Home>

I have a question about the notation.

[yourname @ example yourname] $openssl s_client -connect www.yahoo.co.jp:443</dev/null 2>/dev/null | openssl x509 -noout- serial
serial = 0EC2F28A086AFF40F6257936A64CC437E44D28AC
[yourname @ example yourname] $

The serial number information of the SSL certificate used at www.yahoo.co.jp can be confirmed with the above command.

Similarly, there are servers that operate multiple wordpresses on KUSANAGI Linux servers. This server has the following site URL:
・ Https://site1.com/
・ Https://site2.com/

A regular SSL certificate is assigned to each of the above sites, but if you check the certificate properties with the following command, you will get a KUSANAGI self-certificate instead of a regular certificate.

[yourname @ example yourname] $openssl s_client -connect site1.com:443</dev/null 2>/dev/null
... Omitted
---
Certificate chain
 0 s:/C =-/ ST = SomeState/L = SomeCity/O = SomeOrganization/OU = SomeOrganizationalUnit/CN = kusanagi71/emailAddress = root @ kusanagi71
   i:/C =-/ ST = SomeState/L = SomeCity/O = SomeOrganization/OU = SomeOrganizationalUnit/CN = kusanagi71/emailAddress = root @ kusanagi71
---
... Omitted
* To make the explanation easier to understand, "www.yahoo.co.jp" is used as an example.

Therefore, I am in trouble because the properties of the currently applied certificate cannot be confirmed from the outside.
If i try to check your serial number for the above reasons

[yourname @ example yourname] $openssl s_client -connect www.nijimo.jp:443</dev/null 2>/dev/null | openssl x509 -noout -serial
serial = 0752


The self-certificate serial will be obtained instead of the applied certificate.

Here if you have information to check the properties of the certificate applied to the server
Thanks for your professorship.

  • Answer # 1

    I was able to solve it with PHP instead of Linux commands.

    array ('capture_peer_cert' =>true)
    ));
    $resource = stream_socket_client (
      'ssl: //'. $common_name. ': 443',
      $errno,
      $errstr,
      30,
      STREAM_CLIENT_CONNECT,
      $stream_context
    );
    $cont = stream_context_get_params ($resource);
    $parsed = openssl_x509_parse ($cont ['options'] ['ssl'] ['peer_certificate']);
    $parsed ['subjectAltName'];
    if (strpos ($parsed ['subject'] ['CN'], $common_name)! == false)
    {
      $serial_number10 = $parsed ['serialNumber'];
      $serial_number16 = system ('echo "obase = 16;'. $serial_number10. '" | bc');
      $attr = str_split ($serial_number16, 2);
      $serial_number = implode (':', $attr);
    }