[Linux] 列出系統中安裝的所有根憑證 (Root CA)
最近有後端 API 想要換掉網站的根憑證 (Root CA),
不過這樣會影響到客戶端,
如果平台上沒有對應的根憑證的話,可能就會 HTTPS 驗證失敗。
在網路上找了一下,可以用下面的指令,
直接把所有的根憑證的 Subject 都列出來:
awk -v cmd='openssl x509 -noout -subject' '/BEGIN/{close(cmd)};{print | cmd}' < /etc/ssl/certs/ca-bundle.crt
列出來的樣子如下:
subject= /C=US/O=DigiCert Inc/OU=www.digicert.com/CN=DigiCert Assured ID Root CA subject= /C=US/O=DigiCert Inc/OU=www.digicert.com/CN=DigiCert Assured ID Root G2 subject= /C=US/O=DigiCert Inc/OU=www.digicert.com/CN=DigiCert Assured ID Root G3 subject= /C=US/O=DigiCert Inc/OU=www.digicert.com/CN=DigiCert Global Root CA subject= /C=US/O=DigiCert Inc/OU=www.digicert.com/CN=DigiCert Global Root G2 subject= /C=US/O=DigiCert Inc/OU=www.digicert.com/CN=DigiCert Global Root G3 subject= /C=US/O=DigiCert Inc/OU=www.digicert.com/CN=DigiCert High Assurance EV Root CA subject= /C=US/O=DigiCert Inc/OU=www.digicert.com/CN=DigiCert Trusted Root G4 ......
這樣就可以確認客戶端是否支援新的根憑證了~
參考資料:linux – List all available ssl ca certificates
(本頁面已被瀏覽過 268 次)