サーバーに設定されているSSL証明書の中身をどのようにして見ることが出来るのか、そしてその中身を詳しく見ていく方法、SSL証明書がどのような階層構造で信頼されているのかを見る方法を説明します。実際にChromeブラウザでSSL証明書の中身を見てみたうえで、LinuxコマンドでSSL証明書の中身を詳しく見ていきます。
ウェブブラウザでSSLサーバーに設定されているSSL証明書情報を見てみる
まずWebブラウザでインターネット上でアクセス可能なウェブサーバーのSSL証明書を見てみます。Google ChromeブラウザでSSL証明書の情報を表示してみると、次のようにSSL証明書情報が表示されます。
ここでは Yahoo Japan (https://yahoo.co.jp)のSSL証明書を表示しています。SSL証明書は「edge01.yahoo.co.jp」というサーバーに設定されていて、このSSL証明書は「Cybertrust Japan SureServer CA G4」という認証局から発行されたものだとわかります。有効期限は「2024年9月20日金曜日 2:13:46」から「2025年10月19日日曜日 8:59:00」と設定されていて、この期間有効なSSL証明書だということがわかります。
さらに以下の証明書詳細タブを開くと、次のような画面が表示されます。「証明書の階層」には、SSL証明書がどのような組織によって発行されているか、それぞれを階層表示しています。「edge01.yahoo.co.jp」のSSL証明書は「Cubertrust Japan SureServer CA G4」という認証局から発行されたものだということが分かります。そして「Cubertrust Japan SureServer CA G4」という認証局は、さらに上位の認証局である「SECOM Trust Systems」という認証局によって認定されているということが分かります。
「証明書のフィールド」部分には「edge01.yahoo.co.jp」に設定されているSSL証明書の詳細情報が記載されています。それぞれの項目をクリックすることによって証明書情報を見ることが出来ます。
LinuxコマンドでSSLサーバーの証明書を見る方法
SSLサーバーに設定されているSSL証明書の情報を取得するには、次のコマンドを実行します。
$ openssl s_client -connect www.example.com:443 -showcerts < /dev/null実際に https://www.yahoo.co.jp/ のSSL証明書を取得すると、次のように表示されます。
$ openssl s_client -connect www.yahoo.co.jp:443 -showcerts < /dev/null
Connecting to 124.83.184.124
CONNECTED(00000003)
depth=2 C=JP, O=SECOM Trust Systems CO.,LTD., OU=Security Communication RootCA2
verify return:1
depth=1 C=JP, O=Cybertrust Japan Co., Ltd., CN=Cybertrust Japan SureServer CA G4
verify return:1
depth=0 C=JP, ST=Tokyo, L=Chiyoda-ku, O=LY Corporation, CN=edge01.yahoo.co.jp
verify return:1
---
Certificate chain
0 s:C=JP, ST=Tokyo, L=Chiyoda-ku, O=LY Corporation, CN=edge01.yahoo.co.jp
i:C=JP, O=Cybertrust Japan Co., Ltd., CN=Cybertrust Japan SureServer CA G4
a:PKEY: rsaEncryption, 2048 (bit); sigalg: RSA-SHA256
v:NotBefore: Sep 20 08:13:46 2024 GMT; NotAfter: Oct 19 14:59:00 2025 GMT
-----BEGIN CERTIFICATE-----
MIIPjDCCDnSgAwIBAgIUGP3q32y7F7PYQuwT+X26q8WiUpkwDQYJKoZIhvcNAQEL
BQAwXjELMAkGA1UEBhMCSlAxIzAhBgNVBAoTGkN5YmVydHJ1c3QgSmFwYW4gQ28u
LCBMdGQuMSowKAYDVQQDEyFDeWJlcnRydXN0IEphcGFuIFN1cmVTZXJ2ZXIgQ0Eg
RzQwHhcNMjQwOTIwMDgxMzQ2WhcNMjUxMDE5MTQ1OTAwWjBoMQswCQYDVQQGEwJK
UDEOMAwGA1UECBMFVG9reW8xEzARBgNVBAcTCkNoaXlvZGEta3UxFzAVBgNVBAoT
DkxZIENvcnBvcmF0aW9uMRswGQYDVQQDExJlZGdlMDEueWFob28uY28uanAwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDLcNTdTvcTZoRqR4QpPneJitAi
rGGOkj0aJAb/NnpM/xOrqlqUC67nYrdZAqSAlsxRwdOM56Yu0KaByBJjYAyb4STX
BhKze8ygcxg7FLZQ0MWXDCcs8VjXvwnDuwmtXUaZqeTAy+OsVX8LsI62+dtO0HCo
gr9ZUvBhgtZ/fDUV16MS2j25laRN0ozu8S8igpy2AlQuO4BttwkKzHkS7visi5/x
GLdS+95gsH8d8JEuvvrBk5cenWoKCxFMIM5AODdGE35ektlZMPjeohg8UCObEm+B
vLfoReeyDgSlzkc8myL5kbJliSECmhz9J+4RE1ZnFU0WESzEoEEymV/pgukzAgMB
AAGjggw2MIIMMjAMBgNVHRMBAf8EAjAAMGYGA1UdIARfMF0wCAYGZ4EMAQICMFEG
CSqDCIybEQEXATBEMEIGCCsGAQUFBwIBFjZodHRwczovL3d3dy5jeWJlcnRydXN0
Lm5lLmpwL3NzbC9yZXBvc2l0b3J5L2luZGV4Lmh0bWwwggjvBgNVHREEggjmMIII
4oISZWRnZTAxLnlhaG9vLmNvLmpwgg0qLnlhaG9vLmNvLmpwgg4qLnlhaG9vYXBp
cy5qcIIRKi5hbmUueWFob28uY28uanCCFiouYXVjdGlvbnMueWFob28uY28uanCC
FyouYXVjdGlvbnMueWFob29hcGlzLmpwghIqLmJveC55YWhvb2FwaXMuanCCCyou
YnNwYWNlLmpwghoqLmJ5bGluZXMubmV3cy55YWhvby5jby5qcIILKi5jLnlpbWcu
anCCFiouY2FybmF2aS55YWhvb2FwaXMuanCCDyouY2Fydmlldy5jby5qcIIVKi5j
YXJ2aWV3LnlhaG9vLmNvLmpwghgqLmNoaWVidWt1cm8ueWFob28uY28uanCCFSou
Y2xvcmRlci55YWhvby5jby5qcIIIKi5jdncuanCCESouZGlnaXRhbGd1aWRlLmpw
ghwqLmVhc3QuZWRnZS5zdG9yYWdlLXlhaG9vLmpwgh8qLmVhc3QuZWRnZS5zdG9y
YWdlLXlhaG9vYm94LmpwghcqLmVkZ2Uuc3RvcmFnZS15YWhvby5qcIITKi5lZGl0
LnlhaG9vYXBpcy5qcIIVKi5maW5hbmNlLnlhaG9vLmNvLmpwgg4qLmdlb2NpdGll
cy5qcIIeKi5nbG9iYWwuZWRnZS5zdG9yYWdlLXlhaG9vLmpwghIqLmd5YW8ueWFo
b28uY28uanCCGCouam9iY2F0YWxvZy55YWhvby5jby5qcIIVKi5saXN0aW5nLnlh
aG9vLmNvLmpwghIqLmxvY28ueWFob28uY28uanCCDioubHljb3JwLmNvLmpwghIq
Lm1haWwueWFob28uY28uanCCFyoubWFya2V0aW5nLnlhaG9vLmNvLmpwghsqLm1r
Y2xvdWQtYXBpLmNhcnZpZXcuY28uanCCFSoubWtpbWcuY2Fydmlldy5jby5qcIIQ
Ki5tcy55YWhvby5jby5qcIIUKi5seWNvcnAtc2VjdXJpdHkuanCCEioubmV3cy55
YWhvby5jby5qcIITKi5uZXdzLnlhaG9vYXBpcy5qcIITKi5vcmRlci55YWhvby5j
by5qcIIUKi5wb2ludHMueWFob28uY28uanCCESoucHNpLnlhaG9vLmNvLmpwghMq
LnB1c2gueWFob29hcGlzLmpwghUqLnNlYXJjaC55YWhvb2FwaXMuanCCFCouc2hv
cHBpbmcuYy55aW1nLmpwghYqLnNob3BwaW5nLnNydi55aW1nLmpwghYqLnNob3Bw
aW5nLnlhaG9vLmNvLmpwghcqLnNob3BwaW5nLnlhaG9vYXBpcy5qcIINY2Fydmll
dy5jby5qcIITKi5zdG9yZS55YWhvby5jby5qcIIUKi50cmF2ZWwueWFob28uY28u
anCCFCoud2FsbGV0LnlhaG9vLmNvLmpwghUqLndhbGxldC55YWhvb2FwaXMuanCC
GCoud2ViaG9zdGluZy55YWhvby5jby5qcIIcKi53ZXN0LmVkZ2Uuc3RvcmFnZS15
YWhvby5qcIIfKi53ZXN0LmVkZ2Uuc3RvcmFnZS15YWhvb2JveC5qcIIZKi54bWwu
bGlzdGluZy55YWhvby5jby5qcIIPKi55YWhvby1oZWxwLmpwgg8qLnlhaG9vLWxh
YnMuanCCDioueWFob28tbmV0LmpwggoqLnlhaG9vLmpwgg0qLnlhaG9vYm94Lmpw
ggkqLnlpbWcuanCCCioueWp0YWcuanCCEyoueWp0YWcueWFob28uY28uanCCFCou
eXMtaW5zdXJhbmNlLmNvLmpwghxhY3Rpdml0eS50cmF2ZWwueWFob28tbmV0Lmpw
ghNhZGQuZGlyLnlhaG9vLmNvLmpwghlhcGkueS5jbG9yZGVyLnlhaG9vLmNvLmpw
ghRhcmMuaGVscC55YWhvby5jby5qcIIZYml6dHgucG9pbnRzLnlhaG9vYXBpcy5q
cIIWKi5zbnNpbWcuY2Fydmlldy5jby5qcIIYY2dpMi5yLWFnZW50LnlhaG9vLmNv
