM Intermediate CA --- Acceptable client certificate CA names /C=CN/ST=Guangdong/O=YSWM/OU=YSWM Certificate Authority/CN=YSWM Intermediate CA /C=CN/ST=Guangdong/L=Shenzhen/O=YSWM/OU=YSWM Certificate Authority/CN=YSWM ROOT CA Client Certificate Types: RSA sign, DSA sign, ECDSA sign Requested Signature Algorithms: RSA+SHA512:DSA+SHA512:ECDSA+SHA512:RSA+SHA384:DSA+SHA384:ECDSA+SHA384:RSA+SHA256:DSA+SHA256:ECDSA+SHA256:RSA+SHA224:DSA+SHA224:ECDSA+SHA224:RSA+SHA1:DSA+SHA1:ECDSA+SHA1 Shared Requested Signature Algorithms: RSA+SHA512:DSA+SHA512:ECDSA+SHA512:RSA+SHA384:DSA+SHA384:ECDSA+SHA384:RSA+SHA256:DSA+SHA256:ECDSA+SHA256:RSA+SHA224:DSA+SHA224:ECDSA+SHA224:RSA+SHA1:DSA+SHA1:ECDSA+SHA1 Peer signing digest: SHA512 Server Temp Key: ECDH, P-256, 256 bits --- SSL handshake has read 5429 bytes and written 427 bytes --- New, TLSv1/SSLv3, Cipher is ECDHE-RSA-AES256-GCM-SHA384 Server public key is 2048 bit Secure Renegotiation IS supported Compression: NONE Expansion: NONE No ALPN negotiated SSL-Session: Protocol : TLSv1.2 Cipher : ECDHE-RSA-AES256-GCM-SHA384 Session-ID: 1065A02DB9470543CD1A23636D4315216639311463D12A1F9EADF69D543F1D04 Session-ID-ctx: Master-Key: 91579E43C1053D74A1319F3A620259CFF1B40667ADA246A303B89CD017FA813A236DCEC267289EC82A0725A1ABC3D279 Key-Arg : None Krb5 Principal: None PSK identity: None PSK identity hint: None TLS session ticket lifetime hint: 300 (seconds) TLS session ticket: 0000 - 21 7b 18 62 74 1d b5 ef-15 31 c5 19 a3 5a 51 6b !{.bt....1...ZQk 0010 - b3 ea 43 71 71 58 4e 8e-44 70 59 a5 4d ac fe 2f ..CqqXN.DpY.M../ 0020 - 81 3e 74 41 69 53 b8 40-83 4f 4c 8a 59 29 d4 77 .>tAiS.@.OL.Y).w 0030 - 51 09 c5 eb 52 b5 7b 28-9d 80 a0 44 c2 89 0d 73 Q...R.{(...D...s 0040 - 08 61 df 07 f7 2a 9b 0a-8c ae fd b4 23 52 8d 48 .a...*......#R.H 0050 - c0 c9 b5 87 29 50 47 8b-56 01 30 87 c8 e4 9a d2 ....)PG.V.0..... 0060 - 2d 5d 50 c4 49 15 56 bf-ac e3 92 c6 61 97 32 29 -]P.I.V.....a.2) 0070 - 58 2d 5d 5e 54 11 05 21-63 8f b0 84 ff 82 52 c4 X-]^T..!c.....R. 0080 - bb fd f8 3b 31 d7 01 e6-5f 2a 6a a8 f4 06 16 08 ...;1..._*j..... 0090 - ac 0d a7 34 46 f7 88 08-92 25 08 12 2d ee ba f2 ...4F....%..-... 00a0 - 85 ba 09 be 78 25 83 56-b7 b7 47 04 cd a3 0c 67 ....x%.V..G....g Start Time: 1584607327 Timeout : 300 (sec) Verify return code: 19 (self signed certificate in certificate chain) --- closed [root@ip-172-31-47-53 ~]#
