GO 獲取 pem 證書信息
openssl 客戶端查看證書信息:
[root@dnsserver test]# openssl x509 -noout -text -in ./client-release.pem
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 8536029279...
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=US, O=Apple Inc., OU=Apple Worldwide Developer Relations, CN=Apple Worldwide Developer Relations Certification Authority
Validity
Not Before: Dec 11 07:15:05 2017 GMT
Not After : Jan 10 07:15:05 2019 GMT
.....
.....
openssl 的 c 庫獲取 pem 格式的證書信息:
int parse_pem(const char* cert_file)
{
BIO *b = BIO_new_file(cert_file, "rb");
X509 * cert = PEM_read_bio_X509(b, NULL, NULL,NULL);
BIO_free(b);
if(cert==NULL) return -1;
ASN1_TIME *asn1_time = X509_get_notAfter(cert);
int64_t after = ASN1_to_timestamp(asn1_time);
printf("not after: %ld", after);
X509_free(cert);
return 0;
}
Go 語言獲取 pem 格式證書信息:
func parsePemFile(path string) {
certPEMBlock, err := ioutil.ReadFile(path)
if err != nil {
log.Fatalf(err)
return
}
//獲取證書信息 -----BEGIN CERTIFICATE----- -----END CERTIFICATE-----
//這裏返回的第二個值是證書中剩餘的 block, 一般是rsa私鑰 也就是 -----BEGIN RSA PRIVATE KEY 部分
//一般證書的有效期,組織信息等都在第一個部分裏
certDERBlock, _ := pem.Decode(certPEMBlock)
if certDERBlock == nil {
log.Fatalf(err)
return
}
x509Cert, err := x509.ParseCertificate(certDERBlock.Bytes)
if err != nil {
log.Fatalf(err)
return
}
log.Printf("certFile=%s, validation time %s ~ %s", path,
x509Cert.NotBefore.Format("2006-01-02 15:04"), x509Cert.NotAfter.Format("2006-01-02 15:04"))
}
證書生成過程可以參考 TLS with Go