Lmpwghdja3N5bmMucGRzcC55YWhvby5jby5qcIIUY20uZnJvbWEueWFob28uY28u
anCCG2NvbXBhc3MueW1vYmlsZS55YWhvby5jby5qcIIQY29udHJvbC55amRtcC5q
cIIZY3VzdG9tLnNlYXJjaC55YWhvby5jby5qcIIXZS5kZXZlbG9wZXIueWFob28u
Y28uanCCIGZlZWRiYWNrLmFkdmVydGlzaW5nLnlhaG9vLmNvLmpwgh1mZWVkYmFj
ay5wcmVtaWFkcy55YWhvby5jby5qcIIjZmVlZGJhY2sucHJvbW90aW9uYWxhZHMu
eWFob28uY28uanCCGmZvcm1zLmJ1c2luZXNzLnlhaG9vLmNvLmpwghdmcmFtZS5n
YW1lcy55YWhvby5jby5qcIIXaHJtLmdybXRyZXoueWFob28uY28uanCCEWltLm92
LnlhaG9vLmNvLmpwghlpbmZvLmhhdGFsaWtlLnlhaG9vLmNvLmpwghptb3ZpZS5j
aG9jb3RsZS55YWhvby5jby5qcIIbb25saW5lLnNlY3VyaXR5LnlhaG9vLmNvLmpw
ghZwYXRyb2wuc2hwLnlhaG9vLmNvLmpwghdwb2llZGl0Lm1hcC55YWhvby5jby5q
cIIhcG9ydGFsLnlhZHVpLmJ1c2luZXNzLnlhaG9vLmNvLmpwgiRzc2wtdG9vbHMu
a2FpbmF2aS5zZWFyY2gueWFob28uY28uanCCGHNzbC5hcGkub2xwLnlhaG9vYXBp
cy5qcIITc3NsLm1hcC5zcnYueWltZy5qcIIRd3d3LmJvc2FpZ3VpZGUuanCCFnd3
dy5sb2hhY28ueWFob28uY28uanCCEHd3dy5zZWFyY2gzMTEuanCCD3d3dy5zcC1o
aW5hbi5qcIISd3d3LnRlY2hiYXNldm4uY29tggt5YWhvby5jby5qcIIIeWFob28u
anCCBXlqLnBuggh5anRhZy5qcDCBiwYIKwYBBQUHAQEEfzB9MDUGCCsGAQUFBzAB
hilodHRwOi8vc3NvY3NwLmN5YmVydHJ1c3QubmUuanAvT2NzcFNlcnZlcjBEBggr
BgEFBQcwAoY4aHR0cDovL2NybC5jeWJlcnRydXN0Lm5lLmpwL1N1cmVTZXJ2ZXIv
b3ZjYWc0L292Y2FnNC5jcnQwDgYDVR0PAQH/BAQDAgWgMB0GA1UdJQQWMBQGCCsG
AQUFBwMBBggrBgEFBQcDAjAfBgNVHSMEGDAWgBRip9La3oW2kvGFvPbolZ11oPpO
HzBGBgNVHR8EPzA9MDugOaA3hjVodHRwOi8vY3JsLmN5YmVydHJ1c3QubmUuanAv
U3VyZVNlcnZlci9vdmNhZzQvY2RwLmNybDAdBgNVHQ4EFgQUydAV4R74j4Sd0q/R
rVe0O7o9lGYwggGABgorBgEEAdZ5AgQCBIIBcASCAWwBagB3ABLxTjS9U3JMhAYZ
w48/ehP457Vih4icbTAFhOvlhiY6AAABkg6ZoQkAAAQDAEgwRgIhAIWJI5184B+b
ycTB0Cn9qb7Mg6C1PpIQpOnqKgAWAGgAAiEAwIaV6Idetqe82oA3HLVHbcXbqkh7
rsfnx4joE3PeDFAAdwDd3Mo0ldfhFgXnlTL6x5/4PRxQ39sAOhQSdgosrLvIKgAA
AZIOmahsAAAEAwBIMEYCIQDxG0oZUCcH+7C3IcV73lYcZzZ7hDE07+B2YqIXf60+
0QIhAMtiiZZBtx16duqntJN9EllD4xeBzFEP50kgCsO+iai/AHYADeHyMCvTDcFA
YhIJ6lUu/Ed0fLHX6TDvDkIetH5OqjQAAAGSDpmx4QAABAMARzBFAiAE5YWbekjj
jQDIqhdtgBSgvjvyCC7++GfVT4ocSIw3LQIhAP7PDzqtORmxbkcPpnMOGp2xMcMk
5hWSGBZHZs3BFcBEMA0GCSqGSIb3DQEBCwUAA4IBAQAmfsj9O6uaOM22PN/FoBa4
OBzEH73mVthRbmM9b8Adj206xtUrWhC38QXkjmJCaUDRl7JcdxMvbjisP8p/xxEn
dnGH/2+aI122QioNtLF1GZriPuca6HBFa9P7KjMqVeqQHiEghL7TAVtZdpsE3F4F
CF2RSBVPAnenTMMQs5U04H87r2HznkofdvXYPAdZEubxICb/ufW4EtjCgplLeWpi
Onqziv9/t8ACB7zCR06HuR0fcXttUtrzsA+kh7sBmR2isTqm3UOMVYqZnkuEYxOh
sGFkA0BajCbpoaf6WdW4YpcDTPt4dn8bu+Q23yuLBnn77oTGDS+lrtzds2iIoQKT
-----END CERTIFICATE-----
1 s:C=JP, O=Cybertrust Japan Co., Ltd., CN=Cybertrust Japan SureServer CA G4
i:C=JP, O=SECOM Trust Systems CO.,LTD., OU=Security Communication RootCA2
a:PKEY: rsaEncryption, 2048 (bit); sigalg: RSA-SHA256
v:NotBefore: Dec 13 05:57:30 2023 GMT; NotAfter: May 29 05:00:39 2029 GMT
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgIQIrmxoHRkGFf3oBMy20K57DANBgkqhkiG9w0BAQsFADBd
MQswCQYDVQQGEwJKUDElMCMGA1UEChMcU0VDT00gVHJ1c3QgU3lzdGVtcyBDTy4s
TFRELjEnMCUGA1UECxMeU2VjdXJpdHkgQ29tbXVuaWNhdGlvbiBSb290Q0EyMB4X
DTIzMTIxMzA1NTczMFoXDTI5MDUyOTA1MDAzOVowXjELMAkGA1UEBhMCSlAxIzAh
BgNVBAoTGkN5YmVydHJ1c3QgSmFwYW4gQ28uLCBMdGQuMSowKAYDVQQDEyFDeWJl
cnRydXN0IEphcGFuIFN1cmVTZXJ2ZXIgQ0EgRzQwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDLbpxZqLE/CMQZFRT/jp5BpHFZm7ovoXVQZRmYZ4p4lZbg
IYoJtllMcaeF+Vdwf0CiS2ZngLMJs8Ril2gws3KJmMV08oDV3EyyPiDMkYrBDu1d
TVxR1I0hJSmmNS8wgPf3ppXZ5kY1+gfWbecVyuatdljiFpCRAhMMCpLu+7b7SmT0
SmgjQhrGeR42uzwbNO4y6BNKzLmS0GTUBAdFut2rbShghsxJOdJQ4/sENFJVG0JN
8wBLL3ROl6NamcvZe/N1WuNL0sd1aoRmG+I1kK4NgqwLSXCkDUidJvcsSVVUA8KU
EMBsRzuRJkL9SxiRMQEnoDl84c6gq+cosBAn0qzrAgMBAAGjggG4MIIBtDAdBgNV
HQ4EFgQUYqfS2t6FtpLxhbz26JWddaD6Th8wHwYDVR0jBBgwFoAUCoWpd2UFmHxA
gfgPlyw48QrsPM8wEgYDVR0TAQH/BAgwBgEB/wIBADAOBgNVHQ8BAf8EBAMCAQYw
SQYDVR0fBEIwQDA+oDygOoY4aHR0cDovL3JlcG9zaXRvcnkuc2Vjb210cnVzdC5u
ZXQvU0MtUm9vdDIvU0NSb290MkNSTC5jcmwwXAYDVR0gBFUwUzAIBgZngQwBAgIw
RwYKKoMIjJsbZIcFBDA5MDcGCCsGAQUFBwIBFitodHRwczovL3JlcG9zaXRvcnku
c2Vjb210cnVzdC5uZXQvU0MtUm9vdDIvMIGFBggrBgEFBQcBAQR5MHcwMAYIKwYB
BQUHMAGGJGh0dHA6Ly9zY3Jvb3RjYTIub2NzcC5zZWNvbXRydXN0Lm5ldDBDBggr
BgEFBQcwAoY3aHR0cDovL3JlcG9zaXRvcnkuc2Vjb210cnVzdC5uZXQvU0MtUm9v
dDIvU0NSb290MmNhLmNlcjAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIw
DQYJKoZIhvcNAQELBQADggEBAD5/Q3VJOvGwo0RBBcqipsahLnAFTd16IZzQEQAt
cRJeGJowGHFcVXvrI3bcz2EMEE+BD/It8X+eaN1Q3sEr8EZg+HeGmqBWiwaSivfR
4eHyJxrIrzOQ0T87/0Impfflgp8ut6+Wa/bGqA0KWXX4qQ90gQNuCX7Y4zyrJ+lI
zL8ilXKEM4kagzEGHbitR1C+6BfBtjwOnBMqFX+tEafy5b3vyzN04CJteyTRSlAE
0oHF8OR69kqG5eregNBSIC0gLEcvKZlQ5lOb0hia5p0G/VO2nZkzQrWCqrWW4jl9
httr0pfQZjC58EfNow1bgt/LoNvqVwmGEcX/d8fqp+hb788=
-----END CERTIFICATE-----
---
Server certificate
subject=C=JP, ST=Tokyo, L=Chiyoda-ku, O=LY Corporation, CN=edge01.yahoo.co.jp
issuer=C=JP, O=Cybertrust Japan Co., Ltd., CN=Cybertrust Japan SureServer CA G4
---
No client certificate CA names sent
Peer signing digest: SHA256
Peer signature type: RSA-PSS
Server Temp Key: X25519, 253 bits
---
SSL handshake has read 5816 bytes and written 396 bytes
Verification: OK
---
New, TLSv1.3, Cipher is TLS_AES_128_GCM_SHA256
Server public key is 2048 bit
This TLS version forbids renegotiation.