启用双向验证(服务端启用客户端证书验证)时的完整openssl s_client请求
[root@ip-172-31-47-53 ~]# openssl s_client -connect api.iot.com:443 -tls1_2 -key ./device.key.pem -cert ./ca/intermediate/certs/device.cert.pem -CAfile ./ca/certs/ca.cert.pem -state CONNECTED(00000003) SSL_connect:before/connect initialization SSL_connect:SSLv3 write client hello A SSL_connect:SSLv3 read server hello A depth=2 C = CN, ST = Guangdong, L = Shenzhen, O = YSWM, OU = YSWM Certificate Authority, CN = YSWM ROOT CA verify return:1 depth=1 C = CN, ST = Guangdong, O = YSWM, OU = YSWM Certificate Authority, CN = YSWM Intermediate CA verify return:1 depth=0 C = CN, ST = Guangdong, L = Shenzhen, O = YSWL, OU = IT, CN = api.iot.com verify return:1 SSL_connect:SSLv3 read server certificate A SSL_connect:SSLv3 read server key exchange A SSL_connect:SSLv3 read server certificate request A SSL_connect:SSLv3 read server done A SSL_connect:SSLv3 write client certificate A SSL_connect:SSLv3 write client key exchange A SSL_connect:SSLv3 write certificate verify A SSL_connect:SSLv3 write change cipher spec A SSL_connect:SSLv3 write finished A SSL_connect:SSLv3 flush data SSL_connect:SSLv3 read server session ticket A SSL_connect:SSLv3 read finished A --- Certificate chain 0 s:/C=CN/ST=Guangdong/L=Shenzhen/O=YSWL/OU=IT/CN=api.iot.com i:/C=CN/ST=Guangdong/O=YSWM/OU=YSWM Certificate Authority/CN=YSWM Intermediate CA 1 s:/C=CN/ST=Guangdong/O=YSWM/OU=YSWM Certificate Authority/CN=YSWM Intermediate CA i:/C=CN/ST=Guangdong/L=Shenzhen/O=YSWM/OU=YSWM Certificate Authority/CN=YSWM ROOT CA 2 s:/C=CN/ST=Guangdong/L=Shenzhen/O=YSWM/OU=YSWM Certificate Authority/CN=YSWM ROOT CA i:/C=CN/ST=Guangdong/L=Shenzhen/O=YSWM/OU=YSWM Certificate Authority/CN=YSWM ROOT CA --- Server certificate -----BEGIN CERTIFICATE----- MIIFojCCA4qgAwIBAgICEAAwDQYJKoZIhvcNAQELBQAwdDELMAkGA1UEBhMCQ04x EjAQBgNVBAgMCUd1YW5nZG9uZzENMAsGA1UECgwEWVNXTTEjMCEGA1UECwwaWVNX