Command Line Interface yang berhubungan dengan Domain
8 min readMar 10, 2023
Ada banyak sekali CLI yang bisa digunakan dalam kegiatan harian, dalam artikel ini penulis ingin membagikan beberapa CLI yang biasa penulis gunakan.
SSL Scanner
Command sslscan yang mana penulis sering gunakan untuk melihat TLS Version dan Chiper Suite yang digunakan pada sebuah domain.
sslscan <domain>$ sslscan example.com
Version: 2.0.15 Windows 64-bit (Mingw)
OpenSSL 1.1.1e-dev xx XXX xxxx
Connected to 93.184.216.34
Testing SSL server example.com on port 443 using SNI name example.com
SSL/TLS Protocols:
SSLv2 disabled
SSLv3 disabled
TLSv1.0 enabled
TLSv1.1 enabled
TLSv1.2 enabled
TLSv1.3 enabled
TLS Fallback SCSV:
Server supports TLS Fallback SCSV
TLS renegotiation:
Secure session renegotiation supported
TLS Compression:
Compression disabled
Heartbleed:
TLSv1.3 not vulnerable to heartbleed
TLSv1.2 not vulnerable to heartbleed
TLSv1.1 not vulnerable to heartbleed
TLSv1.0 not vulnerable to heartbleed
Supported Server Cipher(s):
Preferred TLSv1.3 256 bits TLS_AES_256_GCM_SHA384 Curve P-256 DHE 256
Accepted TLSv1.3 256 bits TLS_CHACHA20_POLY1305_SHA256 Curve P-256 DHE 256
Accepted TLSv1.3 128 bits TLS_AES_128_GCM_SHA256 Curve P-256 DHE 256
Preferred TLSv1.2 128 bits ECDHE-RSA-AES128-GCM-SHA256 Curve P-256 DHE 256
Accepted TLSv1.2 256 bits ECDHE-RSA-AES256-GCM-SHA384 Curve P-256 DHE 256
Accepted TLSv1.2 128 bits DHE-RSA-AES128-GCM-SHA256 DHE 2048 bits
Accepted TLSv1.2 256 bits DHE-RSA-AES256-GCM-SHA384 DHE 2048 bits
Accepted TLSv1.2 128 bits ECDHE-RSA-AES128-SHA256 Curve P-256 DHE 256
Accepted TLSv1.2 128 bits ECDHE-RSA-AES128-SHA Curve P-256 DHE 256
Accepted TLSv1.2 256 bits ECDHE-RSA-AES256-SHA384 Curve P-256 DHE 256
Accepted TLSv1.2 256 bits ECDHE-RSA-AES256-SHA Curve P-256 DHE 256
Accepted TLSv1.2 128 bits DHE-RSA-AES128-SHA256 DHE 2048 bits
Accepted TLSv1.2 128 bits DHE-RSA-AES128-SHA DHE 2048 bits
Accepted TLSv1.2 256 bits DHE-RSA-AES256-SHA256 DHE 2048 bits
Accepted TLSv1.2 256 bits DHE-RSA-AES256-SHA DHE 2048 bits
Accepted TLSv1.2 128 bits AES128-GCM-SHA256
Accepted TLSv1.2 256 bits DHE-RSA-CAMELLIA256-SHA DHE 2048 bits
Accepted TLSv1.2 128 bits DHE-RSA-CAMELLIA128-SHA DHE 2048 bits
Accepted TLSv1.2 256 bits AES256-SHA
Accepted TLSv1.2 256 bits CAMELLIA256-SHA
Accepted TLSv1.2 128 bits AES128-SHA
Accepted TLSv1.2 128 bits CAMELLIA128-SHA
Accepted TLSv1.2 128 bits DHE-RSA-SEED-SHA DHE 2048 bits
Accepted TLSv1.2 128 bits SEED-SHA
Preferred TLSv1.1 128 bits ECDHE-RSA-AES128-SHA Curve P-256 DHE 256
Accepted TLSv1.1 256 bits ECDHE-RSA-AES256-SHA Curve P-256 DHE 256
