Re: Vérifier la validité d'un certificat let's encrypt
Le 31/12/2018 à 14:26, G2PC a écrit : >>> Je ne sais pas comment faire pour vérifier le certificat en ligne de >>> commande. Qu'entendait par la mon interlocuteur ? >> $ openssl s_client -connect www.visionduweb.fr:443 -showcerts >> CONNECTED(0003) >> depth=1 /C=US/O=Let's Encrypt/CN=Let's Encrypt Authority X3 >> verify error:num=20:unable to get local issuer certificate >> verify return:0 >> --- >> Certificate chain >> 0 s:/CN=green-nrj.com >>i:/C=US/O=Let's Encrypt/CN=Let's Encrypt Authority X3 >> -BEGIN CERTIFICATE- >> MIIG+jCCBeKgAwIBAgISBAlKRxSnx7RHIkwKBKH41cweMA0GCSqGSIb3DQEBCwUA >> MEoxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MSMwIQYDVQQD >> ExpMZXQncyBFbmNyeXB0IEF1dGhvcml0eSBYMzAeFw0xODEyMjAwMTM3MDJaFw0x >> OTAzMjAwMTM3MDJaMBgxFjAUBgNVBAMTDWdyZWVuLW5yai5jb20wggIiMA0GCSqG >> SIb3DQEBAQUAA4ICDwAwggIKAoICAQCi6DDW4g5Zl7plzuHn9qfPS8n+6tRDIXyH >> 5yTOJ78rSJPax45AU7luMvFkBgsDQIkR8k0SMbnbhKnUm3wt/cFC/PdmwCofJKs+ >> cS65pEZEZGECrbxm96A95I4xmPgJqYPkHipMWWfzo7vQKiJT/ZTPV9MnXfJIFB03 >> swfE7cUnVgFPk5X1yO5QV/xhE/VqLN3/loqubTVoXqT4UfR64gyKD869gMcs0TOU >> 631uwDCiP+giP52lyRApyNROiwjqoWZqO6a9tCz8YwdxpGEVpVRErzT9ErfxL5BC >> NkQbBGfm3qweOzk0hLZ/inqGDQna0gD5JOajNwXc4r8+laxKcvC1tsSt6UaS7cFd >> V5s7V3lgFwDpFT/Rd2a8584cTJjw+8qUjr82O866+hdiqCgUJfLQgFdLiV3PgvRy >> Ef1vC6CUqnUtr2DgHg/pghol7GgQWij+ZHPe/LVIbGIYwFcU7VaisbjhZB2/jXDw >> m/CABN5+4gC6/NbK6i0HzGnraLXegUq7U+U2HIdlZ7zZygKFOIdXtG6gY1k9UZ+d >> hel8Ddyhvwyz8NGFyC2/87A0Yo8UoimhUhBRrJDslrKaG5rvIOXZqezmHhQaYUMG >> Bd2SsToCXsKPwicRLUMGg2YL9V2c4oNdNzSqR/jyXdl2lEwpSOcqOI/jt0IvpaUN >> XqxDZKrfhwIDAQABo4IDCjCCAwYwDgYDVR0PAQH/BAQDAgWgMB0GA1UdJQQWMBQG >> CCsGAQUFBwMBBggrBgEFBQcDAjAMBgNVHRMBAf8EAjAAMB0GA1UdDgQWBBQsjvMX >> Ag8GMFZEkeQQXnOhfSTOkDAfBgNVHSMEGDAWgBSoSmpjBH3duubRObemRWXv86js >> oTBvBggrBgEFBQcBAQRjMGEwLgYIKwYBBQUHMAGGImh0dHA6Ly9vY3NwLmludC14 >> My5sZXRzZW5jcnlwdC5vcmcwLwYIKwYBBQUHMAKGI2h0dHA6Ly9jZXJ0LmludC14 >> My5sZXRzZW5jcnlwdC5vcmcvMIG/BgNVHREEgbcwgbSCDWdyZWVuLW5yai5jb22C >> GHVuaXMtcG91ci1sYS1wbGFuZXRlLmNvbYIXdW5pcy1wb3VyLWxlLWNsaW1hdC5j >> b22CDnZpc2lvbmR1d2ViLmZyghF3d3cuZ3JlZW4tbnJqLmNvbYIcd3d3LnVuaXMt >> cG91ci1sYS1wbGFuZXRlLmNvbYIbd3d3LnVuaXMtcG91ci1sZS1jbGltYXQuY29t >> ghJ3d3cudmlzaW9uZHV3ZWIuZnIwTAYDVR0gBEUwQzAIBgZngQwBAgEwNwYLKwYB >> BAGC3xMBAQEwKDAmBggrBgEFBQcCARYaaHR0cDovL2Nwcy5sZXRzZW5jcnlwdC5v >> cmcwggEEBgorBgEEAdZ5AgQCBIH1BIHyAPAAdgBVgdTCFpA2AUrqC5tXPFPwwOQ4 >> eHAlCBcvo6odBxPTDWfJeTPwAAAEAwBHMEUCIQCvGIWQ7UI+5bOJYleH0Mq0 >> vfc1n1KVr17UCigKLWG+ugIgBkvLL/9Zjw3LwDT1wUXWDoXWTgKaN3Q2mwv5iWxd >> yVsAdgApPFGWVMg5ZbqqUPxYB9S3b79Yeily3KTDDPTlRUf0eWfJeTPqAAAE >> AwBHMEUCIB1mOFfzS7CQB43SHJ54wIAh/IMa73OYPkd5bsUlIUHaAiEAn6xkJahl >> P+momyiuDgdKPjQamb6W5ipqlvrbcghiIKEwDQYJKoZIhvcNAQELBQADggEBAGVH >> BSBcOqI7d0pQ0wTBwg6VxTUJNfh7WmGYpqJzqgtKDoTgMwV+0Z8kSDdwBdldIsj2 >> ns8v7bFqDbY3HZA2YS1QH3uPoo4B4/XzRCyYZXJ+5AE1lULvryj5isFoKEXkRhTn >> e2LX/6/QYNw2TC4woXshYxGxxafH/d+MIycwHUv9xNvKCRr78RkYRXFtMGwZ+HIU >> tQvgJmIae7hoOZ8zGyHyqqDgNxbtpeGADYmpuDZFxvWFlngVjBUPyYmvttdJVu3I >> A2uDjIof8HZRAHcSezSMlrJTOZ5raM/YsihnQy/fZ/A2HJrLh8DXGnlzNa//e8YL >> SV+8hWnOBW0yO8TDJP8= >> -END CERTIFICATE- >> 1 s:/C=US/O=Let's Encrypt/CN=Let's Encrypt Authority X3 >>i:/O=Digital Signature Trust Co./CN=DST Root CA X3 >> -BEGIN CERTIFICATE- >> MIIEkjCCA3qgAwIBAgIQCgFBQgAAAVOFc2oLheynCDANBgkqhkiG9w0BAQsFADA/ >> MSQwIgYDVQQKExtEaWdpdGFsIFNpZ25hdHVyZSBUcnVzdCBDby4xFzAVBgNVBAMT >> DkRTVCBSb290IENBIFgzMB4XDTE2MDMxNzE2NDA0NloXDTIxMDMxNzE2NDA0Nlow >> SjELMAkGA1UEBhMCVVMxFjAUBgNVBAoTDUxldCdzIEVuY3J5cHQxIzAhBgNVBAMT >> GkxldCdzIEVuY3J5cHQgQXV0aG9yaXR5IFgzMIIBIjANBgkqhkiG9w0BAQEFAAOC >> AQ8AMIIBCgKCAQEAnNMM8FrlLke3cl03g7NoYzDq1zUmGSXhvb418XCSL7e4S0EF >> q6meNQhY7LEqxGiHC6PjdeTm86dicbp5gWAf15Gan/PQeGdxyGkOlZHP/uaZ6WA8 >> SMx+yk13EiSdRxta67nsHjcAHJyse6cF6s5K671B5TaYucv9bTyWaN8jKkKQDIZ0 >> Z8h/pZq4UmEUEz9l6YKHy9v6Dlb2honzhT+Xhq+w3Brvaw2VFn3EK6BlspkENnWA >> a6xK8xuQSXgvopZPKiAlKQTGdMDQMc2PMTiVFrqoM7hD8bEfwzB/onkxEz0tNvjj >> /PIzark5McWvxI0NHWQWM6r6hCm21AvA2H3DkwIDAQABo4IBfTCCAXkwEgYDVR0T >> AQH/BAgwBgEB/wIBADAOBgNVHQ8BAf8EBAMCAYYwfwYIKwYBBQUHAQEEczBxMDIG >> CCsGAQUFBzABhiZodHRwOi8vaXNyZy50cnVzdGlkLm9jc3AuaWRlbnRydXN0LmNv >> bTA7BggrBgEFBQcwAoYvaHR0cDovL2FwcHMuaWRlbnRydXN0LmNvbS9yb290cy9k >> c3Ryb290Y2F4My5wN2MwHwYDVR0jBBgwFoAUxKexpHsscfrb4UuQdf/EFWCFiRAw >> VAYDVR0gBE0wSzAIBgZngQwBAgEwPwYLKwYBBAGC3xMBAQEwMDAuBggrBgEFBQcC >> ARYiaHR0cDovL2Nwcy5yb290LXgxLmxldHNlbmNyeXB0Lm9yZzA8BgNVHR8ENTAz >> MDGgL6AthitodHRwOi8vY3JsLmlkZW50cnVzdC5jb20vRFNUUk9PVENBWDNDUkwu >> Y3JsMB0GA1UdDgQWBBSoSmpjBH3duubRObemRWXv86jsoTANBgkqhkiG9w0BAQsF >> AAOCAQEA3TPXEfNjWDjdGBX7CVW+dla5cEilaUcne8IkCJLxWh9KEik3JHRRHGJo >> uM2VcGfl96S8TihRzZvoroed6ti6WqEBmtzw3Wodatg+VyOeph4EYpr/1wXKtx8/ >> wApIvJSwtmVi4MFU5aMqrSDE6ea73Mj2tcMyo5jMd6jmeWUHK8so/joWUoHOUgwu >> X4Po1QYz+3dszkDqMp4fklxBwXRsW10KXzPMTZ+sOPAveyxindmjkW8lGy+QsRlG >> PfZ+G6Z6h7mjem0Y+iWlkYcV4PIWL1iwBi8saCbGS5jN2p8M+X+Q7UNKEkROb3N6 >> KOqkqm57TH2H3eDJAkSnh6/DNFu0Qg== >> -END CERTIFICATE- >> --- >> Server certificate >>
Re: Vérifier la validité d'un certificat let's encrypt
>> Je ne sais pas comment faire pour vérifier le certificat en ligne de >> commande. Qu'entendait par la mon interlocuteur ? > $ openssl s_client -connect www.visionduweb.fr:443 -showcerts > CONNECTED(0003) > depth=1 /C=US/O=Let's Encrypt/CN=Let's Encrypt Authority X3 > verify error:num=20:unable to get local issuer certificate > verify return:0 > --- > Certificate chain > 0 s:/CN=green-nrj.com >i:/C=US/O=Let's Encrypt/CN=Let's Encrypt Authority X3 > -BEGIN CERTIFICATE- > MIIG+jCCBeKgAwIBAgISBAlKRxSnx7RHIkwKBKH41cweMA0GCSqGSIb3DQEBCwUA > MEoxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MSMwIQYDVQQD > ExpMZXQncyBFbmNyeXB0IEF1dGhvcml0eSBYMzAeFw0xODEyMjAwMTM3MDJaFw0x > OTAzMjAwMTM3MDJaMBgxFjAUBgNVBAMTDWdyZWVuLW5yai5jb20wggIiMA0GCSqG > SIb3DQEBAQUAA4ICDwAwggIKAoICAQCi6DDW4g5Zl7plzuHn9qfPS8n+6tRDIXyH > 5yTOJ78rSJPax45AU7luMvFkBgsDQIkR8k0SMbnbhKnUm3wt/cFC/PdmwCofJKs+ > cS65pEZEZGECrbxm96A95I4xmPgJqYPkHipMWWfzo7vQKiJT/ZTPV9MnXfJIFB03 > swfE7cUnVgFPk5X1yO5QV/xhE/VqLN3/loqubTVoXqT4UfR64gyKD869gMcs0TOU > 631uwDCiP+giP52lyRApyNROiwjqoWZqO6a9tCz8YwdxpGEVpVRErzT9ErfxL5BC > NkQbBGfm3qweOzk0hLZ/inqGDQna0gD5JOajNwXc4r8+laxKcvC1tsSt6UaS7cFd > V5s7V3lgFwDpFT/Rd2a8584cTJjw+8qUjr82O866+hdiqCgUJfLQgFdLiV3PgvRy > Ef1vC6CUqnUtr2DgHg/pghol7GgQWij+ZHPe/LVIbGIYwFcU7VaisbjhZB2/jXDw > m/CABN5+4gC6/NbK6i0HzGnraLXegUq7U+U2HIdlZ7zZygKFOIdXtG6gY1k9UZ+d > hel8Ddyhvwyz8NGFyC2/87A0Yo8UoimhUhBRrJDslrKaG5rvIOXZqezmHhQaYUMG > Bd2SsToCXsKPwicRLUMGg2YL9V2c4oNdNzSqR/jyXdl2lEwpSOcqOI/jt0IvpaUN > XqxDZKrfhwIDAQABo4IDCjCCAwYwDgYDVR0PAQH/BAQDAgWgMB0GA1UdJQQWMBQG > CCsGAQUFBwMBBggrBgEFBQcDAjAMBgNVHRMBAf8EAjAAMB0GA1UdDgQWBBQsjvMX > Ag8GMFZEkeQQXnOhfSTOkDAfBgNVHSMEGDAWgBSoSmpjBH3duubRObemRWXv86js > oTBvBggrBgEFBQcBAQRjMGEwLgYIKwYBBQUHMAGGImh0dHA6Ly9vY3NwLmludC14 > My5sZXRzZW5jcnlwdC5vcmcwLwYIKwYBBQUHMAKGI2h0dHA6Ly9jZXJ0LmludC14 > My5sZXRzZW5jcnlwdC5vcmcvMIG/BgNVHREEgbcwgbSCDWdyZWVuLW5yai5jb22C > GHVuaXMtcG91ci1sYS1wbGFuZXRlLmNvbYIXdW5pcy1wb3VyLWxlLWNsaW1hdC5j > b22CDnZpc2lvbmR1d2ViLmZyghF3d3cuZ3JlZW4tbnJqLmNvbYIcd3d3LnVuaXMt > cG91ci1sYS1wbGFuZXRlLmNvbYIbd3d3LnVuaXMtcG91ci1sZS1jbGltYXQuY29t > ghJ3d3cudmlzaW9uZHV3ZWIuZnIwTAYDVR0gBEUwQzAIBgZngQwBAgEwNwYLKwYB > BAGC3xMBAQEwKDAmBggrBgEFBQcCARYaaHR0cDovL2Nwcy5sZXRzZW5jcnlwdC5v > cmcwggEEBgorBgEEAdZ5AgQCBIH1BIHyAPAAdgBVgdTCFpA2AUrqC5tXPFPwwOQ4 > eHAlCBcvo6odBxPTDWfJeTPwAAAEAwBHMEUCIQCvGIWQ7UI+5bOJYleH0Mq0 > vfc1n1KVr17UCigKLWG+ugIgBkvLL/9Zjw3LwDT1wUXWDoXWTgKaN3Q2mwv5iWxd > yVsAdgApPFGWVMg5ZbqqUPxYB9S3b79Yeily3KTDDPTlRUf0eWfJeTPqAAAE > AwBHMEUCIB1mOFfzS7CQB43SHJ54wIAh/IMa73OYPkd5bsUlIUHaAiEAn6xkJahl > P+momyiuDgdKPjQamb6W5ipqlvrbcghiIKEwDQYJKoZIhvcNAQELBQADggEBAGVH > BSBcOqI7d0pQ0wTBwg6VxTUJNfh7WmGYpqJzqgtKDoTgMwV+0Z8kSDdwBdldIsj2 > ns8v7bFqDbY3HZA2YS1QH3uPoo4B4/XzRCyYZXJ+5AE1lULvryj5isFoKEXkRhTn > e2LX/6/QYNw2TC4woXshYxGxxafH/d+MIycwHUv9xNvKCRr78RkYRXFtMGwZ+HIU > tQvgJmIae7hoOZ8zGyHyqqDgNxbtpeGADYmpuDZFxvWFlngVjBUPyYmvttdJVu3I > A2uDjIof8HZRAHcSezSMlrJTOZ5raM/YsihnQy/fZ/A2HJrLh8DXGnlzNa//e8YL > SV+8hWnOBW0yO8TDJP8= > -END CERTIFICATE- > 1 s:/C=US/O=Let's Encrypt/CN=Let's Encrypt Authority X3 >i:/O=Digital Signature Trust Co./CN=DST Root CA X3 > -BEGIN CERTIFICATE- > MIIEkjCCA3qgAwIBAgIQCgFBQgAAAVOFc2oLheynCDANBgkqhkiG9w0BAQsFADA/ > MSQwIgYDVQQKExtEaWdpdGFsIFNpZ25hdHVyZSBUcnVzdCBDby4xFzAVBgNVBAMT > DkRTVCBSb290IENBIFgzMB4XDTE2MDMxNzE2NDA0NloXDTIxMDMxNzE2NDA0Nlow > SjELMAkGA1UEBhMCVVMxFjAUBgNVBAoTDUxldCdzIEVuY3J5cHQxIzAhBgNVBAMT > GkxldCdzIEVuY3J5cHQgQXV0aG9yaXR5IFgzMIIBIjANBgkqhkiG9w0BAQEFAAOC > AQ8AMIIBCgKCAQEAnNMM8FrlLke3cl03g7NoYzDq1zUmGSXhvb418XCSL7e4S0EF > q6meNQhY7LEqxGiHC6PjdeTm86dicbp5gWAf15Gan/PQeGdxyGkOlZHP/uaZ6WA8 > SMx+yk13EiSdRxta67nsHjcAHJyse6cF6s5K671B5TaYucv9bTyWaN8jKkKQDIZ0 > Z8h/pZq4UmEUEz9l6YKHy9v6Dlb2honzhT+Xhq+w3Brvaw2VFn3EK6BlspkENnWA > a6xK8xuQSXgvopZPKiAlKQTGdMDQMc2PMTiVFrqoM7hD8bEfwzB/onkxEz0tNvjj > /PIzark5McWvxI0NHWQWM6r6hCm21AvA2H3DkwIDAQABo4IBfTCCAXkwEgYDVR0T > AQH/BAgwBgEB/wIBADAOBgNVHQ8BAf8EBAMCAYYwfwYIKwYBBQUHAQEEczBxMDIG > CCsGAQUFBzABhiZodHRwOi8vaXNyZy50cnVzdGlkLm9jc3AuaWRlbnRydXN0LmNv > bTA7BggrBgEFBQcwAoYvaHR0cDovL2FwcHMuaWRlbnRydXN0LmNvbS9yb290cy9k > c3Ryb290Y2F4My5wN2MwHwYDVR0jBBgwFoAUxKexpHsscfrb4UuQdf/EFWCFiRAw > VAYDVR0gBE0wSzAIBgZngQwBAgEwPwYLKwYBBAGC3xMBAQEwMDAuBggrBgEFBQcC > ARYiaHR0cDovL2Nwcy5yb290LXgxLmxldHNlbmNyeXB0Lm9yZzA8BgNVHR8ENTAz > MDGgL6AthitodHRwOi8vY3JsLmlkZW50cnVzdC5jb20vRFNUUk9PVENBWDNDUkwu > Y3JsMB0GA1UdDgQWBBSoSmpjBH3duubRObemRWXv86jsoTANBgkqhkiG9w0BAQsF > AAOCAQEA3TPXEfNjWDjdGBX7CVW+dla5cEilaUcne8IkCJLxWh9KEik3JHRRHGJo > uM2VcGfl96S8TihRzZvoroed6ti6WqEBmtzw3Wodatg+VyOeph4EYpr/1wXKtx8/ > wApIvJSwtmVi4MFU5aMqrSDE6ea73Mj2tcMyo5jMd6jmeWUHK8so/joWUoHOUgwu > X4Po1QYz+3dszkDqMp4fklxBwXRsW10KXzPMTZ+sOPAveyxindmjkW8lGy+QsRlG > PfZ+G6Z6h7mjem0Y+iWlkYcV4PIWL1iwBi8saCbGS5jN2p8M+X+Q7UNKEkROb3N6 > KOqkqm57TH2H3eDJAkSnh6/DNFu0Qg== > -END CERTIFICATE- > --- > Server certificate > subject=/CN=green-nrj.com > issuer=/C=US/O=Let's Encrypt/CN=Let's Encrypt Authority X3 > --- > No client certificate CA names sent
Re: Vérifier la validité d'un certificat let's encrypt
Salut la liste, > Je ne sais pas comment faire pour vérifier le certificat en ligne de > commande. Qu'entendait par la mon interlocuteur ? $ openssl s_client -connect www.visionduweb.fr:443 -showcerts CONNECTED(0003) depth=1 /C=US/O=Let's Encrypt/CN=Let's Encrypt Authority X3 verify error:num=20:unable to get local issuer certificate verify return:0 --- Certificate chain 0 s:/CN=green-nrj.com i:/C=US/O=Let's Encrypt/CN=Let's Encrypt Authority X3 -BEGIN CERTIFICATE- MIIG+jCCBeKgAwIBAgISBAlKRxSnx7RHIkwKBKH41cweMA0GCSqGSIb3DQEBCwUA MEoxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MSMwIQYDVQQD ExpMZXQncyBFbmNyeXB0IEF1dGhvcml0eSBYMzAeFw0xODEyMjAwMTM3MDJaFw0x OTAzMjAwMTM3MDJaMBgxFjAUBgNVBAMTDWdyZWVuLW5yai5jb20wggIiMA0GCSqG SIb3DQEBAQUAA4ICDwAwggIKAoICAQCi6DDW4g5Zl7plzuHn9qfPS8n+6tRDIXyH 5yTOJ78rSJPax45AU7luMvFkBgsDQIkR8k0SMbnbhKnUm3wt/cFC/PdmwCofJKs+ cS65pEZEZGECrbxm96A95I4xmPgJqYPkHipMWWfzo7vQKiJT/ZTPV9MnXfJIFB03 swfE7cUnVgFPk5X1yO5QV/xhE/VqLN3/loqubTVoXqT4UfR64gyKD869gMcs0TOU 631uwDCiP+giP52lyRApyNROiwjqoWZqO6a9tCz8YwdxpGEVpVRErzT9ErfxL5BC NkQbBGfm3qweOzk0hLZ/inqGDQna0gD5JOajNwXc4r8+laxKcvC1tsSt6UaS7cFd