TSBDZXJ0aWZpY2F0ZSBBdXRob3JpdHkxHTAbBgNVBAMMFFlTV00gSW50ZXJtZWRp YXRlIENBMB4XDTIwMDMxOTA2NDgzOVoXDTIxMDMxOTA2NDgzOVowZjELMAkGA1UE BhMCQ04xEjAQBgNVBAgMCUd1YW5nZG9uZzERMA8GA1UEBwwIU2hlbnpoZW4xDTAL BgNVBAoMBFlTV0wxCzAJBgNVBAsMAklUMRQwEgYDVQQDDAthcGkuaW90LmNvbTCC ASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAPKYx0hAmQ0SNZPXY2W7wDZM 2CoQEhMSuAvh5s1+P5QBx+llHCwk2ZNoRXiidRlA1E5Rr1YsAclEjbWcv9YKWiYn RstZ1/k0/l9xo3dhRgwptb3nXeHht2PXY++uMEOTWWe+C/Q6aYbkia87ZtNI7n82 n9/pFY3dXQatbjulxheYnoWjCz5fl7O0/uw15U7C1P/CB3XMUGLqqm3KKIJfpLmT gP7L+Q1dZVAcwrIfZdle6wG6dnpjRI7ak0GfbxOTokWAmr6YtWQoHYIoBpw8bKGS xwc0fhpvwroNAY9pSsNs96wlteVMDp7oibltq31oH10/TWB7j0qflqr9WuFjA7MC AwEAAaOCAUowggFGMAkGA1UdEwQCMAAwEQYJYIZIAYb4QgEBBAQDAgZAMDMGCWCG SAGG+EIBDQQmFiRPcGVuU1NMIEdlbmVyYXRlZCBTZXJ2ZXIgQ2VydGlmaWNhdGUw HQYDVR0OBBYEFPLQcQCz1Qhb+obRMVXL5CiTcIT7MIGsBgNVHSMEgaQwgaGAFLu/ V7kbBJBkvwKAFrDNbnmg6uPfoYGEpIGBMH8xCzAJBgNVBAYTAkNOMRIwEAYDVQQI DAlHdWFuZ2RvbmcxETAPBgNVBAcMCFNoZW56aGVuMQ0wCwYDVQQKDARZU1dNMSMw IQYDVQQLDBpZU1dNIENlcnRpZmljYXRlIEF1dGhvcml0eTEVMBMGA1UEAwwMWVNX TSBST09UIENBggIQADAOBgNVHQ8BAf8EBAMCBaAwEwYDVR0lBAwwCgYIKwYBBQUH AwEwDQYJKoZIhvcNAQELBQADggIBAAsmdvtSux+U9FV8Z/+RIHxR/zvuPlc8sVnT 0ivj069MTUwNN7Q91V+YSWzAB//17H9Lsy5f6Fxl9zNP9r9X3F3J9ha1qVZLgJFa CH3Otn/WPraS6Q1KiBwKPIMCgE0IA2Nz5ZrcIQwlTwQ2gIo41ZEMeVk0QvrXQXra vEeFTB4NHID5naJivP/ObO1y+4NKiT4hjjjn/xQxW5y0ddAkHYPPibbMlGA3htFe V/mIcVP7IeBYyJ31GPbJ9zu3hBpLFuqLh1YUdvJj9JL3wKTsPok5tL5RIM3wN9Ir BOZRkkJ8uN/hsFoMY4cFz1NS7iy/4SnslQibT8oGqa/lBxt+3ABYjI5nQUvyHkf0 +Y1mXyTLy2EbaM4streJPV48FY3vsmwk7bA5BkbjvS3aj7Mt7AW28LtD+szlK1Ix v4D06+Rl9kfZxFd6MWhLiMIYG4KfyIeficzM2X18PNZNdyxvbM/lWiLapc34aR6g ISz6/vFD58euDAHYiQnRjsk1cL4ViF3yZVXvZWRm7Lyhwj/5CZ7EGuNXGhw/svMu RLfr8SeoKohcJGE7nAEu+Q1q6VoNG0HKWk9Y2fEX+pS8z6ET875nL6ce12d9eEYR CkhIeoqCXtd9qHof3L5Qf5yndGGkn4rt0lG6tZikyXxmzOV2pjr/STezH/2mqLS2 oEAMh2YN -----END CERTIFICATE----- subject=/C=CN/ST=Guangdong/L=Shenzhen/O=YSWL/OU=IT/CN=api.iot.com issuer=/C=CN/ST=Guangdong/O=YSWM/OU=YSWM Certificate Authority/CN=YSWM Intermediate CA --- Acceptable client certificate CA names /C=CN/ST=Guangdong/O=YSWM/OU=YSWM Certificate Authority/CN=YSWM Intermediate CA /C=CN/ST=Guangdong/L=Shenzhen/O=YSWM/OU=YSWM Certificate Authority/CN=YSWM ROOT CA Client Certificate Types: RSA sign, DSA sign, ECDSA sign Requested Signature Algorithms: RSA+SHA512:DSA+SHA512:ECDSA+SHA512:RSA+SHA384:DSA+SHA384:ECDSA+SHA384:RSA+SHA256:DSA+SHA256:ECDSA+SHA256:RSA+SHA224:DSA+SHA224:ECDSA+SHA224:RSA+SHA1:DSA+SHA1:ECDSA+SHA1 Shared Requested Signature Algorithms: RSA+SHA512:DSA+SHA512:ECDSA+SHA512:RSA+SHA384:DSA+SHA384:ECDSA+SHA384:RSA+SHA256:DSA+SHA256:ECDSA+SHA256:RSA+SHA224:DSA+SHA224:ECDSA+SHA224:RSA+SHA1:DSA+SHA1:ECDSA+SHA1 Peer signing digest: SHA512 Server Temp Key: ECDH, P-256, 256 bits --- SSL handshake has read 6757 bytes and written 2015 bytes --- New, TLSv1/SSLv3, Cipher is ECDHE-RSA-AES256-GCM-SHA384 Server public key is 2048 bit Secure Renegotiation IS supported Compression: NONE Expansion: NONE No ALPN negotiated SSL-Session: Protocol : TLSv1.2 Cipher : ECDHE-RSA-AES256-GCM-SHA384 Session-ID: AAB0EF0F80FC694473791CD82FBAC09E1D2898F0A0809649313C99D5C7200483 Session-ID-ctx: Master-Key: 753B0AC90C5EF61C2065EC4CDDDBCF547787633E5E02B45AD73FAEE42FD8019D0BD3233543A70543C5EF276C9CAFDBEB Key-Arg : None Krb5 Principal: None PSK identity: None PSK identity hint: None TLS session ticket lifetime hint: 300 (seconds) TLS session ticket: 0000 - 21 7b 18 62 74 1d b5 ef-15 31 c5 19 a3 5a 51 6b !{.bt....1...ZQk 0010 - db ca cd da a0 46 ac 3a-4b fe 0a cc bd d9 e5 c0 .....F.:K....... 0020 - 4b 63 e9 3f ba 9f 01 72-45 3f 31 32 07 98 8b ad Kc.?...rE?12.... 0030 - c8 b6 d6 65 9c 3b 04 99-13 e8 20 5e 45 0d bd 00 ...e.;.... ^E... 0040 - 00 a1 d2 c6 34 50 4c 07-12 da aa e7 7e 90 b0 0c ....4PL.....~... 0050 - ba 60 e5 70 98 23 1c 57-08 34 00 64 fe ce 37 b5 .`.p.#.W.4.d..7. 0060 - 7c 6f 66 2d 6a b8 9a 53-ef dd ab bd e3 1e 0d bc |of-j..S........ 0070 - 69 eb df 29 a5 dd 92 9e-78 c4 77 2f c4 29 62 85 i..)....x.w/.)b. 0080 - e5 67 6f 5a 83 1a 7b 84-23 37 ab 56 93 2d d9 75 .goZ..{.#7.V.-.u 0090 - 44 a1 79 82 06 d3 b3 74-65 a7 ed 91 79 8b 0b 94 D.y....te...y... 00a0 - 05 90 ed 42 c0 88 e0 ae-de c9 a7 3f 0b 45 e8 0f ...B.......?.E.. 00b0 - af 86 3a 1e 9f 7e c2 66-a9 94 16 1c 1e a1 3d da ..:..~.f......=. 