2019年6月25日 星期二

「小技巧」取得網站的Root-CA


透過OpenSSl 可以方便取得指定網站的Root-CA 

openssl s_client -showcerts -connect japaneast.api.cognitive.microsoft.com:443

回應值如下
CONNECTED(00000005)
depth=2 C = IE, O = Baltimore, OU = CyberTrust, CN = Baltimore CyberTrust Root
verify return:1
depth=1 C = US, ST = Washington, L = Redmond, O = Microsoft Corporation, OU = Microsoft IT, CN = Microsoft IT TLS CA 2
verify return:1
depth=0 CN = *.cognitiveservices.azure.com
verify return:1
---
Certificate chain
 0 s:/CN=*.cognitiveservices.azure.com
   i:/C=US/ST=Washington/L=Redmond/O=Microsoft Corporation/OU=Microsoft IT/CN=Microsoft IT TLS CA 2
-----BEGIN CERTIFICATE-----
MIIIxzCCBq+gAwIBAgITIAAFRAs77OdnDzBu6AAAAAVECzANBgkqhkiG9w0BAQsF
ADCBizELMAkGA1UEBhMCVVMxEzARBgNVBAgTCldhc2hpbmd0b24xEDAOBgNVBAcT
B1JlZG1vbmQxHjAcBgNVBAoTFU1pY3Jvc29mdCBDb3Jwb3JhdGlvbjEVMBMGA1UE
CxMMTWljcm9zb2Z0IElUMR4wHAYDVQQDExVNaWNyb3NvZnQgSVQgVExTIENBIDIw
HhcNMTkwMTIzMDYwNTQ3WhcNMjEwMTIzMDYwNTQ3WjAoMSYwJAYDVQQDDB0qLmNv
Z25pdGl2ZXNlcnZpY2VzLmF6dXJlLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEP
ADCCAQoCggEBAK2pLnlTsiv2lGiw9g/1OFdt4MBKw2vRuxnDLWyPUWw0i4bRlRcD
oNua0v2Q41MSK613TWU3k00t0GqYEm8RwxUkvCU9Yrxvb7cRrKix5kb9wQs1IKFM
0zBtRJUGPfx6+Zzw8AOP72b0/WbFHBSpmrVjIzoOXqSO3Xjhia05j4Xj4bkEx6cl
oweFzKXFlE2bT7GQZBaXoJ7zvH8nxjkf8OdVja++V7KBZ1lvnPyySD9c91iboojj
s8mugyk+aVdypnCT32cZfRMl88Vbm0eFRpAtsOfdN3AqDPt61iezd3N5A34ePDsg
HEOkuvIv7hBSvkY61wZZTMqfM/7b0tNvLOcCAwEAAaOCBIQwggSAMIIB9wYKKwYB
BAHWeQIEAgSCAecEggHjAeEAdgDuS723dc5guuFCaR+r4Z5mow9+X7By2IMAxHuJ
eqj9ywAAAWh5WbuoAAAEAwBHMEUCIQCpiobqLhY3FC4nMB6S6RdvVvHgI9wEDhSS
V7cJPYgB7wIgetEXIOZ4yqqZaKtlEcXGqQjd0CUFOJBXm4UPUI7QvFQAdwBVgdTC
FpA2AUrqC5tXPFPwwOQ4eHAlCBcvo6odBxPTDAAAAWh5Wbz9AAAEAwBIMEYCIQC5
sH1CnlDtZKLDj0FcLWKPBo1WpadkJ1lCxBB59zrYOgIhALxzYNrTjpzJERn3ff/U
XG4TeAtx3Usb9DRZ0i1mmOWFAHYAh3W/51l8+IxDmV+9827/Vo1HVjb/SrVgwbTq
/16ggw8AAAFoeVm8twAABAMARzBFAiEA84pa6np0EEtH0PGTct8uqBobMTvz8S2l
Z9179Ua8PLUCIHHh7bM5lWS3QU+qPNhKBxq2Fjy+EzlGrQhYeNW58J5vAHYARJRl
LrDuzq/EQAfYqP4owNrmgr7YyzG1P9MzlrW2gagAAAFoeVm7sAAABAMARzBFAiBY