Accepted TLSv1.1 128 bits DHE-RSA-AES128-SHA DHE 2048 bits
Accepted TLSv1.1 256 bits DHE-RSA-AES256-SHA DHE 2048 bits
Accepted TLSv1.1 256 bits DHE-RSA-CAMELLIA256-SHA DHE 2048 bits
Accepted TLSv1.1 128 bits DHE-RSA-CAMELLIA128-SHA DHE 2048 bits
Accepted TLSv1.1 256 bits AES256-SHA
Accepted TLSv1.1 256 bits CAMELLIA256-SHA
Accepted TLSv1.1 128 bits AES128-SHA
Accepted TLSv1.1 128 bits CAMELLIA128-SHA
Accepted TLSv1.1 128 bits DHE-RSA-SEED-SHA DHE 2048 bits
Accepted TLSv1.1 128 bits SEED-SHA
Preferred TLSv1.0 128 bits ECDHE-RSA-AES128-SHA Curve P-256 DHE 256
Accepted TLSv1.0 256 bits ECDHE-RSA-AES256-SHA Curve P-256 DHE 256
Accepted TLSv1.0 128 bits DHE-RSA-AES128-SHA DHE 2048 bits
Accepted TLSv1.0 256 bits DHE-RSA-AES256-SHA DHE 2048 bits
Accepted TLSv1.0 256 bits DHE-RSA-CAMELLIA256-SHA DHE 2048 bits
Accepted TLSv1.0 128 bits DHE-RSA-CAMELLIA128-SHA DHE 2048 bits
Accepted TLSv1.0 256 bits AES256-SHA
Accepted TLSv1.0 256 bits CAMELLIA256-SHA
Accepted TLSv1.0 128 bits AES128-SHA
Accepted TLSv1.0 128 bits CAMELLIA128-SHA
Accepted TLSv1.0 128 bits DHE-RSA-SEED-SHA DHE 2048 bits
Accepted TLSv1.0 128 bits SEED-SHA
Server Key Exchange Group(s):
TLSv1.3 128 bits secp256r1 (NIST P-256)
TLSv1.2 128 bits secp256r1 (NIST P-256)
SSL Certificate:
Signature Algorithm: sha256WithRSAEncryption
RSA Key Strength: 2048
Subject: www.example.org
Altnames: DNS:www.example.org, DNS:example.net, DNS:example.edu, DNS:example.com, DNS:example.org, DNS:www.example.com, DNS:www.example.edu, DNS:www.example.net
Issuer: DigiCert TLS RSA SHA256 2020 CA1
Not valid before: Jan 13 00:00:00 2023 GMT
Not valid after: Feb 13 23:59:59 2024 GMTDomain Information
Command dig yang mana penulis sering gunakan untuk melihat Alias dari sebuah Domain. Alternatif lain penulis juga biasa menggunakan nslookup.
dig <domain>$ dig example.com
; <<>> DiG 9.16.38 <<>> example.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 43363
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;example.com. IN A
;; ANSWER SECTION:
example.com. 1057 IN A 93.184.216.34
;; Query time: 118 msec
;; SERVER: 10.10.101.201#53(10.10.101.201)
;; WHEN: Fri Mar 10 10:12:27 Asi 2023
;; MSG SIZE rcvd: 56nslookup <domain>$ nslookup example.com
Server: mlpt-opendns01.multipolar.com
Address: 10.10.101.201
Non-authoritative answer:
Name: example.com
Addresses: 2606:2800:220:1:248:1893:25c8:1946
93.184.216.34Openssl
Command openssl yang mana penulis sering gunakan untuk melihat Public Certificate dari sebuah Domain, dan informasi detil terkait Certificate.