Compression: NONE
Expansion: NONE
No ALPN negotiated
Early data was not sent
Verify return code: 0 (ok)
---
DONEコマンド出力結果の最初の部分に証明書の階層構造が表示されます。先にブラウザで見たのと同じように、「edge01.yahoo.co.jp」のSSL証明書は「Cubertrust Japan SureServer CA G4」という認証局から発行されたものであり、そして「Cubertrust Japan SureServer CA G4」という認証局は、さらに上位の認証局である「SECOM Trust Systems」という認証局によって認定されているということが分かります。
depth=2 C=JP, O=SECOM Trust Systems CO.,LTD., OU=Security Communication RootCA2
verify return:1
depth=1 C=JP, O=Cybertrust Japan Co., Ltd., CN=Cybertrust Japan SureServer CA G4
verify return:1
depth=0 C=JP, ST=Tokyo, L=Chiyoda-ku, O=LY Corporation, CN=edge01.yahoo.co.jp
verify return:1以下のような「—–BEGIN CERTIFICATE—–」から「—–END CERTIFICATE—–」までの部分は、それぞれのSSL証明書の証明書データになっています。
-----BEGIN CERTIFICATE-----
MII.....
.....
-----END CERTIFICATE-----この証明書のデータをopensslコマンドで見てみると、さらに細かい情報を見ることが出来ます。先のコマンドで得られた1つ目の証明書データをx.pemというファイルに保存します。
$ cat x.pem
-----BEGIN CERTIFICATE-----
MIIPjDCCDnSgAwIBAgIUGP3q32y7F7PYQuwT+X26q8WiUpkwDQYJKoZIhvcNAQEL
BQAwXjELMAkGA1UEBhMCSlAxIzAhBgNVBAoTGkN5YmVydHJ1c3QgSmFwYW4gQ28u
LCBMdGQuMSowKAYDVQQDEyFDeWJlcnRydXN0IEphcGFuIFN1cmVTZXJ2ZXIgQ0Eg
RzQwHhcNMjQwOTIwMDgxMzQ2WhcNMjUxMDE5MTQ1OTAwWjBoMQswCQYDVQQGEwJK
UDEOMAwGA1UECBMFVG9reW8xEzARBgNVBAcTCkNoaXlvZGEta3UxFzAVBgNVBAoT
DkxZIENvcnBvcmF0aW9uMRswGQYDVQQDExJlZGdlMDEueWFob28uY28uanAwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDLcNTdTvcTZoRqR4QpPneJitAi
rGGOkj0aJAb/NnpM/xOrqlqUC67nYrdZAqSAlsxRwdOM56Yu0KaByBJjYAyb4STX
BhKze8ygcxg7FLZQ0MWXDCcs8VjXvwnDuwmtXUaZqeTAy+OsVX8LsI62+dtO0HCo
gr9ZUvBhgtZ/fDUV16MS2j25laRN0ozu8S8igpy2AlQuO4BttwkKzHkS7visi5/x
GLdS+95gsH8d8JEuvvrBk5cenWoKCxFMIM5AODdGE35ektlZMPjeohg8UCObEm+B
vLfoReeyDgSlzkc8myL5kbJliSECmhz9J+4RE1ZnFU0WESzEoEEymV/pgukzAgMB
AAGjggw2MIIMMjAMBgNVHRMBAf8EAjAAMGYGA1UdIARfMF0wCAYGZ4EMAQICMFEG
CSqDCIybEQEXATBEMEIGCCsGAQUFBwIBFjZodHRwczovL3d3dy5jeWJlcnRydXN0
Lm5lLmpwL3NzbC9yZXBvc2l0b3J5L2luZGV4Lmh0bWwwggjvBgNVHREEggjmMIII
4oISZWRnZTAxLnlhaG9vLmNvLmpwgg0qLnlhaG9vLmNvLmpwgg4qLnlhaG9vYXBp
cy5qcIIRKi5hbmUueWFob28uY28uanCCFiouYXVjdGlvbnMueWFob28uY28uanCC
FyouYXVjdGlvbnMueWFob29hcGlzLmpwghIqLmJveC55YWhvb2FwaXMuanCCCyou
YnNwYWNlLmpwghoqLmJ5bGluZXMubmV3cy55YWhvby5jby5qcIILKi5jLnlpbWcu
anCCFiouY2FybmF2aS55YWhvb2FwaXMuanCCDyouY2Fydmlldy5jby5qcIIVKi5j
YXJ2aWV3LnlhaG9vLmNvLmpwghgqLmNoaWVidWt1cm8ueWFob28uY28uanCCFSou
Y2xvcmRlci55YWhvby5jby5qcIIIKi5jdncuanCCESouZGlnaXRhbGd1aWRlLmpw
ghwqLmVhc3QuZWRnZS5zdG9yYWdlLXlhaG9vLmpwgh8qLmVhc3QuZWRnZS5zdG9y
YWdlLXlhaG9vYm94LmpwghcqLmVkZ2Uuc3RvcmFnZS15YWhvby5qcIITKi5lZGl0
LnlhaG9vYXBpcy5qcIIVKi5maW5hbmNlLnlhaG9vLmNvLmpwgg4qLmdlb2NpdGll
cy5qcIIeKi5nbG9iYWwuZWRnZS5zdG9yYWdlLXlhaG9vLmpwghIqLmd5YW8ueWFo
b28uY28uanCCGCouam9iY2F0YWxvZy55YWhvby5jby5qcIIVKi5saXN0aW5nLnlh
aG9vLmNvLmpwghIqLmxvY28ueWFob28uY28uanCCDioubHljb3JwLmNvLmpwghIq
Lm1haWwueWFob28uY28uanCCFyoubWFya2V0aW5nLnlhaG9vLmNvLmpwghsqLm1r
Y2xvdWQtYXBpLmNhcnZpZXcuY28uanCCFSoubWtpbWcuY2Fydmlldy5jby5qcIIQ
Ki5tcy55YWhvby5jby5qcIIUKi5seWNvcnAtc2VjdXJpdHkuanCCEioubmV3cy55
YWhvby5jby5qcIITKi5uZXdzLnlhaG9vYXBpcy5qcIITKi5vcmRlci55YWhvby5j
by5qcIIUKi5wb2ludHMueWFob28uY28uanCCESoucHNpLnlhaG9vLmNvLmpwghMq
LnB1c2gueWFob29hcGlzLmpwghUqLnNlYXJjaC55YWhvb2FwaXMuanCCFCouc2hv
cHBpbmcuYy55aW1nLmpwghYqLnNob3BwaW5nLnNydi55aW1nLmpwghYqLnNob3Bw
aW5nLnlhaG9vLmNvLmpwghcqLnNob3BwaW5nLnlhaG9vYXBpcy5qcIINY2Fydmll
dy5jby5qcIITKi5zdG9yZS55YWhvby5jby5qcIIUKi50cmF2ZWwueWFob28uY28u
anCCFCoud2FsbGV0LnlhaG9vLmNvLmpwghUqLndhbGxldC55YWhvb2FwaXMuanCC
GCoud2ViaG9zdGluZy55YWhvby5jby5qcIIcKi53ZXN0LmVkZ2Uuc3RvcmFnZS15
YWhvby5qcIIfKi53ZXN0LmVkZ2Uuc3RvcmFnZS15YWhvb2JveC5qcIIZKi54bWwu
bGlzdGluZy55YWhvby5jby5qcIIPKi55YWhvby1oZWxwLmpwgg8qLnlhaG9vLWxh
YnMuanCCDioueWFob28tbmV0LmpwggoqLnlhaG9vLmpwgg0qLnlhaG9vYm94Lmpw
ggkqLnlpbWcuanCCCioueWp0YWcuanCCEyoueWp0YWcueWFob28uY28uanCCFCou
eXMtaW5zdXJhbmNlLmNvLmpwghxhY3Rpdml0eS50cmF2ZWwueWFob28tbmV0Lmpw
ghNhZGQuZGlyLnlhaG9vLmNvLmpwghlhcGkueS5jbG9yZGVyLnlhaG9vLmNvLmpw
ghRhcmMuaGVscC55YWhvby5jby5qcIIZYml6dHgucG9pbnRzLnlhaG9vYXBpcy5q
cIIWKi5zbnNpbWcuY2Fydmlldy5jby5qcIIYY2dpMi5yLWFnZW50LnlhaG9vLmNv
Lmpwghdja3N5bmMucGRzcC55YWhvby5jby5qcIIUY20uZnJvbWEueWFob28uY28u
anCCG2NvbXBhc3MueW1vYmlsZS55YWhvby5jby5qcIIQY29udHJvbC55amRtcC5q
cIIZY3VzdG9tLnNlYXJjaC55YWhvby5jby5qcIIXZS5kZXZlbG9wZXIueWFob28u
Y28uanCCIGZlZWRiYWNrLmFkdmVydGlzaW5nLnlhaG9vLmNvLmpwgh1mZWVkYmFj
ay5wcmVtaWFkcy55YWhvby5jby5qcIIjZmVlZGJhY2sucHJvbW90aW9uYWxhZHMu
eWFob28uY28uanCCGmZvcm1zLmJ1c2luZXNzLnlhaG9vLmNvLmpwghdmcmFtZS5n
YW1lcy55YWhvby5jby5qcIIXaHJtLmdybXRyZXoueWFob28uY28uanCCEWltLm92
LnlhaG9vLmNvLmpwghlpbmZvLmhhdGFsaWtlLnlhaG9vLmNvLmpwghptb3ZpZS5j
