El uso del certificado raíz personal de Kaspersky Anti-Virus con Firefox se analiza en esta publicación.¿Qué CA emitió el certificado para https://www.google.com?.
Mi pregunta es (aparte de google.com) ¿es posible ver el certificado SSL del sitio web?
No quiero desactivar esta función, pero hasta donde sé, solo puedes ver el certificado raíz de Kaspersky.
Respuesta1
Al utilizar el certificado raíz personal de Kaspersky Anti-Virus, ¿puede ver el certificado del sitio web?
... ¿es posible ver el certificado SSL del propio sitio web?
Debería poder hacerlo, pero debe hacerlo fuera del navegador. Por ejemplo, aquí está Google usando OpenSSL s_client:
$ openssl s_client -connect www.google.com:443 -tls1 -servername www.google.com | openssl x509 -text -noout
...
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 3497310530607939837 (0x3088f165e61e80fd)
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=US, O=Google Inc, CN=Google Internet Authority G2
Validity
Not Before: Feb 11 11:17:05 2016 GMT
Not After : May 11 00:00:00 2016 GMT
Subject: C=US, ST=California, L=Mountain View, O=Google Inc, CN=www.google.com
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (2048 bit)
Modulus:
00:d4:90:20:6e:c9:e9:f7:1b:ce:57:59:b3:ee:45:
13:e1:e0:d1:7d:68:b2:05:69:c0:e1:0d:77:2c:89:
10:ea:b4:0a:d9:d5:5b:8d:a9:ac:9a:98:2b:b6:33:
1d:ba:53:8b:e0:1a:df:d9:01:fe:83:24:3f:6d:af:
0a:4b:c5:e0:de:75:7e:76:81:19:e0:c4:a8:ae:1f:
09:21:40:31:43:a7:52:d7:53:9c:f2:69:cc:2f:78:
ef:39:d8:ad:d4:b2:4b:7d:8c:c5:70:8b:90:c7:48:
f9:57:c2:69:85:b9:ba:4b:cb:17:f4:b1:1a:a9:e6:
50:60:ca:78:5a:7a:16:91:44:a9:56:4e:59:0f:93:
0d:23:a1:53:3c:5b:47:38:9d:76:ff:f7:b2:c2:ce:
fd:09:d7:49:48:5e:39:fb:71:e8:b8:90:59:44:ed:
85:14:15:a1:4b:67:a7:66:40:3b:04:58:0a:6c:06:
aa:df:71:f2:02:74:82:14:ad:4c:98:5a:09:53:82:
1e:40:2b:36:78:7e:31:8e:36:20:c5:c8:59:9a:dd:
8b:8e:24:2b:9e:8d:4f:94:d6:6b:0d:a2:7e:5e:a4:
7d:14:ac:c0:8a:17:5c:7a:c8:00:46:9c:24:75:50:
a5:be:ec:51:d1:60:99:2f:6d:94:17:77:ce:63:09:
01:29
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Extended Key Usage:
TLS Web Server Authentication, TLS Web Client Authentication
X509v3 Subject Alternative Name:
DNS:www.google.com
Authority Information Access:
CA Issuers - URI:http://pki.google.com/GIAG2.crt
OCSP - URI:http://clients1.google.com/ocsp
X509v3 Subject Key Identifier:
4F:C7:02:93:EC:46:43:9C:34:43:03:3E:CB:18:CB:4E:7A:B4:0E:DE
X509v3 Basic Constraints: critical
CA:FALSE
X509v3 Authority Key Identifier:
keyid:4A:DD:06:16:1B:BC:F6:68:B5:76:F5:81:B6:BB:62:1A:BA:5A:81:2F
X509v3 Certificate Policies:
Policy: 1.3.6.1.4.1.11129.2.5.1
Policy: 2.23.140.1.2.2
X509v3 CRL Distribution Points:
Full Name:
URI:http://pki.google.com/GIAG2.crl
Signature Algorithm: sha256WithRSAEncryption
19:5a:93:63:e9:3b:8a:f2:80:01:70:a9:02:8a:51:84:23:3b:
94:77:9b:4a:e1:38:d4:a1:8c:51:1d:67:79:a1:03:b5:1f:0d:
c7:77:d8:52:64:92:55:77:c0:d9:0e:1c:6a:ff:f2:a9:56:04:
66:90:66:ca:e1:21:4a:45:cd:06:09:64:23:58:75:3f:84:23:
7b:d1:c9:bb:d8:b2:d0:4f:f2:4a:09:9d:6e:cf:14:2a:8b:8e:
52:f7:a6:8b:16:14:bc:13:71:e7:b0:50:e8:a0:04:c0:c7:c6:
89:13:67:19:a0:41:da:99:83:48:bb:ed:e3:f5:b4:29:bf:bc:
2b:95:2c:3b:54:ca:cf:5a:df:00:51:47:2d:cd:5a:7d:fb:e0:
15:bf:34:9e:a0:8b:ff:ba:80:57:e0:d3:c5:71:12:df:48:49:
98:13:d1:95:ef:68:b4:f4:50:77:0e:51:3e:98:e5:8f:31:57:
a4:6a:8f:73:0b:9d:b4:ec:db:4d:04:c2:6a:ad:ec:5c:ac:02:
3a:0a:c1:96:f3:2a:53:02:f3:7a:19:94:17:80:ff:0f:4e:5d:
19:f4:b9:18:ba:89:dd:62:5d:01:39:da:4a:28:f8:32:39:84:
69:ef:5d:3b:5c:d0:9d:38:10:30:93:7b:2c:ee:0b:a2:9f:e5:
17:0c:cf:81
Puedes borrar elerror de verificación: num=20: no se puede obtener el certificado del emisor localproblema usando la -CAfileopción:
$ openssl s_client -connect www.google.com:443 -tls1 -servername www.google.com -CAfile GeoTrust-Root.pem