3QdvnGqCuVWbrhs9qbH1yAffQOCdnERU6exV//9o/AIhAJX7WU19XamV5nXv/v6f
CaufCaABHdW4jivgkM8I9RfXMCcGCSsGAQQBgjcVCgQaMBgwCgYIKwYBBQUHAwIw
CgYIKwYBBQUHAwEwPgYJKwYBBAGCNxUHBDEwLwYnKwYBBAGCNxUIh9qGdYPu2QGC
yYUbgbWeYYX062CBXYTS30KC55N6AgFkAgEdMIGFBggrBgEFBQcBAQR5MHcwUQYI
KwYBBQUHMAKGRWh0dHA6Ly93d3cubWljcm9zb2Z0LmNvbS9wa2kvbXNjb3JwL01p
Y3Jvc29mdCUyMElUJTIwVExTJTIwQ0ElMjAyLmNydDAiBggrBgEFBQcwAYYWaHR0
cDovL29jc3AubXNvY3NwLmNvbTAdBgNVHQ4EFgQUOajTQtEUdpIKprWd8liIwJoK
m0wwCwYDVR0PBAQDAgSwMCgGA1UdEQQhMB+CHSouY29nbml0aXZlc2VydmljZXMu
YXp1cmUuY29tMIGsBgNVHR8EgaQwgaEwgZ6ggZuggZiGS2h0dHA6Ly9tc2NybC5t
aWNyb3NvZnQuY29tL3BraS9tc2NvcnAvY3JsL01pY3Jvc29mdCUyMElUJTIwVExT
JTIwQ0ElMjAyLmNybIZJaHR0cDovL2NybC5taWNyb3NvZnQuY29tL3BraS9tc2Nv
cnAvY3JsL01pY3Jvc29mdCUyMElUJTIwVExTJTIwQ0ElMjAyLmNybDBNBgNVHSAE
RjBEMEIGCSsGAQQBgjcqATA1MDMGCCsGAQUFBwIBFidodHRwOi8vd3d3Lm1pY3Jv
c29mdC5jb20vcGtpL21zY29ycC9jcHMwHwYDVR0jBBgwFoAUkZ47RGw9V5xCdyo0
10/RzEqXLNowHQYDVR0lBBYwFAYIKwYBBQUHAwIGCCsGAQUFBwMBMA0GCSqGSIb3
DQEBCwUAA4ICAQCCfSpc+ZzdzXIU8b4fW8jveZdME9QuaDGLC/OXZNyiJjo0nZSI
dAKgtEu0ME71/OiOoDAoY94/PfiGDWSOI3joWFrg20mbI18XYQHz8ukm5yqyOhtI
Lz7kKHpdx/O8cADUzpfsL7l8QKznZmhvoDY3XBX08V1ClHllqtwKBzyVB38wdruW
XznBrf0CkV5MrSL8Jugq7vYQAiVK7VbAkSvZ7M8h6dGXRvdwLl9trN0zIx5bjDIF
wdTnxAfVKeO8PD+FXvLw75jgiFTvJqBxvbfcig5XvfqaD4aQKOAQDOhV3thiStDm
/2K8OPljtTd3evjX4yjyx+FoPoFiJZaMSE3j2jW1cmQt4eNSDB6OktmdjAcy2+gS
PM74zWRUd50mtEnhmCGsL0ef/jZLc7is4HVaUv2653GYBs7eCS454MZ1oCsDW6SC
HZXnfCJf00w80NdKSNpaiz58LvONLzuiuwXEFFU8qG2YeYAvgWnOPutAj5y3DEJR
xMrDvxVKQGcV7kaU4aDEp8ulwsS8IgMwQhuFgxbKFOEkrTPVPgyZDaNuSL02kefz
uykzE1BpG6gnuETzzPJrh94VZk7r31L29IYYLFcyY8Nhf42D+ES8iA/vCm9KidS9
7SzH4EHYXDrylkaWu9rH6LeThlmIhhzyrbeL/y4GwFdMPjc80zKNSXK0hw==
-----END CERTIFICATE-----
 1 s:/C=US/ST=Washington/L=Redmond/O=Microsoft Corporation/OU=Microsoft IT/CN=Microsoft IT TLS CA 2
   i:/C=IE/O=Baltimore/OU=CyberTrust/CN=Baltimore CyberTrust Root
-----BEGIN CERTIFICATE-----
MIIFtDCCBJygAwIBAgIQDywQyVsGwJN/uNRJ+D6FaTANBgkqhkiG9w0BAQsFADBa
MQswCQYDVQQGEwJJRTESMBAGA1UEChMJQmFsdGltb3JlMRMwEQYDVQQLEwpDeWJl
