透過OpenSSl 可以方便取得指定網站的Root-CA
openssl s_client -showcerts -connect japaneast.api.cognitive.microsoft.com:443
回應值如下
CONNECTED(00000005) depth=2 C = IE, O = Baltimore, OU = CyberTrust, CN = Baltimore CyberTrust Root verify return:1 depth=1 C = US, ST = Washington, L = Redmond, O = Microsoft Corporation, OU = Microsoft IT, CN = Microsoft IT TLS CA 2 verify return:1 depth=0 CN = *.cognitiveservices.azure.com verify return:1 --- Certificate chain 0 s:/CN=*.cognitiveservices.azure.com i:/C=US/ST=Washington/L=Redmond/O=Microsoft Corporation/OU=Microsoft IT/CN=Microsoft IT TLS CA 2 -----BEGIN CERTIFICATE----- MIIIxzCCBq+gAwIBAgITIAAFRAs77OdnDzBu6AAAAAVECzANBgkqhkiG9w0BAQsF ADCBizELMAkGA1UEBhMCVVMxEzARBgNVBAgTCldhc2hpbmd0b24xEDAOBgNVBAcT B1JlZG1vbmQxHjAcBgNVBAoTFU1pY3Jvc29mdCBDb3Jwb3JhdGlvbjEVMBMGA1UE CxMMTWljcm9zb2Z0IElUMR4wHAYDVQQDExVNaWNyb3NvZnQgSVQgVExTIENBIDIw HhcNMTkwMTIzMDYwNTQ3WhcNMjEwMTIzMDYwNTQ3WjAoMSYwJAYDVQQDDB0qLmNv Z25pdGl2ZXNlcnZpY2VzLmF6dXJlLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEP ADCCAQoCggEBAK2pLnlTsiv2lGiw9g/1OFdt4MBKw2vRuxnDLWyPUWw0i4bRlRcD oNua0v2Q41MSK613TWU3k00t0GqYEm8RwxUkvCU9Yrxvb7cRrKix5kb9wQs1IKFM 0zBtRJUGPfx6+Zzw8AOP72b0/WbFHBSpmrVjIzoOXqSO3Xjhia05j4Xj4bkEx6cl oweFzKXFlE2bT7GQZBaXoJ7zvH8nxjkf8OdVja++V7KBZ1lvnPyySD9c91iboojj s8mugyk+aVdypnCT32cZfRMl88Vbm0eFRpAtsOfdN3AqDPt61iezd3N5A34ePDsg HEOkuvIv7hBSvkY61wZZTMqfM/7b0tNvLOcCAwEAAaOCBIQwggSAMIIB9wYKKwYB BAHWeQIEAgSCAecEggHjAeEAdgDuS723dc5guuFCaR+r4Z5mow9+X7By2IMAxHuJ eqj9ywAAAWh5WbuoAAAEAwBHMEUCIQCpiobqLhY3FC4nMB6S6RdvVvHgI9wEDhSS V7cJPYgB7wIgetEXIOZ4yqqZaKtlEcXGqQjd0CUFOJBXm4UPUI7QvFQAdwBVgdTC FpA2AUrqC5tXPFPwwOQ4eHAlCBcvo6odBxPTDAAAAWh5Wbz9AAAEAwBIMEYCIQC5 sH1CnlDtZKLDj0FcLWKPBo1WpadkJ1lCxBB59zrYOgIhALxzYNrTjpzJERn3ff/U XG4TeAtx3Usb9DRZ0i1mmOWFAHYAh3W/51l8+IxDmV+9827/Vo1HVjb/SrVgwbTq /16ggw8AAAFoeVm8twAABAMARzBFAiEA84pa6np0EEtH0PGTct8uqBobMTvz8S2l Z9179Ua8PLUCIHHh7bM5lWS3QU+qPNhKBxq2Fjy+EzlGrQhYeNW58J5vAHYARJRl LrDuzq/EQAfYqP4owNrmgr7YyzG1P9MzlrW2gagAAAFoeVm7sAAABAMARzBFAiBY 3QdvnGqCuVWbrhs9qbH1yAffQOCdnERU6exV//9o/AIhAJX7WU19XamV5nXv/v6f