openssl s_client -connect <IP>:<SSLPORT> -showcerts$ openssl s_client -connect 93.184.216.34:443 -showcerts
CONNECTED(00000004)
Can't use SSL_get_servername
depth=2 C = US, O = DigiCert Inc, OU = www.digicert.com, CN = DigiCert Global Root CA
verify return:1
depth=1 C = US, O = DigiCert Inc, CN = DigiCert TLS RSA SHA256 2020 CA1
verify return:1
depth=0 C = US, ST = California, L = Los Angeles, O = Internet\C2\A0Corporation\C2\A0for\C2\A0Assigned\C2\A0Names\C2\A0and\C2\A0Numbers, CN = www.example.org
verify return:1
---
Certificate chain
0 s:C = US, ST = California, L = Los Angeles, O = Internet\C2\A0Corporation\C2\A0for\C2\A0Assigned\C2\A0Names\C2\A0and\C2\A0Numbers, CN = www.example.org
i:C = US, O = DigiCert Inc, CN = DigiCert TLS RSA SHA256 2020 CA1
-----BEGIN CERTIFICATE-----
MIIHSjCCBjKgAwIBAgIQDB/LGEUYx+OGZ0EjbWtz8TANBgkqhkiG9w0BAQsFADBP
MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMSkwJwYDVQQDEyBE
aWdpQ2VydCBUTFMgUlNBIFNIQTI1NiAyMDIwIENBMTAeFw0yMzAxMTMwMDAwMDBa
Fw0yNDAyMTMyMzU5NTlaMIGWMQswCQYDVQQGEwJVUzETMBEGA1UECBMKQ2FsaWZv
cm5pYTEUMBIGA1UEBxMLTG9zIEFuZ2VsZXMxQjBABgNVBAoMOUludGVybmV0wqBD
b3Jwb3JhdGlvbsKgZm9ywqBBc3NpZ25lZMKgTmFtZXPCoGFuZMKgTnVtYmVyczEY
MBYGA1UEAxMPd3d3LmV4YW1wbGUub3JnMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8A
MIIBCgKCAQEAwoB3iVm4RW+6StkR+nutx1fQevu2+t0Fu6KBcbvhfyHSXy7w0nJO
dTT4jWLjStpRkNQBPZwMwHH35i+21gdnJtDe/xfO8IX9McFmyodlBUcqX8CruIzD
v9AXf2OjXPBG+4aq+03XKl5/muATl32++301Vw1dXoGYNeoWQqLTsHT3WS3tOOf+
ehuzNuZ+rj+ephaD3lMBToEArrtC9R91KTTN6YSAOK48NxTA8CfOMFK5itxfIqB5
+E9OSQTidXyqLyoeA+xxTKMqYfxvypEek1oueAhY9u67NCBdmuavxtfyvwp7+o6S
d+NsewxAhmRKFexw13KOYzDhC+9aMJcuJQIDAQABo4ID2DCCA9QwHwYDVR0jBBgw
FoAUt2ui6qiqhIx56rTaD5iyxZV2ufQwHQYDVR0OBBYEFLCTP+gXgv1ssrYXh8vj
gP6CmwGeMIGBBgNVHREEejB4gg93d3cuZXhhbXBsZS5vcmeCC2V4YW1wbGUubmV0
ggtleGFtcGxlLmVkdYILZXhhbXBsZS5jb22CC2V4YW1wbGUub3Jngg93d3cuZXhh
bXBsZS5jb22CD3d3dy5leGFtcGxlLmVkdYIPd3d3LmV4YW1wbGUubmV0MA4GA1Ud
DwEB/wQEAwIFoDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwgY8GA1Ud
HwSBhzCBhDBAoD6gPIY6aHR0cDovL2NybDMuZGlnaWNlcnQuY29tL0RpZ2lDZXJ0
VExTUlNBU0hBMjU2MjAyMENBMS00LmNybDBAoD6gPIY6aHR0cDovL2NybDQuZGln
aWNlcnQuY29tL0RpZ2lDZXJ0VExTUlNBU0hBMjU2MjAyMENBMS00LmNybDA+BgNV