clRydXN0MSIwIAYDVQQDExlCYWx0aW1vcmUgQ3liZXJUcnVzdCBSb290MB4XDTE2
MDUyMDEyNTE1N1oXDTI0MDUyMDEyNTE1N1owgYsxCzAJBgNVBAYTAlVTMRMwEQYD
VQQIEwpXYXNoaW5ndG9uMRAwDgYDVQQHEwdSZWRtb25kMR4wHAYDVQQKExVNaWNy
b3NvZnQgQ29ycG9yYXRpb24xFTATBgNVBAsTDE1pY3Jvc29mdCBJVDEeMBwGA1UE
AxMVTWljcm9zb2Z0IElUIFRMUyBDQSAyMIICIjANBgkqhkiG9w0BAQEFAAOCAg8A
MIICCgKCAgEAnqoVwRuhY1/mURjFFrsR3AtNm5EKukBJK9zWBgvFd1ksNEJFC06o
yRbwKPMflpW/HtOfzIeBliGk57MwZq18bgASr70sPUWuoD917HUgBfxBYoF8zA7Z
Ie5zAHODFboJL7Fg/apgbQs/GiZZNCi0QkQUWzw0nTUmVSNQ0mz6pCu95Dv1WMsL
GyPGfdN9zD3Q/QEDyJ695QgjRIxYA1DUE+54ti2k6r0ycKFQYkyWwZ25HD1h2kYt
3ovW85vF6y7tjTqUEcLbgKUCB81/955hdLLsbFd6f9o2PkU8xuOc3U+bUedvv6Sb
tvGjBEZeFyH8/CaQhzlsKMH0+OPOFv/bMqcLarPw1V1sOV1bl4W9vi2278niblzI
bEHt7nN888p4KNIwqCcXaGhbtS4tjn3NKI6v1d2XRyxIvCJDjgoZ09zF39Pyoe92
sSRikZh7xns4tQEQ8BCs4o5NBSx8UxEsgyzNSskWGEWqsIjt+7+A1skDDZv6k2o8
VCHNbTLFKS7d72wMI4ErpzVsBIicxaG2ezuMBBuqThxIiJ+G9zfoP9lxim/9rvJA
xbh3nujA1VJfkOYTJIojEAYCxR3QjEoGdapJmBle97AfqEBnwoJsu2wav8h9v+po
DL4h6dRzRUxY1DHypcFlXGoHu/REQgFLq2IN30/AhQLN90Pj9TT2RQECAwEAAaOC
AUIwggE+MB0GA1UdDgQWBBSRnjtEbD1XnEJ3KjTXT9HMSpcs2jAfBgNVHSMEGDAW
gBTlnVkwgkdYzKz6CFQ2hns6tQRN8DASBgNVHRMBAf8ECDAGAQH/AgEAMA4GA1Ud
DwEB/wQEAwIBhjAnBgNVHSUEIDAeBggrBgEFBQcDAQYIKwYBBQUHAwIGCCsGAQUF
BwMJMDQGCCsGAQUFBwEBBCgwJjAkBggrBgEFBQcwAYYYaHR0cDovL29jc3AuZGln
aWNlcnQuY29tMDoGA1UdHwQzMDEwL6AtoCuGKWh0dHA6Ly9jcmwzLmRpZ2ljZXJ0
LmNvbS9PbW5pcm9vdDIwMjUuY3JsMD0GA1UdIAQ2MDQwMgYEVR0gADAqMCgGCCsG
AQUFBwIBFhxodHRwczovL3d3dy5kaWdpY2VydC5jb20vQ1BTMA0GCSqGSIb3DQEB
CwUAA4IBAQBsf+pqb89rW8E0rP/cDuB9ixMX4C9OWQ7EA7n0BSllR64ZmuhU9mTV
2L0G4HEiGXvOmt15i99wJ0ho2/dvMxm1ZeufkAfMuEc5fQ9RE5ENgNR2UCuFB2Bt
bVmaKUAWxscN4GpXS4AJv+/HS0VXs5Su19J0DA8Bg+lo8ekCl4dq2G1m1WsCvFBI
oLIjd4neCLlGoxT2jA43lj2JpQ/SMkLkLy9DXj/JHdsqJDR5ogcij4VIX8V+bVD0
NCw7kQa6Ulq9Zo0jDEq1at4zSeH4mV2PMM3LwIXBA2xo5sda1cnUWJo3Pq4uMgcL
e0t+fCut38NMkTl8F0arflspaqUVVUov
-----END CERTIFICATE-----
---
Server certificate
subject=/CN=*.cognitiveservices.azure.com