CaufCaABHdW4jivgkM8I9RfXMCcGCSsGAQQBgjcVCgQaMBgwCgYIKwYBBQUHAwIw CgYIKwYBBQUHAwEwPgYJKwYBBAGCNxUHBDEwLwYnKwYBBAGCNxUIh9qGdYPu2QGC yYUbgbWeYYX062CBXYTS30KC55N6AgFkAgEdMIGFBggrBgEFBQcBAQR5MHcwUQYI KwYBBQUHMAKGRWh0dHA6Ly93d3cubWljcm9zb2Z0LmNvbS9wa2kvbXNjb3JwL01p Y3Jvc29mdCUyMElUJTIwVExTJTIwQ0ElMjAyLmNydDAiBggrBgEFBQcwAYYWaHR0 cDovL29jc3AubXNvY3NwLmNvbTAdBgNVHQ4EFgQUOajTQtEUdpIKprWd8liIwJoK m0wwCwYDVR0PBAQDAgSwMCgGA1UdEQQhMB+CHSouY29nbml0aXZlc2VydmljZXMu YXp1cmUuY29tMIGsBgNVHR8EgaQwgaEwgZ6ggZuggZiGS2h0dHA6Ly9tc2NybC5t aWNyb3NvZnQuY29tL3BraS9tc2NvcnAvY3JsL01pY3Jvc29mdCUyMElUJTIwVExT JTIwQ0ElMjAyLmNybIZJaHR0cDovL2NybC5taWNyb3NvZnQuY29tL3BraS9tc2Nv cnAvY3JsL01pY3Jvc29mdCUyMElUJTIwVExTJTIwQ0ElMjAyLmNybDBNBgNVHSAE RjBEMEIGCSsGAQQBgjcqATA1MDMGCCsGAQUFBwIBFidodHRwOi8vd3d3Lm1pY3Jv c29mdC5jb20vcGtpL21zY29ycC9jcHMwHwYDVR0jBBgwFoAUkZ47RGw9V5xCdyo0 10/RzEqXLNowHQYDVR0lBBYwFAYIKwYBBQUHAwIGCCsGAQUFBwMBMA0GCSqGSIb3 DQEBCwUAA4ICAQCCfSpc+ZzdzXIU8b4fW8jveZdME9QuaDGLC/OXZNyiJjo0nZSI dAKgtEu0ME71/OiOoDAoY94/PfiGDWSOI3joWFrg20mbI18XYQHz8ukm5yqyOhtI Lz7kKHpdx/O8cADUzpfsL7l8QKznZmhvoDY3XBX08V1ClHllqtwKBzyVB38wdruW XznBrf0CkV5MrSL8Jugq7vYQAiVK7VbAkSvZ7M8h6dGXRvdwLl9trN0zIx5bjDIF wdTnxAfVKeO8PD+FXvLw75jgiFTvJqBxvbfcig5XvfqaD4aQKOAQDOhV3thiStDm /2K8OPljtTd3evjX4yjyx+FoPoFiJZaMSE3j2jW1cmQt4eNSDB6OktmdjAcy2+gS PM74zWRUd50mtEnhmCGsL0ef/jZLc7is4HVaUv2653GYBs7eCS454MZ1oCsDW6SC HZXnfCJf00w80NdKSNpaiz58LvONLzuiuwXEFFU8qG2YeYAvgWnOPutAj5y3DEJR xMrDvxVKQGcV7kaU4aDEp8ulwsS8IgMwQhuFgxbKFOEkrTPVPgyZDaNuSL02kefz uykzE1BpG6gnuETzzPJrh94VZk7r31L29IYYLFcyY8Nhf42D+ES8iA/vCm9KidS9 7SzH4EHYXDrylkaWu9rH6LeThlmIhhzyrbeL/y4GwFdMPjc80zKNSXK0hw== -----END CERTIFICATE----- 1 s:/C=US/ST=Washington/L=Redmond/O=Microsoft Corporation/OU=Microsoft IT/CN=Microsoft IT TLS CA 2 i:/C=IE/O=Baltimore/OU=CyberTrust/CN=Baltimore CyberTrust Root -----BEGIN CERTIFICATE----- MIIFtDCCBJygAwIBAgIQDywQyVsGwJN/uNRJ+D6FaTANBgkqhkiG9w0BAQsFADBa MQswCQYDVQQGEwJJRTESMBAGA1UEChMJQmFsdGltb3JlMRMwEQYDVQQLEwpDeWJl clRydXN0MSIwIAYDVQQDExlCYWx0aW1vcmUgQ3liZXJUcnVzdCBSb290MB4XDTE2 