HSAENzA1MDMGBmeBDAECAjApMCcGCCsGAQUFBwIBFhtodHRwOi8vd3d3LmRpZ2lj
ZXJ0LmNvbS9DUFMwfwYIKwYBBQUHAQEEczBxMCQGCCsGAQUFBzABhhhodHRwOi8v
b2NzcC5kaWdpY2VydC5jb20wSQYIKwYBBQUHMAKGPWh0dHA6Ly9jYWNlcnRzLmRp
Z2ljZXJ0LmNvbS9EaWdpQ2VydFRMU1JTQVNIQTI1NjIwMjBDQTEtMS5jcnQwCQYD
VR0TBAIwADCCAX8GCisGAQQB1nkCBAIEggFvBIIBawFpAHYA7s3QZNXbGs7FXLed
tM0TojKHRny87N7DUUhZRnEftZsAAAGFq0gFIwAABAMARzBFAiEAqt+fK6jFdGA6
tv0EWt9rax0WYBV4re9jgZgq0zi42QUCIEBh1yKpPvgX1BreE0wBUmriOVUhJS77
KgF193fT2877AHcAc9meiRtMlnigIH1HneayxhzQUV5xGSqMa4AQesF3crUAAAGF
q0gFnwAABAMASDBGAiEA12SUFK5rgLqRzvgcr7ZzV4nl+Zt9lloAzRLfPc7vSPAC
IQCXPbwScx1rE+BjFawZlVjLj/1PsM0KQQcsfHDZJUTLwAB2AEiw42vapkc0D+Vq
AvqdMOscUgHLVt0sgdm7v6s52IRzAAABhatIBV4AAAQDAEcwRQIhAN5bhHthoyWM
J3CQB/1iYFEhMgUVkFhHDM/nlE9ThCwhAiAPvPJXyp7a2kzwJX3P7fqH5Xko3rPh
CzRoXYd6W+QkCjANBgkqhkiG9w0BAQsFAAOCAQEAWeRK2KmCuppK8WMMbXYmdbM8
dL7F9z2nkZL4zwYtWBDt87jW/Gz/E5YyzU/phySFC3SiwvYP9afYfXaKrunJWCtu
AG+5zSTuxELFTBaFnTRhOSO/xo6VyYSpsuVBD0R415W5z9l0v1hP5xb/fEAwxGxO
Ik3Lg2c6k78rxcWcGvJDoSU7hPb3U26oha7eFHSRMAYN8gfUxAi6Q2TF4j/arMVB
r6Q36EJ2dPcTu0p9NlmBm8dE34lzuTNC6GDCTWFdEloQ9u//M4kUUOjWn8a5XCs1
263t3Ta2JfKViqxpP5r+GvgVKG3qGFrC0mIYr0B4tfpeCY9T+cz4I6GDMSP0xg==
-----END CERTIFICATE-----
1 s:C = US, O = DigiCert Inc, CN = DigiCert TLS RSA SHA256 2020 CA1
i:C = US, O = DigiCert Inc, OU = www.digicert.com, CN = DigiCert Global Root CA
-----BEGIN CERTIFICATE-----
MIIEvjCCA6agAwIBAgIQBtjZBNVYQ0b2ii+nVCJ+xDANBgkqhkiG9w0BAQsFADBh
MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3
d3cuZGlnaWNlcnQuY29tMSAwHgYDVQQDExdEaWdpQ2VydCBHbG9iYWwgUm9vdCBD
QTAeFw0yMTA0MTQwMDAwMDBaFw0zMTA0MTMyMzU5NTlaME8xCzAJBgNVBAYTAlVT
MRUwEwYDVQQKEwxEaWdpQ2VydCBJbmMxKTAnBgNVBAMTIERpZ2lDZXJ0IFRMUyBS
U0EgU0hBMjU2IDIwMjAgQ0ExMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAwUuzZUdwvN1PWNvsnO3DZuUfMRNUrUpmRh8sCuxkB+Uu3Ny5CiDt3+PE0J6a
qXodgojlEVbbHp9YwlHnLDQNLtKS4VbL8Xlfs7uHyiUDe5pSQWYQYE9XE0nw6Ddn
g9/n00tnTCJRpt8OmRDtV1F0JuJ9x8piLhMbfyOIJVNvwTRYAIuE//i+p1hJInuW
raKImxW8oHzf6VGo1bDtN+I2tIJLYrVJmuzHZ9bjPvXj1hJeRPG/cUJ9WIQDgLGB
Afr5yjK7tI4nhyfFK3TUqNaX3sNk+crOU6JWvHgXjkkDKa77SU+kFbnO8lwZV21r
eacroicgE7XQPUDTITAHk+qZ9QIDAQABo4IBgjCCAX4wEgYDVR0TAQH/BAgwBgEB