00c0 - 4b c7 71 72 87 9d 56 69-de 2e 52 4c d7 0c 45 ec K.qr..Vi..RL..E. 00d0 - 1a 5e bb 2d c8 77 65 6f-c6 0b 7a af 1d d0 dd e8 .^.-.weo..z..... 00e0 - 3e ae cb a2 b7 1b ed 81-c1 13 9e 8f 7c 99 4a 90 >...........|.J. 00f0 - 4e 42 b1 63 8a 80 08 ee-ad 3c 31 2f bd 53 4b 5f NB.c.....<1/.SK_ 0100 - 7c 51 02 eb 70 37 aa 1c-73 49 fb 9c e6 6c 84 d0 |Q..p7..sI...l.. 0110 - a5 88 43 08 43 fc 9b 43-5f ef 53 bf ae 74 ac 15 ..C.C..C_.S..t.. 0120 - 4d 1b 6a c9 7c 37 e9 f7-d1 3c 54 72 9f 4e de 45 M.j.|7...<Tr.N.E 0130 - b9 2a 5c 31 40 12 40 ec-17 c1 19 23 08 d1 9f 70 .*\1@.@....#...p 0140 - 39 06 51 ff 9c d0 34 62-a7 75 29 46 9e e5 0b a5 9.Q...4b.u)F.... 0150 - 6b b4 2b d6 c0 21 25 a3-ad cf 83 43 13 d1 79 6f k.+..!%....C..yo 0160 - 1e 51 54 a6 70 9a 13 24-4f 5c 77 16 66 d0 c8 e5 .QT.p..$O\w.f... 0170 - 56 0e 1e 4d dd 17 76 11-4d ff 94 ee 70 18 ab 2f V..M..v.M...p../ 0180 - 11 20 2b 72 7e 9e 0f 54-55 f3 c7 0d 15 54 d3 e5 . +r~..TU....T.. 0190 - f9 a3 f1 67 03 c9 b5 26-b4 6a 2b 08 5c d5 bf db ...g...&.j+.\... 01a0 - 00 81 d0 d2 01 28 c4 05-a7 88 48 bf 32 2b d4 64 .....(....H.2+.d 01b0 - fe 2d 7f ea d5 e3 2f 8c-23 b2 c0 92 e7 02 d2 b4 .-..../.#....... 01c0 - a9 b1 6f 05 ce ff c3 78-87 38 f0 ac d6 42 fd 70 ..o....x.8...B.p 01d0 - 50 3e 51 d2 48 cf ab 91-72 06 90 b9 a1 f9 19 81 P>Q.H...r....... 01e0 - 15 c4 dd 5b 02 f9 61 94-1c 6a 1a 17 fc c6 a6 8f ...[..a..j...... 01f0 - 24 95 2d 48 90 7c e6 4e-90 6d 3d 57 e6 2c 92 f8 $.-H.|.N.m=W.,.. 0200 - 3f 7b 02 d5 16 47 a5 b2-94 74 5e 3b 9d bc 0b d1 ?{...G...t^;.... 0210 - 78 63 c2 d4 6c ae f6 d3-aa 8d 49 1c 5c f1 b7 76 xc..l.....I.\..v 0220 - 8f f5 6e 62 93 82 9b 6c-9c 30 de 58 f8 b1 04 85 ..nb...l.0.X.... 0230 - 0c c4 79 cc 9a 95 d3 8d-42 6a 3d ba f2 b5 2e e0 ..y.....Bj=..... 0240 - ab 06 1d 6c 64 2c d2 da-59 81 bc 41 20 48 ce b0 ...ld,..Y..A H.. 0250 - 23 f8 09 4c 80 93 ce 8d-26 06 05 83 08 55 f5 d9 #..L....&....U.. 0260 - 96 ee 8f 9f 88 7f 07 b4-b2 5b c4 f3 24 2c b6 ec .........[..$,.. 0270 - 2b dc 85 a2 ef 1e 20 5b-90 ed b8 6b fc a0 e4 72 +..... [...k...r 0280 - f7 76 45 d1 26 e5 2c 39-67 ed be 5a 7f f3 64 37 .vE.&.,9g..Z..d7 0290 - 98 9d 01 68 e0 27 b4 b8-32 1d cb 3a 52 46 9e 8f ...h.'