aG9jb3RsZS55YWhvby5jby5qcIIbb25saW5lLnNlY3VyaXR5LnlhaG9vLmNvLmpw
ghZwYXRyb2wuc2hwLnlhaG9vLmNvLmpwghdwb2llZGl0Lm1hcC55YWhvby5jby5q
cIIhcG9ydGFsLnlhZHVpLmJ1c2luZXNzLnlhaG9vLmNvLmpwgiRzc2wtdG9vbHMu
a2FpbmF2aS5zZWFyY2gueWFob28uY28uanCCGHNzbC5hcGkub2xwLnlhaG9vYXBp
cy5qcIITc3NsLm1hcC5zcnYueWltZy5qcIIRd3d3LmJvc2FpZ3VpZGUuanCCFnd3
dy5sb2hhY28ueWFob28uY28uanCCEHd3dy5zZWFyY2gzMTEuanCCD3d3dy5zcC1o
aW5hbi5qcIISd3d3LnRlY2hiYXNldm4uY29tggt5YWhvby5jby5qcIIIeWFob28u
anCCBXlqLnBuggh5anRhZy5qcDCBiwYIKwYBBQUHAQEEfzB9MDUGCCsGAQUFBzAB
hilodHRwOi8vc3NvY3NwLmN5YmVydHJ1c3QubmUuanAvT2NzcFNlcnZlcjBEBggr
BgEFBQcwAoY4aHR0cDovL2NybC5jeWJlcnRydXN0Lm5lLmpwL1N1cmVTZXJ2ZXIv
b3ZjYWc0L292Y2FnNC5jcnQwDgYDVR0PAQH/BAQDAgWgMB0GA1UdJQQWMBQGCCsG
AQUFBwMBBggrBgEFBQcDAjAfBgNVHSMEGDAWgBRip9La3oW2kvGFvPbolZ11oPpO
HzBGBgNVHR8EPzA9MDugOaA3hjVodHRwOi8vY3JsLmN5YmVydHJ1c3QubmUuanAv
U3VyZVNlcnZlci9vdmNhZzQvY2RwLmNybDAdBgNVHQ4EFgQUydAV4R74j4Sd0q/R
rVe0O7o9lGYwggGABgorBgEEAdZ5AgQCBIIBcASCAWwBagB3ABLxTjS9U3JMhAYZ
w48/ehP457Vih4icbTAFhOvlhiY6AAABkg6ZoQkAAAQDAEgwRgIhAIWJI5184B+b
ycTB0Cn9qb7Mg6C1PpIQpOnqKgAWAGgAAiEAwIaV6Idetqe82oA3HLVHbcXbqkh7
rsfnx4joE3PeDFAAdwDd3Mo0ldfhFgXnlTL6x5/4PRxQ39sAOhQSdgosrLvIKgAA
AZIOmahsAAAEAwBIMEYCIQDxG0oZUCcH+7C3IcV73lYcZzZ7hDE07+B2YqIXf60+
0QIhAMtiiZZBtx16duqntJN9EllD4xeBzFEP50kgCsO+iai/AHYADeHyMCvTDcFA
YhIJ6lUu/Ed0fLHX6TDvDkIetH5OqjQAAAGSDpmx4QAABAMARzBFAiAE5YWbekjj
jQDIqhdtgBSgvjvyCC7++GfVT4ocSIw3LQIhAP7PDzqtORmxbkcPpnMOGp2xMcMk
5hWSGBZHZs3BFcBEMA0GCSqGSIb3DQEBCwUAA4IBAQAmfsj9O6uaOM22PN/FoBa4
OBzEH73mVthRbmM9b8Adj206xtUrWhC38QXkjmJCaUDRl7JcdxMvbjisP8p/xxEn
dnGH/2+aI122QioNtLF1GZriPuca6HBFa9P7KjMqVeqQHiEghL7TAVtZdpsE3F4F
CF2RSBVPAnenTMMQs5U04H87r2HznkofdvXYPAdZEubxICb/ufW4EtjCgplLeWpi
Onqziv9/t8ACB7zCR06HuR0fcXttUtrzsA+kh7sBmR2isTqm3UOMVYqZnkuEYxOh
sGFkA0BajCbpoaf6WdW4YpcDTPt4dn8bu+Q23yuLBnn77oTGDS+lrtzds2iIoQKT
-----END CERTIFICATE-----次にopensslコマンドでx.pemファイルに保存した証明書の内容を表示してみます。SSL証明書はx509という企画に沿っているものですので、opensslコマンドにx509オプションを付けてテスト形式でデータを表示しています。これによって次のように証明書の中身を表示できます。
$ openssl x509 -text -in x.pem
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
18:fd:ea:df:6c:bb:17:b3:d8:42:ec:13:f9:7d:ba:ab:c5:a2:52:99
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=JP, O=Cybertrust Japan Co., Ltd., CN=Cybertrust Japan SureServer CA G4
Validity
Not Before: Sep 20 08:13:46 2024 GMT
Not After : Oct 19 14:59:00 2025 GMT
Subject: C=JP, ST=Tokyo, L=Chiyoda-ku, O=LY Corporation, CN=edge01.yahoo.co.jp
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (2048 bit)
Modulus:
00:cb:70:d4:dd:4e:f7:13:66:84:6a:47:84:29:3e:
77:89:8a:d0:22:ac:61:8e:92:3d:1a:24:06:ff:36:
7a:4c:ff:13:ab:aa:5a:94:0b:ae:e7:62:b7:59:02:
a4:80:96:cc:51:c1:d3:8c:e7:a6:2e:d0:a6:81:c8:
12:63:60:0c:9b:e1:24:d7:06:12:b3:7b:cc:a0:73:
18:3b:14:b6:50:d0:c5:97:0c:27:2c:f1:58:d7:bf:
09:c3:bb:09:ad:5d:46:99:a9:e4:c0:cb:e3:ac:55:
7f:0b:b0:8e:b6:f9:db:4e:d0:70:a8:82:bf:59:52:
f0:61:82:d6:7f:7c:35:15:d7:a3:12:da:3d:b9:95:
a4:4d:d2:8c:ee:f1:2f:22:82:9c:b6:02:54:2e:3b:
80:6d:b7:09:0a:cc:79:12:ee:f8:ac:8b:9f:f1:18:
b7:52:fb:de:60:b0:7f:1d:f0:91:2e:be:fa:c1:93:
97:1e:9d:6a:0a:0b:11:4c:20:ce:40:38:37:46:13:
7e:5e:92:d9:59:30:f8:de:a2:18:3c:50:23:9b:12:
6f:81:bc:b7:e8:45:e7:b2:0e:04:a5:ce:47:3c:9b:
22:f9:91:b2:65:89:21:02:9a:1c:fd:27:ee:11:13:
56:67:15:4d:16:11:2c:c4:a0:41:32:99:5f:e9:82:
e9:33
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Basic Constraints: critical
CA:FALSE
X509v3 Certificate Policies:
Policy: 2.23.140.1.2.2
Policy: 1.2.392.200081.1.23.1
CPS: https://www.cybertrust.ne.jp/ssl/repository/index.html
X509v3 Subject Alternative Name:
DNS:edge01.yahoo.co.jp, DNS:*.yahoo.co.jp, DNS:*.yahooapis.jp, DNS:*.ane.yahoo.co.jp, DNS:*.auctions.yahoo.co.jp, DNS:*.auctions.yahooapis.jp, DNS:*.box.yahooapis.jp, DNS:*.bspace.jp, DNS:*.bylines.news.yahoo.co.jp, DNS:*.c.yimg.jp, DNS:*.carnavi.yahooapis.jp, DNS:*.carview.co.jp, DNS:*.carview.yahoo.co.jp, DNS:*.chiebukuro.yahoo.co.jp, DNS:*.clorder.yahoo.co.jp, DNS:*.cvw.jp, DNS:*.digitalguide.jp, DNS:*.east.edge.storage-yahoo.jp, DNS:*.east.edge.storage-yahoobox.jp, DNS:*.edge.storage-yahoo.jp, DNS:*.edit.yahooapis.jp, DNS:*.finance.yahoo.co.jp, DNS:*.geocities.jp, DNS:*.global.edge.storage-yahoo.jp, DNS:*.gyao.yahoo.co.jp, DNS:*.jobcatalog.yahoo.co.jp, DNS:*.listing.yahoo.co.jp, DNS:*.loco.yahoo.co.jp, DNS:*.lycorp.co.jp, DNS:*.mail.yahoo.co.jp, DNS:*.marketing.yahoo.co.jp, DNS:*.mkcloud-api.carview.co.jp, DNS:*.mkimg.carview.co.jp, DNS:*.ms.yahoo.co.jp, DNS:*.lycorp-security.jp, DNS:*.news.yahoo.co.jp, DNS:*.news.yahooapis.jp, DNS:*.order.yahoo.co.jp, DNS:*.points.yahoo.co.jp, DNS:*.psi.yahoo.co.