/wIBADAdBgNVHQ4EFgQUt2ui6qiqhIx56rTaD5iyxZV2ufQwHwYDVR0jBBgwFoAU
A95QNVbRTLtm8KPiGxvDl7I90VUwDgYDVR0PAQH/BAQDAgGGMB0GA1UdJQQWMBQG
CCsGAQUFBwMBBggrBgEFBQcDAjB2BggrBgEFBQcBAQRqMGgwJAYIKwYBBQUHMAGG
GGh0dHA6Ly9vY3NwLmRpZ2ljZXJ0LmNvbTBABggrBgEFBQcwAoY0aHR0cDovL2Nh
Y2VydHMuZGlnaWNlcnQuY29tL0RpZ2lDZXJ0R2xvYmFsUm9vdENBLmNydDBCBgNV
HR8EOzA5MDegNaAzhjFodHRwOi8vY3JsMy5kaWdpY2VydC5jb20vRGlnaUNlcnRH
bG9iYWxSb290Q0EuY3JsMD0GA1UdIAQ2MDQwCwYJYIZIAYb9bAIBMAcGBWeBDAEB
MAgGBmeBDAECATAIBgZngQwBAgIwCAYGZ4EMAQIDMA0GCSqGSIb3DQEBCwUAA4IB
AQCAMs5eC91uWg0Kr+HWhMvAjvqFcO3aXbMM9yt1QP6FCvrzMXi3cEsaiVi6gL3z
ax3pfs8LulicWdSQ0/1s/dCYbbdxglvPbQtaCdB73sRD2Cqk3p5BJl+7j5nL3a7h
qG+fh/50tx8bIKuxT8b1Z11dmzzp/2n3YWzW2fP9NsarA4h20ksudYbj/NhVfSbC
EXffPgK2fPOre3qGNm+499iTcc+G33Mw+nur7SpZyEKEOxEXGlLzyQ4UfaJbcme6
ce1XR2bFuAJKZTRei9AqPCCcUZlM51Ke92sRKw2Sfh3oius2FkOH6ipjv3U/697E
A7sKPPcw7+uvTPyLNhBzPvOk
-----END CERTIFICATE-----
---
Server certificate
subject=C = US, ST = California, L = Los Angeles, O = Internet\C2\A0Corporation\C2\A0for\C2\A0Assigned\C2\A0Names\C2\A0and\C2\A0Numbers, CN = www.example.org
issuer=C = US, O = DigiCert Inc, CN = DigiCert TLS RSA SHA256 2020 CA1
---
No client certificate CA names sent
Peer signing digest: SHA256
Peer signature type: RSA-PSS
Server Temp Key: ECDH, P-256, 256 bits
---
SSL handshake has read 3775 bytes and written 715 bytes
Verification: OK
---
New, TLSv1.3, Cipher is TLS_AES_256_GCM_SHA384
Server public key is 2048 bit
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
Early data was not sent
Verify return code: 0 (ok)
---
---
Post-Handshake New Session Ticket arrived:
SSL-Session:
Protocol : TLSv1.3
Cipher : TLS_AES_256_GCM_SHA384
Session-ID: D2D17201AA2506F2EAF7712C5A9CB711215A3FCD78FD0FB4D81ECFA91074EF0D
Session-ID-ctx:
Resumption PSK: 071081065364CE8C609233924832E77C3CEC85B10E21278AD231866D095CCCE41E2DD5239629047512C24F151B9A141F
PSK identity: None
PSK identity hint: None
SRP username: None
TLS session ticket lifetime hint: 7200 (seconds)
TLS session ticket:
0000 - ea 1f e6 bd ff df d0 8b-a8 1b 20 7f 1d 56 3a ac .......... ..V:.
0010 - 96 aa ce 89 40 77 c2 bd-06 22 7d aa 18 89 80 b2 ....@w..."}.....
0020 - d3 ff 02 3d ca 5d 2a dc-0b 11 0a de 54 f5 41 ca ...=.]*.....T.A.