..2..:RF.. 02a0 - c8 a8 b2 5e c9 b1 a3 b1-76 b3 a5 e0 6f 41 bc 80 ...^....v...oA.. 02b0 - 60 d4 3b e7 3c 3b ff 9a-1a 08 4a 8c fa 48 86 5c `.;.<;....J..H.\ 02c0 - 24 fd 9a 3c 3c c9 4b a2-a9 5d 5e 8d 07 1c f8 7f $..<<.K..]^..... 02d0 - 14 86 15 45 f9 d5 16 3a-a8 d9 a3 8d 18 06 b7 14 ...E...:........ 02e0 - 0a 0e 8b 42 18 6e e0 09-0f f3 2e 6b e8 1d 2b 37 ...B.n.....k..+7 02f0 - c5 fc 55 f5 61 58 0b 5c-db 72 bb fb b2 75 4a cf ..U.aX.\.r...uJ. 0300 - 12 04 05 83 ea d7 e4 69-bf c3 0b 6a b7 1d 4c 57 .......i...j..LW 0310 - 98 38 bd 72 9d a6 3c c9-14 98 f5 0b c2 3f ec 3e .8.r..<......?.> 0320 - 59 f8 44 e0 b6 0e 43 f0-2a d9 a2 99 24 9f 37 13 Y.D...C.*...$.7. 0330 - db ec 5f 45 33 01 4e 47-24 b3 20 52 f4 25 a0 20 .._E3.NG$. R.%. 0340 - 59 f5 6c ac a6 36 91 96-aa 8e 50 fc 41 f5 d0 2d Y.l..6....P.A..- 0350 - f1 2d 3a db 21 d7 6b 49-d9 a1 24 89 18 90 c7 06 .-:.!.kI..$..... 0360 - fe 1c 66 aa 72 10 57 b1-9f fb a8 d0 7b 54 71 eb ..f.r.W.....{Tq. 0370 - ae 12 f6 1d 0c 4b a4 bc-08 93 d1 7a 4e 46 d4 86 .....K.....zNF.. 0380 - 65 97 1f de 62 f2 87 68-4c 43 93 81 f5 01 21 4c e...b..hLC....!L 0390 - ea 8b a3 ea 21 75 3c 59-5b 46 b9 32 28 0b 53 1d ....!u<Y[F.2(.S. 03a0 - 83 60 bc 53 4c f0 35 d9-f2 5a 4a 6c bc 75 d7 e2 .`.SL.5..ZJl.u.. 03b0 - 4a 52 85 e7 54 9d c3 52-69 cc b0 a1 88 3b 78 e0 JR..T..Ri....;x. 03c0 - cb 4d a3 db bc f0 28 85-f0 41 cc 73 e8 de 59 3a .M....(..A.s..Y: 03d0 - dc cb 8a eb 32 ef 99 26-bb 3b dc eb 1d f4 fc d6 ....2..&.;...... 03e0 - 2e 7e b2 e8 a5 41 2b 4a-9b 85 09 96 b0 6c 21 f7 .~...A+J.....l!. 03f0 - 7e 29 8e 6a bd 0c 3a 5f-44 3f 7a dc 2a 65 26 71 ~).j..:_D?z.*e&q 0400 - 6d ac cf 68 82 1d 63 f6-66 3d 1d a7 8a db 1c 4d m..h..c.f=.....M 0410 - 6a 5e de fe 3f ab 62 97-7f ed a8 27 fa 61 fb 48 j^..?.b....'.a.H 0420 - d4 20 38 ae 44 26 63 df-45 e8 65 11 48 07 38 39 . 8.D&c.E.e.H.89 0430 - 54 dc ea b6 9a 92 94 0f-88 80 e5 be d1 d1 f5 88 T............... 0440 - f8 7c 40 e2 1c 6f 2a 47-e8 0a c8 19 e7 01 ad 38 .|@..o*G.......8 0450 - ab a1 c0 1d a0 56 29 23-40 d4 0a 75 7e ad cd 5b .....V)#@..u~..[ 0460 - 80 b7 85 6f e2 7d c4 85-5b 5a 8b 05 c6 80 e7 b1 ...o.}..[Z...... 0470 - ce 57 14 e5 f8 5d 99 be-66 d9 41 6d eb 40 8f 22 .W...]