如何校验服务器PUSH证书是否有效?
2016-01-11 14:29
615 查看
判断 cer 格式的PUSH证书是否有效非常简单,使用 PushMeBaby\SmartPush 之类的 Mac 应用程序向设备推一条推送通知就可以了。
但是服务器使用的PUSH 证书往往是 .pem(PHP/GoLang服务端)或 .p12(Java/C#服务端)格式的,我们可以用以下 OpenSSL 命令判断服务器 PUSH 证书是否有效,然后再确定是否是服务端代码的问题:
将 PKCS#12 (.pfx .p12) 转成 PEM:
用以下命令转换成同时包含私钥和证书的 pem 文件:
期间会提示输入密码,请输入 p12 文件导出时的密码。
注意:如果只导出私钥可以加上 -nocerts 参数,只导出证书则可以加上 -nokeys 参数。
测试生产证书:
如果输出如下信息(),表明证书是正常的:
CONNECTED(00000003) depth=1 /C=US/O=Entrust,
Inc./OU=www.entrust.net/rpa is incorporated by reference/OU=(c) 2009
Entrust, Inc./CN=Entrust Certification Authority - L1C verify
error:num=20:unable to get local issuer certificate verify return:0
— Certificate chain 0 s:/C=US/ST=California/L=Cupertino/O=Apple Inc./CN=gateway.push.apple.com i:/C=US/O=Entrust,
Inc./OU=www.entrust.net/rpa is incorporated by reference/OU=(c) 2009
Entrust, Inc./CN=Entrust Certification Authority - L1C 1
s:/C=US/O=Entrust, Inc./OU=www.entrust.net/rpa is incorporated by
reference/OU=(c) 2009 Entrust, Inc./CN=Entrust Certification Authority
- L1C i:/O=Entrust.net/OU=www.entrust.net/CPS_2048 incorp. by ref. (limits liab.)/OU=(c) 1999 Entrust.net Limited/CN=Entrust.net
Certification Authority (2048)
— Server certificate
—–BEGIN CERTIFICATE—– MIIFIzCCBAugAwIBAgIETCMvvjANBgkqhkiG9w0BAQUFADCBsTELMAkGA1UEBhMC …
… de7tGJEmdBgmtX2Wn0r0Erg+9nnjOEQ=
—–END CERTIFICATE—– subject=/C=US/ST=California/L=Cupertino/O=Apple
Inc./CN=gateway.push.apple.com issuer=/C=US/O=Entrust,
Inc./OU=www.entrust.net/rpa is incorporated by reference/OU=(c) 2009
Entrust, Inc./CN=Entrust Certification Authority - L1C
— Acceptable client certificate CA names /C=US/O=Apple Inc./OU=Apple Certification Authority/CN=Apple Root CA /C=US/O=Apple Inc./OU=Apple
Worldwide Developer Relations/CN=Apple Worldwide Developer Relations
Certification Authority /C=US/O=Apple Inc./OU=Apple Certification
Authority/CN=Apple Application Integration Certification Authority
— SSL handshake has read 3144 bytes and written 2168 bytes
— New, TLSv1/SSLv3, Cipher is AES256-SHA Server public key is 2048 bit Secure Renegotiation IS supported Compression: NONE Expansion:
NONE SSL-Session:
Protocol : TLSv1
Cipher : AES256-SHA
Session-ID:
Session-ID-ctx:
Master-Key: 9E737F1BD1AC1D41A2D6486B9F2DD08EF3B87EC9A91EBB42396D9664B34FF534DA2DCF4A897688ECBEFE00B069C481BC
Key-Arg : None
Start Time: 1452222166
Timeout : 300 (sec)
Verify return code: 0 (ok)
但是服务器使用的PUSH 证书往往是 .pem(PHP/GoLang服务端)或 .p12(Java/C#服务端)格式的,我们可以用以下 OpenSSL 命令判断服务器 PUSH 证书是否有效,然后再确定是否是服务端代码的问题:
将 PKCS#12 (.pfx .p12) 转成 PEM:
用以下命令转换成同时包含私钥和证书的 pem 文件:
[code]openssl pkcs12 -in apns_production_privatekey.p12 -out apns_production_privatekey.pem -nodes
期间会提示输入密码,请输入 p12 文件导出时的密码。