0030 - 9f d9 8a d7 13 bd f8 0e-1c 42 dd 45 f0 dd 61 f9 .........B.E..a.
0040 - 6b 08 3d 5b 07 99 7a 92-8f ef cb b0 31 d1 0e 92 k.=[..z.....1...
0050 - 92 6e 61 34 e6 aa 1f e6-f2 f9 be 1b 61 87 07 91 .na4........a...
0060 - 5f 57 79 3c 68 51 ba 65-99 b9 84 13 09 3c 00 40 _Wy<hQ.e.....<.@
0070 - d0 88 99 74 24 7c fe 66-07 b4 f7 eb 2f f2 8f 9b ...t$|.f..../...
0080 - 1a ff 7e 94 a5 f2 61 5e-f3 12 ab 81 6e da 36 79 ..~...a^....n.6y
0090 - 62 1b 6d 3f df 05 68 c2-8a a1 0f e0 31 d2 10 49 b.m?..h.....1..I
00a0 - a5 ea f3 61 8f b6 b7 e7-44 4e db c8 76 d0 20 4c ...a....DN..v. L
00b0 - 7b 78 a4 4d b1 5f 78 3c-6e cf 2e 58 a9 4d 5e b9 {x.M._x<n..X.M^.
Start Time: 1678444298
Timeout : 7200 (sec)
Verify return code: 0 (ok)
Extended master secret: no
Max Early Data: 0
---
read R BLOCK
---
Post-Handshake New Session Ticket arrived:
SSL-Session:
Protocol : TLSv1.3
Cipher : TLS_AES_256_GCM_SHA384
Session-ID: 5AD0EE23D0E8B39844663C9B2FED89606DC299B0941E616A8FCD6529B05D609D
Session-ID-ctx:
Resumption PSK: C8813EC180E2FAB25D0380A5EDEF4332FBA92BBE1DCFF2D6987A0241A06D1FCA80B0D6D1F71CDF1D34D4381AEBA5D954
PSK identity: None
PSK identity hint: None
SRP username: None
TLS session ticket lifetime hint: 7200 (seconds)
TLS session ticket:
0000 - ea 1f e6 bd ff df d0 8b-a8 1b 20 7f 1d 56 3a ac .......... ..V:.
0010 - fb 70 ee 46 ea 61 ec 77-2d be 8d 3b 5c 1c f2 e1 .p.F.a.w-..;\...
0020 - fa 92 09 1a cc 2a 34 9f-ee a1 cf a5 3b de 42 df .....*4.....;.B.
0030 - 2e 10 fe e1 fd e9 20 6d-a8 5a 0d 6d 8f 00 57 18 ...... m.Z.m..W.
0040 - 90 ec 9d 23 25 7f 2c bb-f9 34 99 15 a8 06 90 b3 ...#%.,..4......
0050 - da c2 a9 2a fb bd 6d 3c-31 3e 0f 5f 31 98 01 f8 ...*..m<1>._1...
0060 - 7f d6 f6 84 6f 56 24 36-00 22 b4 57 a0 26 3e 52 ....oV$6.".W.&>R
0070 - b7 ab 81 6a 2a dd 2f 3d-87 47 ff 62 37 dc 4d e7 ...j*./=.G.b7.M.
0080 - 1c 88 b2 d9 9e 36 da d9-1b 65 08 28 b6 54 0b 3a .....6...e.(.T.:
0090 - 0f 96 a0 76 60 6a 01 21-30 07 29 3a f0 7c 26 a8 ...v`j.!0.):.|&.
00a0 - 42 83 18 1b 9c 73 3e 74-49 e6 88 c1 ff de fc 4a B....s>tI......J
00b0 - 03 df ed f0 20 f3 70 d4-d1 71 1c a9 0e 7a 05 ff .... .p..q...z..