issuer=/C=US/ST=Washington/L=Redmond/O=Microsoft Corporation/OU=Microsoft IT/CN=Microsoft IT TLS CA 2
---
No client certificate CA names sent
Server Temp Key: ECDH, P-384, 384 bits
---
SSL handshake has read 4513 bytes and written 358 bytes
---
New, TLSv1/SSLv3, Cipher is ECDHE-RSA-AES256-GCM-SHA384
Server public key is 2048 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
SSL-Session:
    Protocol  : TLSv1.2
    Cipher    : ECDHE-RSA-AES256-GCM-SHA384
    Session-ID: 996FFFB3854CAC1205B783A59B76BDFAE38D24425C77C1C50A8B80832D606261
    Session-ID-ctx: 
    Master-Key: BCD00D7E1211EBD9A8755BC67584AEFEAE435E1F8842B9D13F90F6C2F8E4CE0AA646FE75377DACA2DDC40323C70B2910
    TLS session ticket lifetime hint: 36000 (seconds)
    TLS session ticket:
    0000 - 00 00 00 00 f1 09 a9 bd-e1 cc 12 43 b9 30 10 64   ...........C.0.d
    0010 - 28 4e 9f b9 d4 14 fb 68-92 1b ea 73 13 94 94 d5   (N.....h...s....
    0020 - d5 27 00 73 cc c6 2d d8-76 e3 36 bf 65 5b c9 e4   .'.s..-.v.6.e[..
    0030 - af 7f 09 39 18 fc 7d d4-1c 4c c0 8c 11 e5 a4 c8   ...9..}..L......
    0040 - d4 24 8c 68 4d 74 12 12-1f 86 c6 a3 1c d2 27 14   .$.hMt........'.
    0050 - 4d 1d 3b 03 ec e9 ac d2-f8 d3 d1 53 76 60 5a 31   M.;........Sv`Z1
    0060 - 91 76 92 67 ce ee 5e 68-73 9c 4c a7 9a 55 93 a2   .v.g..^hs.L..U..
    0070 - 17 00 05 25 1a 25 e9 cb-32 97 31 23 fc 15 5d a5   ...%.%..2.1#..].
    0080 - 84 ae 5b 90 2e 9c e9 0f-63 5f 76 2e 61 4b 90 d9   ..[.....c_v.aK..
    0090 - a6 ab ca ea df 36 23 cc-41 85 54 13 4f cc 7b d6   .....6#.A.T.O.{.
    00a0 - a5 73 88 c5 2a 9c e7 ad-01 b3 0b 47 76 02 df 3a   .s..*......Gv..:
    00b0 - b4 49 f0 0f a0 4f ba ac-a5 c5 be 35 29 53 66 44   .I...O.....5)SfD
    00c0 - ec 8d ad 1a 1c d4 e6 55-e6 ae eb 9e 3e 9f 9f d5   .......U....>...
    00d0 - f0 11 0d 68 de 66 94 7e-18 82 c9 03 a8 ee b7 b2   ...h.f.~........
    00e0 - c0 08 aa a8 b4 48 61 cb-1f a5 1f b1 63 93 de f1   .....Ha.....c...
    00f0 - 8a f8 f4 23 6b 02 76 7f-7b ad b1 94 f7 93 80 f9   ...#k.v.{.......
    0100 - ea 26 28 82                                       .&(.