注意:如果只导出私钥可以加上 -nocerts 参数,只导出证书则可以加上 -nokeys 参数。
测试生产证书:
[code]openssl s_client -connect gateway.push.apple.com:2195 -cert apns_production_privatekey.pem
如果输出如下信息(),表明证书是正常的:
CONNECTED(00000003) depth=1 /C=US/O=Entrust,
Inc./OU=www.entrust.net/rpa is incorporated by reference/OU=(c) 2009
Entrust, Inc./CN=Entrust Certification Authority - L1C verify
error:num=20:unable to get local issuer certificate verify return:0
— Certificate chain 0 s:/C=US/ST=California/L=Cupertino/O=Apple Inc./CN=gateway.push.apple.com i:/C=US/O=Entrust,
Inc./OU=www.entrust.net/rpa is incorporated by reference/OU=(c) 2009
Entrust, Inc./CN=Entrust Certification Authority - L1C 1
s:/C=US/O=Entrust, Inc./OU=www.entrust.net/rpa is incorporated by
reference/OU=(c) 2009 Entrust, Inc./CN=Entrust Certification Authority
- L1C i:/O=Entrust.net/OU=www.entrust.net/CPS_2048 incorp. by ref. (limits liab.)/OU=(c) 1999 Entrust.net Limited/CN=Entrust.net
Certification Authority (2048)
— Server certificate
—–BEGIN CERTIFICATE—– MIIFIzCCBAugAwIBAgIETCMvvjANBgkqhkiG9w0BAQUFADCBsTELMAkGA1UEBhMC …
… de7tGJEmdBgmtX2Wn0r0Erg+9nnjOEQ=
—–END CERTIFICATE—– subject=/C=US/ST=California/L=Cupertino/O=Apple
Inc./CN=gateway.push.apple.com issuer=/C=US/O=Entrust,
Inc./OU=www.entrust.net/rpa is incorporated by reference/OU=(c) 2009
Entrust, Inc./CN=Entrust Certification Authority - L1C
— Acceptable client certificate CA names /C=US/O=Apple Inc./OU=Apple Certification Authority/CN=Apple Root CA /C=US/O=Apple Inc./OU=Apple
Worldwide Developer Relations/CN=Apple Worldwide Developer Relations
Certification Authority /C=US/O=Apple Inc./OU=Apple Certification
Authority/CN=Apple Application Integration Certification Authority
— SSL handshake has read 3144 bytes and written 2168 bytes
— New, TLSv1/SSLv3, Cipher is AES256-SHA Server public key is 2048 bit Secure Renegotiation IS supported Compression: NONE Expansion:
NONE SSL-Session:
Protocol : TLSv1
Cipher : AES256-SHA
Session-ID:
Session-ID-ctx:
Master-Key: 9E737F1BD1AC1D41A2D6486B9F2DD08EF3B87EC9A91EBB42396D9664B34FF534DA2DCF4A897688ECBEFE00B069C481BC
Key-Arg : None
Start Time: 1452222166
Timeout : 300 (sec)
Verify return code: 0 (ok)
内容来自用户分享和网络整理,不保证内容的准确性,如有侵权内容,可联系管理员处理 
相关文章推荐
- 注入问题0x00
- Monkey测试简介
- Qt 知识的总结
- The content of the adapter has changed but ListView did not receive a notification
- MylSQL索引
- redhat/centos修改yum源
- go web 第一天 学习笔记
- Android-init.c
- 正则表达式
- 数据库之聚合函数与分组
- 开启Mac自带apache和PHP开发环境
- 咖啡叫软件开发--界面组日志06-总结
- LoadRunner录制回放常见问题及解决方案
- fullgc一小时发生一次的原因
- 工具-监测页面有哪些事件的小工具 Visual Event
- c#借助CommandLineParser写命令行工具
- Windows中进程的内存结构
- Dagger 2 初体验
- 如何获取生产环境的 Device Token?
- 快速排序(三数中值、三向切分、转插入排序)