00c0 - 52 f3 14 1a 5e 32 d5 08-fb ba bc 72 f8 72 33 48 R...^2.....r.r3H
Start Time: 1678444298
Timeout : 7200 (sec)
Verify return code: 0 (ok)
Extended master secret: no
Max Early Data: 0
---
read R BLOCK
closedopenssl x509 -in /cert/directory -text -noout$ openssl x509 -in '/root/cert/pub.crt' -text -noout
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
0c:1f:cb:18:45:18:c7:e3:86:67:41:23:6d:6b:73:f1
Signature Algorithm: sha256WithRSAEncryption
Issuer: C = US, O = DigiCert Inc, CN = DigiCert TLS RSA SHA256 2020 CA1
Validity
Not Before: Jan 13 00:00:00 2023 GMT
Not After : Feb 13 23:59:59 2024 GMT
Subject: C = US, ST = California, L = Los Angeles, O = Internet\C2\A0Corporation\C2\A0for\C2\A0Assigned\C2\A0Names\C2\A0and\C2\A0Numbers, CN = www.example.org
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c2:80:77:89:59:b8:45:6f:ba:4a:d9:11:fa:7b:
ad:c7:57:d0:7a:fb:b6:fa:dd:05:bb:a2:81:71:bb:
e1:7f:21:d2:5f:2e:f0:d2:72:4e:75:34:f8:8d:62:
e3:4a:da:51:90:d4:01:3d:9c:0c:c0:71:f7:e6:2f:
b6:d6:07:67:26:d0:de:ff:17:ce:f0:85:fd:31:c1:
66:ca:87:65:05:47:2a:5f:c0:ab:b8:8c:c3:bf:d0:
17:7f:63:a3:5c:f0:46:fb:86:aa:fb:4d:d7:2a:5e:
7f:9a:e0:13:97:7d:be:fb:7d:35:57:0d:5d:5e:81:
98:35:ea:16:42:a2:d3:b0:74:f7:59:2d:ed:38:e7:
fe:7a:1b:b3:36:e6:7e:ae:3f:9e:a6:16:83:de:53:
01:4e:81:00:ae:bb:42:f5:1f:75:29:34:cd:e9:84:
80:38:ae:3c:37:14:c0:f0:27:ce:30:52:b9:8a:dc:
5f:22:a0:79:f8:4f:4e:49:04:e2:75:7c:aa:2f:2a:
1e:03:ec:71:4c:a3:2a:61:fc:6f:ca:91:1e:93:5a:
2e:78:08:58:f6:ee:bb:34:20:5d:9a:e6:af:c6:d7:
f2:bf:0a:7b:fa:8e:92:77:e3:6c:7b:0c:40:86:64:
4a:15:ec:70:d7:72:8e:63:30:e1:0b:ef:5a:30:97:
2e:25
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Authority Key Identifier:
keyid:B7:6B:A2:EA:A8:AA:84:8C:79:EA:B4:DA:0F:98:B2:C5:95:76:B9:F4
X509v3 Subject Key Identifier:
B0:93:3F:E8:17:82:FD:6C:B2:B6:17:87:CB:E3:80:FE:82:9B:01:9E
X509v3 Subject Alternative Name:
DNS:www.example.org, DNS:example.net, DNS:example.edu, DNS:example.com, DNS:example.org, DNS:www.example.com, DNS:www.example.edu, DNS:www.example.net
X509v3 Key Usage: critical
Digital Signature, Key Encipherment
X509v3 Extended Key Usage:
TLS Web Server Authentication, TLS Web Client Authentication
X509v3 CRL Distribution Points:
Full Name:
URI:http://crl3.digicert.com/DigiCertTLSRSASHA2562020CA1-4.crl
Full Name:
URI:http://crl4.digicert.com/DigiCertTLSRSASHA2562020CA1-4.crl
X509v3 Certificate Policies:
Policy: 2.23.140.1.2.2
CPS: http://www.digicert.com/CPS