MDUyMDEyNTE1N1oXDTI0MDUyMDEyNTE1N1owgYsxCzAJBgNVBAYTAlVTMRMwEQYD VQQIEwpXYXNoaW5ndG9uMRAwDgYDVQQHEwdSZWRtb25kMR4wHAYDVQQKExVNaWNy b3NvZnQgQ29ycG9yYXRpb24xFTATBgNVBAsTDE1pY3Jvc29mdCBJVDEeMBwGA1UE AxMVTWljcm9zb2Z0IElUIFRMUyBDQSAyMIICIjANBgkqhkiG9w0BAQEFAAOCAg8A MIICCgKCAgEAnqoVwRuhY1/mURjFFrsR3AtNm5EKukBJK9zWBgvFd1ksNEJFC06o yRbwKPMflpW/HtOfzIeBliGk57MwZq18bgASr70sPUWuoD917HUgBfxBYoF8zA7Z Ie5zAHODFboJL7Fg/apgbQs/GiZZNCi0QkQUWzw0nTUmVSNQ0mz6pCu95Dv1WMsL GyPGfdN9zD3Q/QEDyJ695QgjRIxYA1DUE+54ti2k6r0ycKFQYkyWwZ25HD1h2kYt 3ovW85vF6y7tjTqUEcLbgKUCB81/955hdLLsbFd6f9o2PkU8xuOc3U+bUedvv6Sb tvGjBEZeFyH8/CaQhzlsKMH0+OPOFv/bMqcLarPw1V1sOV1bl4W9vi2278niblzI bEHt7nN888p4KNIwqCcXaGhbtS4tjn3NKI6v1d2XRyxIvCJDjgoZ09zF39Pyoe92 sSRikZh7xns4tQEQ8BCs4o5NBSx8UxEsgyzNSskWGEWqsIjt+7+A1skDDZv6k2o8 VCHNbTLFKS7d72wMI4ErpzVsBIicxaG2ezuMBBuqThxIiJ+G9zfoP9lxim/9rvJA xbh3nujA1VJfkOYTJIojEAYCxR3QjEoGdapJmBle97AfqEBnwoJsu2wav8h9v+po DL4h6dRzRUxY1DHypcFlXGoHu/REQgFLq2IN30/AhQLN90Pj9TT2RQECAwEAAaOC AUIwggE+MB0GA1UdDgQWBBSRnjtEbD1XnEJ3KjTXT9HMSpcs2jAfBgNVHSMEGDAW gBTlnVkwgkdYzKz6CFQ2hns6tQRN8DASBgNVHRMBAf8ECDAGAQH/AgEAMA4GA1Ud DwEB/wQEAwIBhjAnBgNVHSUEIDAeBggrBgEFBQcDAQYIKwYBBQUHAwIGCCsGAQUF BwMJMDQGCCsGAQUFBwEBBCgwJjAkBggrBgEFBQcwAYYYaHR0cDovL29jc3AuZGln aWNlcnQuY29tMDoGA1UdHwQzMDEwL6AtoCuGKWh0dHA6Ly9jcmwzLmRpZ2ljZXJ0 LmNvbS9PbW5pcm9vdDIwMjUuY3JsMD0GA1UdIAQ2MDQwMgYEVR0gADAqMCgGCCsG AQUFBwIBFhxodHRwczovL3d3dy5kaWdpY2VydC5jb20vQ1BTMA0GCSqGSIb3DQEB CwUAA4IBAQBsf+pqb89rW8E0rP/cDuB9ixMX4C9OWQ7EA7n0BSllR64ZmuhU9mTV 2L0G4HEiGXvOmt15i99wJ0ho2/dvMxm1ZeufkAfMuEc5fQ9RE5ENgNR2UCuFB2Bt bVmaKUAWxscN4GpXS4AJv+/HS0VXs5Su19J0DA8Bg+lo8ekCl4dq2G1m1WsCvFBI oLIjd4neCLlGoxT2jA43lj2JpQ/SMkLkLy9DXj/JHdsqJDR5ogcij4VIX8V+bVD0 NCw7kQa6Ulq9Zo0jDEq1at4zSeH4mV2PMM3LwIXBA2xo5sda1cnUWJo3Pq4uMgcL e0t+fCut38NMkTl8F0arflspaqUVVUov -----END CERTIFICATE----- --- Server certificate subject=/CN=*.cognitiveservices.azure.com issuer=/C=US/ST=Washington/L=Redmond/O=Microsoft Corporation/OU=Microsoft IT/CN=Microsoft IT TLS CA 2 --- No client