X.509 憑證解碼器

X.509 憑證解碼器

上傳或拖放憑證檔案,或在下方貼上憑證文本。

📁 點擊此處或拖放憑證檔案 (.pem, .crt, .cer, .der)

測試用範例憑證鏈 (GitHub)

從網站匯出憑證鏈

要檢索和分析網站的憑證鏈,請使用以下命令:

Linux / macOS

openssl s_client -connect neo01.com:443 -showcerts < /dev/null 2>/dev/null | openssl x509 -text

儲存完整的憑證鏈:

openssl s_client -connect neo01.com:443 -showcerts < /dev/null 2>/dev/null > cert_chain.pem

注意:以上命令顯示伺服器發送的憑證鏈,通常不包括根憑證(它被假定在您系統的信任儲存中)。

Windows (PowerShell)

$url = "neo01.com"
$port = 443
$tcpClient = New-Object System.Net.Sockets.TcpClient($url, $port)
$sslStream = New-Object System.Net.Security.SslStream($tcpClient.GetStream(), $false)
$sslStream.AuthenticateAsClient($url)
$cert = $sslStream.RemoteCertificate
$certChain = New-Object System.Security.Cryptography.X509Certificates.X509Chain
$certChain.Build([System.Security.Cryptography.X509Certificates.X509Certificate2]$cert)
foreach ($element in $certChain.ChainElements) {
    "-----BEGIN CERTIFICATE-----"
    [Convert]::ToBase64String($element.Certificate.RawData, [System.Base64FormattingOptions]::InsertLineBreaks)
    "-----END CERTIFICATE-----"
}
$sslStream.Close()
$tcpClient.Close()

Windows (OpenSSL)

如果您在 Windows 上安裝了 OpenSSL(輸出憑證和連線資訊):

cmd /c "openssl s_client -connect neo01.com:443 -showcerts < NUL"

注意:以上命令顯示伺服器發送的憑證鏈,通常不包括根憑證(它被假定在您系統的信任儲存中)。

分享到