jp, DNS:*.push.yahooapis.jp, DNS:*.search.yahooapis.jp, DNS:*.shopping.c.yimg.jp, DNS:*.shopping.srv.yimg.jp, DNS:*.shopping.yahoo.co.jp, DNS:*.shopping.yahooapis.jp, DNS:carview.co.jp, DNS:*.store.yahoo.co.jp, DNS:*.travel.yahoo.co.jp, DNS:*.wallet.yahoo.co.jp, DNS:*.wallet.yahooapis.jp, DNS:*.webhosting.yahoo.co.jp, DNS:*.west.edge.storage-yahoo.jp, DNS:*.west.edge.storage-yahoobox.jp, DNS:*.xml.listing.yahoo.co.jp, DNS:*.yahoo-help.jp, DNS:*.yahoo-labs.jp, DNS:*.yahoo-net.jp, DNS:*.yahoo.jp, DNS:*.yahoobox.jp, DNS:*.yimg.jp, DNS:*.yjtag.jp, DNS:*.yjtag.yahoo.co.jp, DNS:*.ys-insurance.co.jp, DNS:activity.travel.yahoo-net.jp, DNS:add.dir.yahoo.co.jp, DNS:api.y.clorder.yahoo.co.jp, DNS:arc.help.yahoo.co.jp, DNS:biztx.points.yahooapis.jp, DNS:*.snsimg.carview.co.jp, DNS:cgi2.r-agent.yahoo.co.jp, DNS:cksync.pdsp.yahoo.co.jp, DNS:cm.froma.yahoo.co.jp, DNS:compass.ymobile.yahoo.co.jp, DNS:control.yjdmp.jp, DNS:custom.search.yahoo.co.jp, DNS:e.developer.yahoo.co.jp, DNS:feedback.advertising.yahoo.co.jp, DNS:feedback.premiads.yahoo.co.jp, DNS:feedback.promotionalads.yahoo.co.jp, DNS:forms.business.yahoo.co.jp, DNS:frame.games.yahoo.co.jp, DNS:hrm.grmtrez.yahoo.co.jp, DNS:im.ov.yahoo.co.jp, DNS:info.hatalike.yahoo.co.jp, DNS:movie.chocotle.yahoo.co.jp, DNS:online.security.yahoo.co.jp, DNS:patrol.shp.yahoo.co.jp, DNS:poiedit.map.yahoo.co.jp, DNS:portal.yadui.business.yahoo.co.jp, DNS:ssl-tools.kainavi.search.yahoo.co.jp, DNS:ssl.api.olp.yahooapis.jp, DNS:ssl.map.srv.yimg.jp, DNS:www.bosaiguide.jp, DNS:www.lohaco.yahoo.co.jp, DNS:www.search311.jp, DNS:www.sp-hinan.jp, DNS:www.techbasevn.com, DNS:yahoo.co.jp, DNS:yahoo.jp, DNS:yj.pn, DNS:yjtag.jp
Authority Information Access:
OCSP - URI:http://ssocsp.cybertrust.ne.jp/OcspServer
CA Issuers - URI:http://crl.cybertrust.ne.jp/SureServer/ovcag4/ovcag4.crt
X509v3 Key Usage: critical
Digital Signature, Key Encipherment
X509v3 Extended Key Usage:
TLS Web Server Authentication, TLS Web Client Authentication
X509v3 Authority Key Identifier:
62:A7:D2:DA:DE:85:B6:92:F1:85:BC:F6:E8:95:9D:75:A0:FA:4E:1F
X509v3 CRL Distribution Points:
Full Name:
URI:http://crl.cybertrust.ne.jp/SureServer/ovcag4/cdp.crl
X509v3 Subject Key Identifier:
C9:D0:15:E1:1E:F8:8F:84:9D:D2:AF:D1:AD:57:B4:3B:BA:3D:94:66
CT Precertificate SCTs:
Signed Certificate Timestamp:
Version : v1 (0x0)
Log ID : 12:F1:4E:34:BD:53:72:4C:84:06:19:C3:8F:3F:7A:13:
F8:E7:B5:62:87:88:9C:6D:30:05:84:EB:E5:86:26:3A
Timestamp : Sep 20 08:43:22.249 2024 GMT
Extensions: none
Signature : ecdsa-with-SHA256
30:46:02:21:00:85:89:23:9D:7C:E0:1F:9B:C9:C4:C1:
D0:29:FD:A9:BE:CC:83:A0:B5:3E:92:10:A4:E9:EA:2A:
00:16:00:68:00:02:21:00:C0:86:95:E8:87:5E:B6:A7:
BC:DA:80:37:1C:B5:47:6D:C5:DB:AA:48:7B:AE:C7:E7:
C7:88:E8:13:73:DE:0C:50
Signed Certificate Timestamp:
Version : v1 (0x0)
Log ID : DD:DC:CA:34:95:D7:E1:16:05:E7:95:32:FA:C7:9F:F8:
3D:1C:50:DF:DB:00:3A:14:12:76:0A:2C:AC:BB:C8:2A
Timestamp : Sep 20 08:43:24.140 2024 GMT
Extensions: none
Signature : ecdsa-with-SHA256
30:46:02:21:00:F1:1B:4A:19:50:27:07:FB:B0:B7:21:
C5:7B:DE:56:1C:67:36:7B:84:31:34:EF:E0:76:62:A2:
17:7F:AD:3E:D1:02:21:00:CB:62:89:96:41:B7:1D:7A:
76:EA:A7:B4:93:7D:12:59:43:E3:17:81:CC:51:0F:E7:
49:20:0A:C3:BE:89:A8:BF
Signed Certificate Timestamp:
Version : v1 (0x0)
Log ID : 0D:E1:F2:30:2B:D3:0D:C1:40:62:12:09:EA:55:2E:FC:
47:74:7C:B1:D7:E9:30:EF:0E:42:1E:B4:7E:4E:AA:34
Timestamp : Sep 20 08:43:26.561 2024 GMT
Extensions: none
Signature : ecdsa-with-SHA256
30:45:02:20:04:E5:85:9B:7A:48:E3:8D:00:C8:AA:17:
6D:80:14:A0:BE:3B:F2:08:2E:FE:F8:67:D5:4F:8A:1C:
48:8C:37:2D:02:21:00:FE:CF:0F:3A:AD:39:19:B1:6E:
47:0F:A6:73:0E:1A:9D:B1:31:C3:24:E6:15:92:18:16:
47:66:CD:C1:15:C0:44
Signature Algorithm: sha256WithRSAEncryption
Signature Value:
26:7e:c8:fd:3b:ab:9a:38:cd:b6:3c:df:c5:a0:16:b8:38:1c:
c4:1f:bd:e6:56:d8:51:6e:63:3d:6f:c0:1d:8f:6d:3a:c6:d5:
2b:5a:10:b7:f1:05:e4:8e:62:42:69:40:d1:97:b2:5c:77:13:
2f:6e:38:ac:3f:ca:7f:c7:11:27:76:71:87:ff:6f:9a:23:5d:
b6:42:2a:0d:b4:b1:75:19:9a:e2:3e:e7:1a:e8:70:45:6b:d3:
fb:2a:33:2a:55:ea:90:1e:21:20:84:be:d3:01:5b:59:76:9b:
04:dc:5e:05:08:5d:91:48:15:4f:02:77:a7:4c:c3:10:b3:95:
34:e0:7f:3b:af:61:f3:9e:4a:1f:76:f5:d8:3c:07:59:12:e6:
f1:20:26:ff:b9:f5:b8:12:d8:c2:82:99:4b:79:6a:62:3a:7a:
b3:8a:ff:7f:b7:c0:02:07:bc:c2:47:4e:87:b9:1d:1f:71:7b:
6d:52:da:f3:b0:0f:a4:87:bb:01:99:1d:a2:b1:3a:a6:dd:43:
8c:55:8a:99:9e:4b:84:63:13:a1:b0:61:64:03:40:5a:8c:26:
e9:a1:a7:fa:59:d5:b8:62:97:03:4c:fb:78:76:7f:1b:bb:e4:
36:df:2b:8b:06:79:fb:ee:84:c6:0d:2f:a5:ae:dc:dd:b3:68:
88:a1:02:93
-----BEGIN CERTIFICATE-----