certificate CA names sent Server Temp Key: ECDH, P-384, 384 bits --- SSL handshake has read 4513 bytes and written 358 bytes --- New, TLSv1/SSLv3, Cipher is ECDHE-RSA-AES256-GCM-SHA384 Server public key is 2048 bit Secure Renegotiation IS supported Compression: NONE Expansion: NONE No ALPN negotiated SSL-Session: Protocol : TLSv1.2 Cipher : ECDHE-RSA-AES256-GCM-SHA384 Session-ID: 996FFFB3854CAC1205B783A59B76BDFAE38D24425C77C1C50A8B80832D606261 Session-ID-ctx: Master-Key: BCD00D7E1211EBD9A8755BC67584AEFEAE435E1F8842B9D13F90F6C2F8E4CE0AA646FE75377DACA2DDC40323C70B2910 TLS session ticket lifetime hint: 36000 (seconds) TLS session ticket: 0000 - 00 00 00 00 f1 09 a9 bd-e1 cc 12 43 b9 30 10 64 ...........C.0.d 0010 - 28 4e 9f b9 d4 14 fb 68-92 1b ea 73 13 94 94 d5 (N.....h...s.... 0020 - d5 27 00 73 cc c6 2d d8-76 e3 36 bf 65 5b c9 e4 .'.s..-.v.6.e[.. 0030 - af 7f 09 39 18 fc 7d d4-1c 4c c0 8c 11 e5 a4 c8 ...9..}..L...... 0040 - d4 24 8c 68 4d 74 12 12-1f 86 c6 a3 1c d2 27 14 .$.hMt........'. 0050 - 4d 1d 3b 03 ec e9 ac d2-f8 d3 d1 53 76 60 5a 31 M.;........Sv`Z1 0060 - 91 76 92 67 ce ee 5e 68-73 9c 4c a7 9a 55 93 a2 .v.g..^hs.L..U.. 0070 - 17 00 05 25 1a 25 e9 cb-32 97 31 23 fc 15 5d a5 ...%.%..2.1#..]. 0080 - 84 ae 5b 90 2e 9c e9 0f-63 5f 76 2e 61 4b 90 d9 ..[.....c_v.aK.. 0090 - a6 ab ca ea df 36 23 cc-41 85 54 13 4f cc 7b d6 .....6#.A.T.O.{. 00a0 - a5 73 88 c5 2a 9c e7 ad-01 b3 0b 47 76 02 df 3a .s..*......Gv..: 00b0 - b4 49 f0 0f a0 4f ba ac-a5 c5 be 35 29 53 66 44 .I...O.....5)SfD 00c0 - ec 8d ad 1a 1c d4 e6 55-e6 ae eb 9e 3e 9f 9f d5 .......U....>... 00d0 - f0 11 0d 68 de 66 94 7e-18 82 c9 03 a8 ee b7 b2 ...h.f.~........ 00e0 - c0 08 aa a8 b4 48 61 cb-1f a5 1f b1 63 93 de f1 .....Ha.....c... 00f0 - 8a f8 f4 23 6b 02 76 7f-7b ad b1 94 f7 93 80 f9 ...#k.v.{....... 0100 - ea 26 28 82 .&(. Start Time: 1561476387 Timeout : 7200 (sec) Verify return code: 0 (ok) ---
注意第二段 標示 CyberTrust Root 或是Root CA 即為所求