..f.Am.@." 0480 - ac 79 c2 61 31 41 71 c0-87 c6 78 b4 73 24 06 69 .y.a1Aq...x.s$.i 0490 - 6c 15 36 7d f2 80 5d b4-59 44 be 64 bf 61 f8 fc l.6}..].YD.d.a.. 04a0 - 5f d6 8e 9e fe 6c 95 b9-d0 36 b8 0d 5f 67 eb 9b _....l...6.._g.. 04b0 - 2f ea b1 36 fd 2e 68 ae-0e 99 b8 c6 bb 1d c4 7d /..6..h........} 04c0 - 57 60 19 03 8b 15 ca 24-ec 40 d4 21 f1 de 1b 1a W`.....$.@.!.... 04d0 - 19 a1 35 eb fb f7 82 8d-14 71 f6 a8 1d 0c d8 4c ..5......q.....L 04e0 - 46 d8 1c 97 c9 32 64 5b-21 a7 4d e2 59 2b 4b 3d F....2d[!.M.Y+K= 04f0 - ef 3e 09 91 b7 66 ad c2-a4 f5 a6 d8 25 bb 81 a4 .>...f......%... 0500 - b0 00 ea 80 d3 5c 74 ac-57 d8 3a c7 44 22 eb eb .....\t.W.:.D".. 0510 - ad c9 9b 73 8e db 59 4b-4a ea 33 85 20 7b 6d 61 ...s..YKJ.3. {ma 0520 - 4c a5 61 a6 9e 5d 18 10-75 f5 cc 73 f7 72 66 f8 L.a..]..u..s.rf. 0530 - 2b 87 65 b6 e3 25 b8 30-84 90 64 6f 90 18 6a 17 +.e..%.0..do..j. 0540 - 55 bf 70 3a 78 16 27 ac-35 89 9d ec 0a 3e 79 19 U.p:x.'.5....>y. 0550 - aa 2d 6e fe 64 f0 bc 5f-0d b4 19 e9 bb 8d 57 ca .-n.d.._......W. 0560 - 49 f6 e2 18 04 84 7d 3e-79 fd bf 36 62 0f 89 85 I.....}>y..6b... 0570 - 8a 38 67 37 9c 52 a5 49-7b e1 fa b4 8f 62 57 d3 .8g7.R.I{....bW. 0580 - ec 92 58 e3 51 ad 5b fa-0f 02 37 bd 05 b6 ce 0e ..X.Q.[...7..... 0590 - e9 30 69 47 c3 c9 02 cd-f9 cc 71 46 db 0c 5a a5 .0iG......qF..Z. 05a0 - ed 2a b8 f7 fb 0a c0 b2-a8 7a 9d 35 75 1e f1 fe .*.......z.5u... 05b0 - df 47 0d 47 0b e2 94 88-69 26 e2 dc ef 5c 18 71 .G.G....i&...\.q 05c0 - 01 28 83 26 4d ae 73 c7-db 4d 36 06 d1 0d d1 90 .(.&M.s..M6..... 05d0 - 22 99 5e c4 ee 84 f9 a4-4a de b4 fe e0 d0 8d 8a ".^.....J....... Start Time: 1584608510 Timeout : 7200 (sec) Verify return code: 0 (ok) --- SSL3 alert read:warning:close notify closed SSL3 alert write:warning:close notify [root@ip-172-31-47-53 ~]#
命令参数
openssl s_client -connect api.iot.com:443 -tls1_2 \ -key ./device.key.pem \ -cert ./ca/intermediate/certs/device.cert.pem \ -CAfile ./ca/certs/ca.cert.pem -state openssl s_client -connect api.iot.com:443 -tls1_2 \ -key ./device.key.pem \ -cert ./ca/intermediate/certs/device.cert.pem \ -CAfile ./ca/certs/ca.cert.pem -state -debug