MIIPjDCCDnSgAwIBAgIUGP3q32y7F7PYQuwT+X26q8WiUpkwDQYJKoZIhvcNAQEL
BQAwXjELMAkGA1UEBhMCSlAxIzAhBgNVBAoTGkN5YmVydHJ1c3QgSmFwYW4gQ28u
LCBMdGQuMSowKAYDVQQDEyFDeWJlcnRydXN0IEphcGFuIFN1cmVTZXJ2ZXIgQ0Eg
RzQwHhcNMjQwOTIwMDgxMzQ2WhcNMjUxMDE5MTQ1OTAwWjBoMQswCQYDVQQGEwJK
UDEOMAwGA1UECBMFVG9reW8xEzARBgNVBAcTCkNoaXlvZGEta3UxFzAVBgNVBAoT
DkxZIENvcnBvcmF0aW9uMRswGQYDVQQDExJlZGdlMDEueWFob28uY28uanAwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDLcNTdTvcTZoRqR4QpPneJitAi
rGGOkj0aJAb/NnpM/xOrqlqUC67nYrdZAqSAlsxRwdOM56Yu0KaByBJjYAyb4STX
BhKze8ygcxg7FLZQ0MWXDCcs8VjXvwnDuwmtXUaZqeTAy+OsVX8LsI62+dtO0HCo
gr9ZUvBhgtZ/fDUV16MS2j25laRN0ozu8S8igpy2AlQuO4BttwkKzHkS7visi5/x
GLdS+95gsH8d8JEuvvrBk5cenWoKCxFMIM5AODdGE35ektlZMPjeohg8UCObEm+B
vLfoReeyDgSlzkc8myL5kbJliSECmhz9J+4RE1ZnFU0WESzEoEEymV/pgukzAgMB
AAGjggw2MIIMMjAMBgNVHRMBAf8EAjAAMGYGA1UdIARfMF0wCAYGZ4EMAQICMFEG
CSqDCIybEQEXATBEMEIGCCsGAQUFBwIBFjZodHRwczovL3d3dy5jeWJlcnRydXN0
Lm5lLmpwL3NzbC9yZXBvc2l0b3J5L2luZGV4Lmh0bWwwggjvBgNVHREEggjmMIII
4oISZWRnZTAxLnlhaG9vLmNvLmpwgg0qLnlhaG9vLmNvLmpwgg4qLnlhaG9vYXBp
cy5qcIIRKi5hbmUueWFob28uY28uanCCFiouYXVjdGlvbnMueWFob28uY28uanCC
FyouYXVjdGlvbnMueWFob29hcGlzLmpwghIqLmJveC55YWhvb2FwaXMuanCCCyou
YnNwYWNlLmpwghoqLmJ5bGluZXMubmV3cy55YWhvby5jby5qcIILKi5jLnlpbWcu
anCCFiouY2FybmF2aS55YWhvb2FwaXMuanCCDyouY2Fydmlldy5jby5qcIIVKi5j
YXJ2aWV3LnlhaG9vLmNvLmpwghgqLmNoaWVidWt1cm8ueWFob28uY28uanCCFSou
Y2xvcmRlci55YWhvby5jby5qcIIIKi5jdncuanCCESouZGlnaXRhbGd1aWRlLmpw
ghwqLmVhc3QuZWRnZS5zdG9yYWdlLXlhaG9vLmpwgh8qLmVhc3QuZWRnZS5zdG9y
YWdlLXlhaG9vYm94LmpwghcqLmVkZ2Uuc3RvcmFnZS15YWhvby5qcIITKi5lZGl0
LnlhaG9vYXBpcy5qcIIVKi5maW5hbmNlLnlhaG9vLmNvLmpwgg4qLmdlb2NpdGll
cy5qcIIeKi5nbG9iYWwuZWRnZS5zdG9yYWdlLXlhaG9vLmpwghIqLmd5YW8ueWFo
b28uY28uanCCGCouam9iY2F0YWxvZy55YWhvby5jby5qcIIVKi5saXN0aW5nLnlh
aG9vLmNvLmpwghIqLmxvY28ueWFob28uY28uanCCDioubHljb3JwLmNvLmpwghIq
Lm1haWwueWFob28uY28uanCCFyoubWFya2V0aW5nLnlhaG9vLmNvLmpwghsqLm1r
Y2xvdWQtYXBpLmNhcnZpZXcuY28uanCCFSoubWtpbWcuY2Fydmlldy5jby5qcIIQ
Ki5tcy55YWhvby5jby5qcIIUKi5seWNvcnAtc2VjdXJpdHkuanCCEioubmV3cy55
YWhvby5jby5qcIITKi5uZXdzLnlhaG9vYXBpcy5qcIITKi5vcmRlci55YWhvby5j
by5qcIIUKi5wb2ludHMueWFob28uY28uanCCESoucHNpLnlhaG9vLmNvLmpwghMq
LnB1c2gueWFob29hcGlzLmpwghUqLnNlYXJjaC55YWhvb2FwaXMuanCCFCouc2hv
cHBpbmcuYy55aW1nLmpwghYqLnNob3BwaW5nLnNydi55aW1nLmpwghYqLnNob3Bw
aW5nLnlhaG9vLmNvLmpwghcqLnNob3BwaW5nLnlhaG9vYXBpcy5qcIINY2Fydmll
dy5jby5qcIITKi5zdG9yZS55YWhvby5jby5qcIIUKi50cmF2ZWwueWFob28uY28u
anCCFCoud2FsbGV0LnlhaG9vLmNvLmpwghUqLndhbGxldC55YWhvb2FwaXMuanCC
GCoud2ViaG9zdGluZy55YWhvby5jby5qcIIcKi53ZXN0LmVkZ2Uuc3RvcmFnZS15
YWhvby5qcIIfKi53ZXN0LmVkZ2Uuc3RvcmFnZS15YWhvb2JveC5qcIIZKi54bWwu
bGlzdGluZy55YWhvby5jby5qcIIPKi55YWhvby1oZWxwLmpwgg8qLnlhaG9vLWxh
YnMuanCCDioueWFob28tbmV0LmpwggoqLnlhaG9vLmpwgg0qLnlhaG9vYm94Lmpw
ggkqLnlpbWcuanCCCioueWp0YWcuanCCEyoueWp0YWcueWFob28uY28uanCCFCou
eXMtaW5zdXJhbmNlLmNvLmpwghxhY3Rpdml0eS50cmF2ZWwueWFob28tbmV0Lmpw
ghNhZGQuZGlyLnlhaG9vLmNvLmpwghlhcGkueS5jbG9yZGVyLnlhaG9vLmNvLmpw
ghRhcmMuaGVscC55YWhvby5jby5qcIIZYml6dHgucG9pbnRzLnlhaG9vYXBpcy5q
cIIWKi5zbnNpbWcuY2Fydmlldy5jby5qcIIYY2dpMi5yLWFnZW50LnlhaG9vLmNv
Lmpwghdja3N5bmMucGRzcC55YWhvby5jby5qcIIUY20uZnJvbWEueWFob28uY28u
anCCG2NvbXBhc3MueW1vYmlsZS55YWhvby5jby5qcIIQY29udHJvbC55amRtcC5q
cIIZY3VzdG9tLnNlYXJjaC55YWhvby5jby5qcIIXZS5kZXZlbG9wZXIueWFob28u
Y28uanCCIGZlZWRiYWNrLmFkdmVydGlzaW5nLnlhaG9vLmNvLmpwgh1mZWVkYmFj
ay5wcmVtaWFkcy55YWhvby5jby5qcIIjZmVlZGJhY2sucHJvbW90aW9uYWxhZHMu
eWFob28uY28uanCCGmZvcm1zLmJ1c2luZXNzLnlhaG9vLmNvLmpwghdmcmFtZS5n
YW1lcy55YWhvby5jby5qcIIXaHJtLmdybXRyZXoueWFob28uY28uanCCEWltLm92
LnlhaG9vLmNvLmpwghlpbmZvLmhhdGFsaWtlLnlhaG9vLmNvLmpwghptb3ZpZS5j
aG9jb3RsZS55YWhvby5jby5qcIIbb25saW5lLnNlY3VyaXR5LnlhaG9vLmNvLmpw
ghZwYXRyb2wuc2hwLnlhaG9vLmNvLmpwghdwb2llZGl0Lm1hcC55YWhvby5jby5q
cIIhcG9ydGFsLnlhZHVpLmJ1c2luZXNzLnlhaG9vLmNvLmpwgiRzc2wtdG9vbHMu
a2FpbmF2aS5zZWFyY2gueWFob28uY28uanCCGHNzbC5hcGkub2xwLnlhaG9vYXBp
cy5qcIITc3NsLm1hcC5zcnYueWltZy5qcIIRd3d3LmJvc2FpZ3VpZGUuanCCFnd3
dy5sb2hhY28ueWFob28uY28uanCCEHd3dy5zZWFyY2gzMTEuanCCD3d3dy5zcC1o
aW5hbi5qcIISd3d3LnRlY2hiYXNldm4uY29tggt5YWhvby5jby5qcIIIeWFob28u
anCCBXlqLnBuggh5anRhZy5qcDCBiwYIKwYBBQUHAQEEfzB9MDUGCCsGAQUFBzAB
hilodHRwOi8vc3NvY3NwLmN5YmVydHJ1c3QubmUuanAvT2NzcFNlcnZlcjBEBggr
BgEFBQcwAoY4aHR0cDovL2NybC5jeWJlcnRydXN0Lm5lLmpwL1N1cmVTZXJ2ZXIv
b3ZjYWc0L292Y2FnNC5jcnQwDgYDVR0PAQH/BAQDAgWgMB0GA1UdJQQWMBQGCCsG
AQUFBwMBBggrBgEFBQcDAjAfBgNVHSMEGDAWgBRip9La3oW2kvGFvPbolZ11oPpO
HzBGBgNVHR8EPzA9MDugOaA3hjVodHRwOi8vY3JsLmN5YmVydHJ1c3QubmUuanAv
U3VyZVNlcnZlci9vdmNhZzQvY2RwLmNybDAdBgNVHQ4EFgQUydAV4R74j4Sd0q/R