    Start Time: 1561476387
    Timeout   : 7200 (sec)
    Verify return code: 0 (ok)
---

注意第二段 標示 CyberTrust Root 或是Root CA  即為所求
-----BEGIN CERTIFICATE-----
MIIFtDCCBJygAwIBAgIQDywQyVsGwJN/uNRJ+D6FaTANBgkqhkiG9w0BAQsFADBa
MQswCQYDVQQGEwJJRTESMBAGA1UEChMJQmFsdGltb3JlMRMwEQYDVQQLEwpDeWJl
clRydXN0MSIwIAYDVQQDExlCYWx0aW1vcmUgQ3liZXJUcnVzdCBSb290MB4XDTE2
MDUyMDEyNTE1N1oXDTI0MDUyMDEyNTE1N1owgYsxCzAJBgNVBAYTAlVTMRMwEQYD
VQQIEwpXYXNoaW5ndG9uMRAwDgYDVQQHEwdSZWRtb25kMR4wHAYDVQQKExVNaWNy
b3NvZnQgQ29ycG9yYXRpb24xFTATBgNVBAsTDE1pY3Jvc29mdCBJVDEeMBwGA1UE
AxMVTWljcm9zb2Z0IElUIFRMUyBDQSAyMIICIjANBgkqhkiG9w0BAQEFAAOCAg8A
MIICCgKCAgEAnqoVwRuhY1/mURjFFrsR3AtNm5EKukBJK9zWBgvFd1ksNEJFC06o
yRbwKPMflpW/HtOfzIeBliGk57MwZq18bgASr70sPUWuoD917HUgBfxBYoF8zA7Z
Ie5zAHODFboJL7Fg/apgbQs/GiZZNCi0QkQUWzw0nTUmVSNQ0mz6pCu95Dv1WMsL
GyPGfdN9zD3Q/QEDyJ695QgjRIxYA1DUE+54ti2k6r0ycKFQYkyWwZ25HD1h2kYt
3ovW85vF6y7tjTqUEcLbgKUCB81/955hdLLsbFd6f9o2PkU8xuOc3U+bUedvv6Sb
tvGjBEZeFyH8/CaQhzlsKMH0+OPOFv/bMqcLarPw1V1sOV1bl4W9vi2278niblzI
bEHt7nN888p4KNIwqCcXaGhbtS4tjn3NKI6v1d2XRyxIvCJDjgoZ09zF39Pyoe92
sSRikZh7xns4tQEQ8BCs4o5NBSx8UxEsgyzNSskWGEWqsIjt+7+A1skDDZv6k2o8
VCHNbTLFKS7d72wMI4ErpzVsBIicxaG2ezuMBBuqThxIiJ+G9zfoP9lxim/9rvJA
xbh3nujA1VJfkOYTJIojEAYCxR3QjEoGdapJmBle97AfqEBnwoJsu2wav8h9v+po
DL4h6dRzRUxY1DHypcFlXGoHu/REQgFLq2IN30/AhQLN90Pj9TT2RQECAwEAAaOC
AUIwggE+MB0GA1UdDgQWBBSRnjtEbD1XnEJ3KjTXT9HMSpcs2jAfBgNVHSMEGDAW
gBTlnVkwgkdYzKz6CFQ2hns6tQRN8DASBgNVHRMBAf8ECDAGAQH/AgEAMA4GA1Ud
DwEB/wQEAwIBhjAnBgNVHSUEIDAeBggrBgEFBQcDAQYIKwYBBQUHAwIGCCsGAQUF
BwMJMDQGCCsGAQUFBwEBBCgwJjAkBggrBgEFBQcwAYYYaHR0cDovL29jc3AuZGln
aWNlcnQuY29tMDoGA1UdHwQzMDEwL6AtoCuGKWh0dHA6Ly9jcmwzLmRpZ2ljZXJ0
LmNvbS9PbW5pcm9vdDIwMjUuY3JsMD0GA1UdIAQ2MDQwMgYEVR0gADAqMCgGCCsG
AQUFBwIBFhxodHRwczovL3d3dy5kaWdpY2VydC5jb20vQ1BTMA0GCSqGSIb3DQEB
CwUAA4IBAQBsf+pqb89rW8E0rP/cDuB9ixMX4C9OWQ7EA7n0BSllR64ZmuhU9mTV
2L0G4HEiGXvOmt15i99wJ0ho2/dvMxm1ZeufkAfMuEc5fQ9RE5ENgNR2UCuFB2Bt
bVmaKUAWxscN4GpXS4AJv+/HS0VXs5Su19J0DA8Bg+lo8ekCl4dq2G1m1WsCvFBI
oLIjd4neCLlGoxT2jA43lj2JpQ/SMkLkLy9DXj/JHdsqJDR5ogcij4VIX8V+bVD0
NCw7kQa6Ulq9Zo0jDEq1at4zSeH4mV2PMM3LwIXBA2xo5sda1cnUWJo3Pq4uMgcL
e0t+fCut38NMkTl8F0arflspaqUVVUov
-----END CERTIFICATE-----


參考文章

http://www.iotsharing.com/2017/08/how-to-use-https-in-arduino-esp32.html

沒有留言:

張貼留言