Authority Information Access:
OCSP - URI:http://ocsp.digicert.com
CA Issuers - URI:http://cacerts.digicert.com/DigiCertTLSRSASHA2562020CA1-1.crt
X509v3 Basic Constraints:
CA:FALSE
CT Precertificate SCTs:
Signed Certificate Timestamp:
Version : v1 (0x0)
Log ID : EE:CD:D0:64:D5:DB:1A:CE:C5:5C:B7:9D:B4:CD:13:A2:
32:87:46:7C:BC:EC:DE:C3:51:48:59:46:71:1F:B5:9B
Timestamp : Jan 13 13:18:21.987 2023 GMT
Extensions: none
Signature : ecdsa-with-SHA256
30:45:02:21:00:AA:DF:9F:2B:A8:C5:74:60:3A:B6:FD:
04:5A:DF:6B:6B:1D:16:60:15:78:AD:EF:63:81:98:2A:
D3:38:B8:D9:05:02:20:40:61:D7:22:A9:3E:F8:17:D4:
1A:DE:13:4C:01:52:6A:E2:39:55:21:25:2E:FB:2A:01:
75:F7:77:D3:DB:CE:FB
Signed Certificate Timestamp:
Version : v1 (0x0)
Log ID : 73:D9:9E:89:1B:4C:96:78:A0:20:7D:47:9D:E6:B2:C6:
1C:D0:51:5E:71:19:2A:8C:6B:80:10:7A:C1:77:72:B5
Timestamp : Jan 13 13:18:22.111 2023 GMT
Extensions: none
Signature : ecdsa-with-SHA256
30:46:02:21:00:D7:64:94:14:AE:6B:80:BA:91:CE:F8:
1C:AF:B6:73:57:89:E5:F9:9B:7D:96:5A:00:CD:12:DF:
3D:CE:EF:48:F0:02:21:00:97:3D:BC:12:73:1D:6B:13:
E0:63:15:AC:19:95:58:CB:8F:FD:4F:B0:CD:0A:41:07:
2C:7C:70:D9:25:44:CB:C0
Signed Certificate Timestamp:
Version : v1 (0x0)
Log ID : 48:B0:E3:6B:DA:A6:47:34:0F:E5:6A:02:FA:9D:30:EB:
1C:52:01:CB:56:DD:2C:81:D9:BB:BF:AB:39:D8:84:73
Timestamp : Jan 13 13:18:22.046 2023 GMT
Extensions: none
Signature : ecdsa-with-SHA256
30:45:02:21:00:DE:5B:84:7B:61:A3:25:8C:27:70:90:
07:FD:62:60:51:21:32:05:15:90:58:47:0C:CF:E7:94:
4F:53:84:2C:21:02:20:0F:BC:F2:57:CA:9E:DA:DA:4C:
F0:25:7D:CF:ED:FA:87:E5:79:28:DE:B3:E1:0B:34:68:
5D:87:7A:5B:E4:24:0A
Signature Algorithm: sha256WithRSAEncryption
59:e4:4a:d8:a9:82:ba:9a:4a:f1:63:0c:6d:76:26:75:b3:3c:
74:be:c5:f7:3d:a7:91:92:f8:cf:06:2d:58:10:ed:f3:b8:d6:
fc:6c:ff:13:96:32:cd:4f:e9:87:24:85:0b:74:a2:c2:f6:0f:
f5:a7:d8:7d:76:8a:ae:e9:c9:58:2b:6e:00:6f:b9:cd:24:ee:
c4:42:c5:4c:16:85:9d:34:61:39:23:bf:c6:8e:95:c9:84:a9:
b2:e5:41:0f:44:78:d7:95:b9:cf:d9:74:bf:58:4f:e7:16:ff:
7c:40:30:c4:6c:4e:22:4d:cb:83:67:3a:93:bf:2b:c5:c5:9c:
1a:f2:43:a1:25:3b:84:f6:f7:53:6e:a8:85:ae:de:14:74:91:
30:06:0d:f2:07:d4:c4:08:ba:43:64:c5:e2:3f:da:ac:c5:41:
af:a4:37:e8:42:76:74:f7:13:bb:4a:7d:36:59:81:9b:c7:44:
df:89:73:b9:33:42:e8:60:c2:4d:61:5d:12:5a:10:f6:ef:ff:
33:89:14:50:e8:d6:9f:c6:b9:5c:2b:35:db:ad:ed:dd:36:b6:
25:f2:95:8a:ac:69:3f:9a:fe:1a:f8:15:28:6d:ea:18:5a:c2:
d2:62:18:af:40:78:b5:fa:5e:09:8f:53:f9:cc:f8:23:a1:83:
31:23:f4:c6