-----BEGIN CERTIFICATE----- MIIFtDCCBJygAwIBAgIQDywQyVsGwJN/uNRJ+D6FaTANBgkqhkiG9w0BAQsFADBa MQswCQYDVQQGEwJJRTESMBAGA1UEChMJQmFsdGltb3JlMRMwEQYDVQQLEwpDeWJl clRydXN0MSIwIAYDVQQDExlCYWx0aW1vcmUgQ3liZXJUcnVzdCBSb290MB4XDTE2 MDUyMDEyNTE1N1oXDTI0MDUyMDEyNTE1N1owgYsxCzAJBgNVBAYTAlVTMRMwEQYD VQQIEwpXYXNoaW5ndG9uMRAwDgYDVQQHEwdSZWRtb25kMR4wHAYDVQQKExVNaWNy b3NvZnQgQ29ycG9yYXRpb24xFTATBgNVBAsTDE1pY3Jvc29mdCBJVDEeMBwGA1UE AxMVTWljcm9zb2Z0IElUIFRMUyBDQSAyMIICIjANBgkqhkiG9w0BAQEFAAOCAg8A MIICCgKCAgEAnqoVwRuhY1/mURjFFrsR3AtNm5EKukBJK9zWBgvFd1ksNEJFC06o yRbwKPMflpW/HtOfzIeBliGk57MwZq18bgASr70sPUWuoD917HUgBfxBYoF8zA7Z Ie5zAHODFboJL7Fg/apgbQs/GiZZNCi0QkQUWzw0nTUmVSNQ0mz6pCu95Dv1WMsL GyPGfdN9zD3Q/QEDyJ695QgjRIxYA1DUE+54ti2k6r0ycKFQYkyWwZ25HD1h2kYt 3ovW85vF6y7tjTqUEcLbgKUCB81/955hdLLsbFd6f9o2PkU8xuOc3U+bUedvv6Sb tvGjBEZeFyH8/CaQhzlsKMH0+OPOFv/bMqcLarPw1V1sOV1bl4W9vi2278niblzI bEHt7nN888p4KNIwqCcXaGhbtS4tjn3NKI6v1d2XRyxIvCJDjgoZ09zF39Pyoe92 sSRikZh7xns4tQEQ8BCs4o5NBSx8UxEsgyzNSskWGEWqsIjt+7+A1skDDZv6k2o8 VCHNbTLFKS7d72wMI4ErpzVsBIicxaG2ezuMBBuqThxIiJ+G9zfoP9lxim/9rvJA xbh3nujA1VJfkOYTJIojEAYCxR3QjEoGdapJmBle97AfqEBnwoJsu2wav8h9v+po DL4h6dRzRUxY1DHypcFlXGoHu/REQgFLq2IN30/AhQLN90Pj9TT2RQECAwEAAaOC AUIwggE+MB0GA1UdDgQWBBSRnjtEbD1XnEJ3KjTXT9HMSpcs2jAfBgNVHSMEGDAW gBTlnVkwgkdYzKz6CFQ2hns6tQRN8DASBgNVHRMBAf8ECDAGAQH/AgEAMA4GA1Ud DwEB/wQEAwIBhjAnBgNVHSUEIDAeBggrBgEFBQcDAQYIKwYBBQUHAwIGCCsGAQUF BwMJMDQGCCsGAQUFBwEBBCgwJjAkBggrBgEFBQcwAYYYaHR0cDovL29jc3AuZGln aWNlcnQuY29tMDoGA1UdHwQzMDEwL6AtoCuGKWh0dHA6Ly9jcmwzLmRpZ2ljZXJ0 LmNvbS9PbW5pcm9vdDIwMjUuY3JsMD0GA1UdIAQ2MDQwMgYEVR0gADAqMCgGCCsG AQUFBwIBFhxodHRwczovL3d3dy5kaWdpY2VydC5jb20vQ1BTMA0GCSqGSIb3DQEB CwUAA4IBAQBsf+pqb89rW8E0rP/cDuB9ixMX4C9OWQ7EA7n0BSllR64ZmuhU9mTV 2L0G4HEiGXvOmt15i99wJ0ho2/dvMxm1ZeufkAfMuEc5fQ9RE5ENgNR2UCuFB2Bt bVmaKUAWxscN4GpXS4AJv+/HS0VXs5Su19J0DA8Bg+lo8ekCl4dq2G1m1WsCvFBI oLIjd4neCLlGoxT2jA43lj2JpQ/SMkLkLy9DXj/JHdsqJDR5ogcij4VIX8V+bVD0 NCw7kQa6Ulq9Zo0jDEq1at4zSeH4mV2PMM3LwIXBA2xo5sda1cnUWJo3Pq4uMgcL e0t+fCut38NMkTl8F0arflspaqUVVUov -----END CERTIFICATE-----
參考文章
http://www.iotsharing.com/2017/08/how-to-use-https-in-arduino-esp32.html
沒有留言:
張貼留言