rVe0O7o9lGYwggGABgorBgEEAdZ5AgQCBIIBcASCAWwBagB3ABLxTjS9U3JMhAYZ
w48/ehP457Vih4icbTAFhOvlhiY6AAABkg6ZoQkAAAQDAEgwRgIhAIWJI5184B+b
ycTB0Cn9qb7Mg6C1PpIQpOnqKgAWAGgAAiEAwIaV6Idetqe82oA3HLVHbcXbqkh7
rsfnx4joE3PeDFAAdwDd3Mo0ldfhFgXnlTL6x5/4PRxQ39sAOhQSdgosrLvIKgAA
AZIOmahsAAAEAwBIMEYCIQDxG0oZUCcH+7C3IcV73lYcZzZ7hDE07+B2YqIXf60+
0QIhAMtiiZZBtx16duqntJN9EllD4xeBzFEP50kgCsO+iai/AHYADeHyMCvTDcFA
YhIJ6lUu/Ed0fLHX6TDvDkIetH5OqjQAAAGSDpmx4QAABAMARzBFAiAE5YWbekjj
jQDIqhdtgBSgvjvyCC7++GfVT4ocSIw3LQIhAP7PDzqtORmxbkcPpnMOGp2xMcMk
5hWSGBZHZs3BFcBEMA0GCSqGSIb3DQEBCwUAA4IBAQAmfsj9O6uaOM22PN/FoBa4
OBzEH73mVthRbmM9b8Adj206xtUrWhC38QXkjmJCaUDRl7JcdxMvbjisP8p/xxEn
dnGH/2+aI122QioNtLF1GZriPuca6HBFa9P7KjMqVeqQHiEghL7TAVtZdpsE3F4F
CF2RSBVPAnenTMMQs5U04H87r2HznkofdvXYPAdZEubxICb/ufW4EtjCgplLeWpi
Onqziv9/t8ACB7zCR06HuR0fcXttUtrzsA+kh7sBmR2isTqm3UOMVYqZnkuEYxOh
sGFkA0BajCbpoaf6WdW4YpcDTPt4dn8bu+Q23yuLBnn77oTGDS+lrtzds2iIoQKT
-----END CERTIFICATE-----この証明書は「Issuer」が「Cybertrust Japan」となっていて、証明書発行者が誰であるかが分かります。また「Subject」が「edge01.yahoo.co.jp」となっていますので、Yahoo Japanが所有するサーバーに設定されている証明書だということも分かります。
Issuer: C=JP, O=Cybertrust Japan Co., Ltd., CN=Cybertrust Japan SureServer CA G4
.....
Subject: C=JP, ST=Tokyo, L=Chiyoda-ku, O=LY Corporation, CN=edge01.yahoo.co.jpもう1つの証明書データもy.pemというファイルに保存してopensslコマンドで内容を見てみましょう。
$ cat y.pem
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgIQIrmxoHRkGFf3oBMy20K57DANBgkqhkiG9w0BAQsFADBd
MQswCQYDVQQGEwJKUDElMCMGA1UEChMcU0VDT00gVHJ1c3QgU3lzdGVtcyBDTy4s
TFRELjEnMCUGA1UECxMeU2VjdXJpdHkgQ29tbXVuaWNhdGlvbiBSb290Q0EyMB4X
DTIzMTIxMzA1NTczMFoXDTI5MDUyOTA1MDAzOVowXjELMAkGA1UEBhMCSlAxIzAh
BgNVBAoTGkN5YmVydHJ1c3QgSmFwYW4gQ28uLCBMdGQuMSowKAYDVQQDEyFDeWJl
cnRydXN0IEphcGFuIFN1cmVTZXJ2ZXIgQ0EgRzQwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDLbpxZqLE/CMQZFRT/jp5BpHFZm7ovoXVQZRmYZ4p4lZbg
IYoJtllMcaeF+Vdwf0CiS2ZngLMJs8Ril2gws3KJmMV08oDV3EyyPiDMkYrBDu1d
TVxR1I0hJSmmNS8wgPf3ppXZ5kY1+gfWbecVyuatdljiFpCRAhMMCpLu+7b7SmT0
SmgjQhrGeR42uzwbNO4y6BNKzLmS0GTUBAdFut2rbShghsxJOdJQ4/sENFJVG0JN
8wBLL3ROl6NamcvZe/N1WuNL0sd1aoRmG+I1kK4NgqwLSXCkDUidJvcsSVVUA8KU
EMBsRzuRJkL9SxiRMQEnoDl84c6gq+cosBAn0qzrAgMBAAGjggG4MIIBtDAdBgNV
HQ4EFgQUYqfS2t6FtpLxhbz26JWddaD6Th8wHwYDVR0jBBgwFoAUCoWpd2UFmHxA
gfgPlyw48QrsPM8wEgYDVR0TAQH/BAgwBgEB/wIBADAOBgNVHQ8BAf8EBAMCAQYw
SQYDVR0fBEIwQDA+oDygOoY4aHR0cDovL3JlcG9zaXRvcnkuc2Vjb210cnVzdC5u
ZXQvU0MtUm9vdDIvU0NSb290MkNSTC5jcmwwXAYDVR0gBFUwUzAIBgZngQwBAgIw
RwYKKoMIjJsbZIcFBDA5MDcGCCsGAQUFBwIBFitodHRwczovL3JlcG9zaXRvcnku
c2Vjb210cnVzdC5uZXQvU0MtUm9vdDIvMIGFBggrBgEFBQcBAQR5MHcwMAYIKwYB
BQUHMAGGJGh0dHA6Ly9zY3Jvb3RjYTIub2NzcC5zZWNvbXRydXN0Lm5ldDBDBggr
BgEFBQcwAoY3aHR0cDovL3JlcG9zaXRvcnkuc2Vjb210cnVzdC5uZXQvU0MtUm9v
dDIvU0NSb290MmNhLmNlcjAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIw
DQYJKoZIhvcNAQELBQADggEBAD5/Q3VJOvGwo0RBBcqipsahLnAFTd16IZzQEQAt
cRJeGJowGHFcVXvrI3bcz2EMEE+BD/It8X+eaN1Q3sEr8EZg+HeGmqBWiwaSivfR
4eHyJxrIrzOQ0T87/0Impfflgp8ut6+Wa/bGqA0KWXX4qQ90gQNuCX7Y4zyrJ+lI
zL8ilXKEM4kagzEGHbitR1C+6BfBtjwOnBMqFX+tEafy5b3vyzN04CJteyTRSlAE
0oHF8OR69kqG5eregNBSIC0gLEcvKZlQ5lOb0hia5p0G/VO2nZkzQrWCqrWW4jl9
httr0pfQZjC58EfNow1bgt/LoNvqVwmGEcX/d8fqp+hb788=
-----END CERTIFICATE-----openssl x509 -text -in y.pem
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
22:b9:b1:a0:74:64:18:57:f7:a0:13:32:db:42:b9:ec
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=JP, O=SECOM Trust Systems CO.,LTD., OU=Security Communication RootCA2
Validity
Not Before: Dec 13 05:57:30 2023 GMT
Not After : May 29 05:00:39 2029 GMT
Subject: C=JP, O=Cybertrust Japan Co., Ltd., CN=Cybertrust Japan SureServer CA G4
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (2048 bit)
Modulus:
00:cb:6e:9c:59:a8:b1:3f:08:c4:19:15:14:ff:8e:
9e:41:a4:71:59:9b:ba:2f:a1:75:50:65:19:98:67:
8a:78:95:96:e0:21:8a:09:b6:59:4c:71:a7:85:f9:
57:70:7f:40:a2:4b:66:67:80:b3:09:b3:c4:62:97:
68:30:b3:72:89:98:c5:74:f2:80:d5:dc:4c:b2:3e:
20:cc:91:8a:c1:0e:ed:5d:4d:5c:51:d4:8d:21:25:
29:a6:35:2f:30:80:f7:f7:a6:95:d9:e6:46:35:fa:
07:d6:6d:e7:15:ca:e6:ad:76:58:e2:16:90:91:02:
13:0c:0a:92:ee:fb:b6:fb:4a:64:f4:4a:68:23:42:
1a:c6:79:1e:36:bb:3c:1b:34:ee:32:e8:13:4a:cc:
b9:92:d0:64:d4:04:07:45:ba:dd:ab:6d:28:60:86:
cc:49:39:d2:50:e3:fb:04:34:52:55:1b:42:4d:f3:
00:4b:2f:74:4e:97:a3:5a:99:cb:d9:7b:f3:75:5a:
e3:4b:d2:c7:75:6a:84:66:1b:e2:35:90:ae:0d:82:
ac:0b:49:70:a4:0d:48:9d:26:f7:2c:49:55:54:03:
c2:94:10:c0:6c:47:3b:91:26:42:fd:4b:18:91:31:
01:27:a0:39:7c:e1:ce:a0:ab:e7:28:b0:10:27:d2:
ac:eb
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
62:A7:D2:DA:DE:85:B6:92:F1:85:BC:F6:E8:95:9D:75:A0:FA:4E:1F
X509v3 Authority Key Identifier:
0A:85:A9:77:65:05:98:7C:40:81:F8:0F:97:2C:38:F1:0A:EC:3C:CF
X509v3 Basic Constraints: critical
CA:TRUE, pathlen:0
X509v3 Key Usage: critical
Certificate Sign, CRL Sign
X509v3 CRL Distribution Points:
Full Name:
URI:http://repository.secomtrust.net/SC-Root2/SCRoot2CRL.crl
X509v3 Certificate Policies:
Policy: 2.23.140.1.2.2
Policy: 1.2.392.200091.100.901.4
CPS: https://repository.secomtrust.net/SC-Root2/
Authority Information Access:
OCSP - URI:http://scrootca2.ocsp.secomtrust.net
CA Issuers - URI:http://repository.secomtrust.net/SC-Root2/SCRoot2ca.cer
X509v3 Extended Key Usage:
TLS Web Server Authentication, TLS Web Client Authentication
Signature Algorithm: sha256WithRSAEncryption
Signature Value:
3e:7f:43:75:49:3a:f1:b0:a3:44:41:05:ca:a2:a6:c6:a1:2e:
70:05:4d:dd:7a:21:9c:d0:11:00:2d:71:12:5e:18:9a:30:18:
71:5c:55:7b:eb:23:76:dc:cf:61:0c:10:4f:81:0f:f2:2d:f1:
7f:9e:68:dd:50:de:c1:2b:f0:46:60:f8:77:86:9a:a0:56:8b:
06:92:8a:f7:d1:e1:e1:f2:27:1a:c8:af:33:90:d1:3f:3b:ff:
42:26:a5:f7:e5:82:9f:2e:b7:af:96:6b:f6:c6:a8:0d:0a:59:
75:f8:a9:0f:74:81:03:6e:09:7e:d8:e3:3c:ab:27:e9:48:cc:
bf:22:95:72:84:33:89:1a:83:31:06:1d:b8:ad:47:50:be:e8:
17:c1:b6:3c:0e:9c:13:2a:15:7f:ad:11:a7:f2:e5:bd:ef:cb:
33:74:e0:22:6d:7b:24:d1:4a:50:04:d2:81:c5:f0:e4:7a:f6:
4a:86:e5:ea:de:80:d0:52:20:2d:20:2c:47:2f:29:99:50:e6:
53:9b:d2:18:9a:e6:9d:06:fd:53:b6:9d:99:33:42:b5:82:aa:
b5:96:e2:39:7d:86:db:6b:d2:97:d0:66:30:b9:f0:47:cd:a3:
0d:5b:82:df:cb:a0:db:ea:57:09:86:11:c5:ff:77:c7:ea:a7:
e8:5b:ef:cf
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgIQIrmxoHRkGFf3oBMy20K57DANBgkqhkiG9w0BAQsFADBd
MQswCQYDVQQGEwJKUDElMCMGA1UEChMcU0VDT00gVHJ1c3QgU3lzdGVtcyBDTy4s
TFRELjEnMCUGA1UECxMeU2VjdXJpdHkgQ29tbXVuaWNhdGlvbiBSb290Q0EyMB4X
DTIzMTIxMzA1NTczMFoXDTI5MDUyOTA1MDAzOVowXjELMAkGA1UEBhMCSlAxIzAh
BgNVBAoTGkN5YmVydHJ1c3QgSmFwYW4gQ28uLCBMdGQuMSowKAYDVQQDEyFDeWJl
cnRydXN0IEphcGFuIFN1cmVTZXJ2ZXIgQ0EgRzQwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDLbpxZqLE/CMQZFRT/jp5BpHFZm7ovoXVQZRmYZ4p4lZbg
IYoJtllMcaeF+Vdwf0CiS2ZngLMJs8Ril2gws3KJmMV08oDV3EyyPiDMkYrBDu1d
TVxR1I0hJSmmNS8wgPf3ppXZ5kY1+gfWbecVyuatdljiFpCRAhMMCpLu+7b7SmT0
SmgjQhrGeR42uzwbNO4y6BNKzLmS0GTUBAdFut2rbShghsxJOdJQ4/sENFJVG0JN
8wBLL3ROl6NamcvZe/N1WuNL0sd1aoRmG+I1kK4NgqwLSXCkDUidJvcsSVVUA8KU
EMBsRzuRJkL9SxiRMQEnoDl84c6gq+cosBAn0qzrAgMBAAGjggG4MIIBtDAdBgNV
HQ4EFgQUYqfS2t6FtpLxhbz26JWddaD6Th8wHwYDVR0jBBgwFoAUCoWpd2UFmHxA
gfgPlyw48QrsPM8wEgYDVR0TAQH/BAgwBgEB/wIBADAOBgNVHQ8BAf8EBAMCAQYw
SQYDVR0fBEIwQDA+oDygOoY4aHR0cDovL3JlcG9zaXRvcnkuc2Vjb210cnVzdC5u
ZXQvU0MtUm9vdDIvU0NSb290MkNSTC5jcmwwXAYDVR0gBFUwUzAIBgZngQwBAgIw
RwYKKoMIjJsbZIcFBDA5MDcGCCsGAQUFBwIBFitodHRwczovL3JlcG9zaXRvcnku
c2Vjb210cnVzdC5uZXQvU0MtUm9vdDIvMIGFBggrBgEFBQcBAQR5MHcwMAYIKwYB
BQUHMAGGJGh0dHA6Ly9zY3Jvb3RjYTIub2NzcC5zZWNvbXRydXN0Lm5ldDBDBggr
BgEFBQcwAoY3aHR0cDovL3JlcG9zaXRvcnkuc2Vjb210cnVzdC5uZXQvU0MtUm9v
dDIvU0NSb290MmNhLmNlcjAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIw
DQYJKoZIhvcNAQELBQADggEBAD5/Q3VJOvGwo0RBBcqipsahLnAFTd16IZzQEQAt
cRJeGJowGHFcVXvrI3bcz2EMEE+BD/It8X+eaN1Q3sEr8EZg+HeGmqBWiwaSivfR
4eHyJxrIrzOQ0T87/0Impfflgp8ut6+Wa/bGqA0KWXX4qQ90gQNuCX7Y4zyrJ+lI
zL8ilXKEM4kagzEGHbitR1C+6BfBtjwOnBMqFX+tEafy5b3vyzN04CJteyTRSlAE
0oHF8OR69kqG5eregNBSIC0gLEcvKZlQ5lOb0hia5p0G/VO2nZkzQrWCqrWW4jl9
httr0pfQZjC58EfNow1bgt/LoNvqVwmGEcX/d8fqp+hb788=
-----END CERTIFICATE-----このSSL証明書は「Issuer」が「SECOM Trust Systems」となっていて、SSL証明書発行者が誰であるかが分かります。また「Subject」が「Cybertrust Japan SureServer CA G4」となっていますので、「SECOM Trust Systems」が「Cybertrust Japan SureServer CA G4」という認証局に対してSSL証明書発行している、という事がわかります。
Issuer: C=JP, O=SECOM Trust Systems CO.,LTD., OU=Security Communication RootCA2
.....
Subject: C=JP, O=Cybertrust Japan Co., Ltd., CN=Cybertrust Japan SureServer CA G4このようにして、サーバーに設定されているSSL証明書の内容と、SSL証明書がどのような階層構造に基づいて信頼されているかという階層構造を簡単に確認することが出来ます。
SSL証明書の階層の整合性を確認する
Yahoo Japanに発行されたSSL証明書は、Cybertrust Japanから発行されたSSL証明書です。この整合性を確認するためには、以下のようにしてYahoo JapanのSSL証明書の発行者のハッシュ値と、上位認証局のSSL証明書の中のSubject値のハッシュ値を比較することで確認することが出来ます。
Yahoo Japanの証明書内の「Issuer」というのは、Yahoo Japanに対してSSL証明書を発行した認証局(Cybertrust Japan)を指しています。一方、Cybertrust Japanの証明書内の「Subject」というのは、証明書を発行した主体であるCybertrust Japan自身を指しています。2つの証明書の発行者と認証局名を比較することで、証明書階層の整合性を確認できるわけです。
# Yahoo Japan のSSL証明書の発行者のハッシュ値
$ openssl x509 -issuer_hash -noout -in x.pem
05429e4e
# Yahoo Japan にSSL証明書を発行した認証局のハッシュ値
$ openssl x509 -subject_hash -noout -in y.pem
05429e4eこのようにハッシュ値の値が一致していれば整合性が取れていると言えます。
まとめ
opensslコマンドを活用することでインターネット上でアクセス可能なサーバーのSSL証明書の中身を詳しく見ることが出来ます。自分がアクセスしているウェブサイトの証明書がどの企業の認証局で発行されたものなのかを知ることが出来て、どのように証明書が信頼されているのかもわかるようになります。