V5s7V3lgFwDpFT/Rd2a8584cTJjw+8qUjr82O866+hdiqCgUJfLQgFdLiV3PgvRy Ef1vC6CUqnUtr2DgHg/pghol7GgQWij+ZHPe/LVIbGIYwFcU7VaisbjhZB2/jXDw m/CABN5+4gC6/NbK6i0HzGnraLXegUq7U+U2HIdlZ7zZygKFOIdXtG6gY1k9UZ+d hel8Ddyhvwyz8NGFyC2/87A0Yo8UoimhUhBRrJDslrKaG5rvIOXZqezmHhQaYUMG Bd2SsToCXsKPwicRLUMGg2YL9V2c4oNdNzSqR/jyXdl2lEwpSOcqOI/jt0IvpaUN XqxDZKrfhwIDAQABo4IDCjCCAwYwDgYDVR0PAQH/BAQDAgWgMB0GA1UdJQQWMBQG CCsGAQUFBwMBBggrBgEFBQcDAjAMBgNVHRMBAf8EAjAAMB0GA1UdDgQWBBQsjvMX Ag8GMFZEkeQQXnOhfSTOkDAfBgNVHSMEGDAWgBSoSmpjBH3duubRObemRWXv86js oTBvBggrBgEFBQcBAQRjMGEwLgYIKwYBBQUHMAGGImh0dHA6Ly9vY3NwLmludC14 My5sZXRzZW5jcnlwdC5vcmcwLwYIKwYBBQUHMAKGI2h0dHA6Ly9jZXJ0LmludC14 My5sZXRzZW5jcnlwdC5vcmcvMIG/BgNVHREEgbcwgbSCDWdyZWVuLW5yai5jb22C GHVuaXMtcG91ci1sYS1wbGFuZXRlLmNvbYIXdW5pcy1wb3VyLWxlLWNsaW1hdC5j b22CDnZpc2lvbmR1d2ViLmZyghF3d3cuZ3JlZW4tbnJqLmNvbYIcd3d3LnVuaXMt cG91ci1sYS1wbGFuZXRlLmNvbYIbd3d3LnVuaXMtcG91ci1sZS1jbGltYXQuY29t ghJ3d3cudmlzaW9uZHV3ZWIuZnIwTAYDVR0gBEUwQzAIBgZngQwBAgEwNwYLKwYB BAGC3xMBAQEwKDAmBggrBgEFBQcCARYaaHR0cDovL2Nwcy5sZXRzZW5jcnlwdC5v cmcwggEEBgorBgEEAdZ5AgQCBIH1BIHyAPAAdgBVgdTCFpA2AUrqC5tXPFPwwOQ4 eHAlCBcvo6odBxPTDWfJeTPwAAAEAwBHMEUCIQCvGIWQ7UI+5bOJYleH0Mq0 vfc1n1KVr17UCigKLWG+ugIgBkvLL/9Zjw3LwDT1wUXWDoXWTgKaN3Q2mwv5iWxd yVsAdgApPFGWVMg5ZbqqUPxYB9S3b79Yeily3KTDDPTlRUf0eWfJeTPqAAAE AwBHMEUCIB1mOFfzS7CQB43SHJ54wIAh/IMa73OYPkd5bsUlIUHaAiEAn6xkJahl P+momyiuDgdKPjQamb6W5ipqlvrbcghiIKEwDQYJKoZIhvcNAQELBQADggEBAGVH BSBcOqI7d0pQ0wTBwg6VxTUJNfh7WmGYpqJzqgtKDoTgMwV+0Z8kSDdwBdldIsj2 ns8v7bFqDbY3HZA2YS1QH3uPoo4B4/XzRCyYZXJ+5AE1lULvryj5isFoKEXkRhTn e2LX/6/QYNw2TC4woXshYxGxxafH/d+MIycwHUv9xNvKCRr78RkYRXFtMGwZ+HIU tQvgJmIae7hoOZ8zGyHyqqDgNxbtpeGADYmpuDZFxvWFlngVjBUPyYmvttdJVu3I A2uDjIof8HZRAHcSezSMlrJTOZ5raM/YsihnQy/fZ/A2HJrLh8DXGnlzNa//e8YL SV+8hWnOBW0yO8TDJP8= -END CERTIFICATE- 1 s:/C=US/O=Let's Encrypt/CN=Let's Encrypt Authority X3 i:/O=Digital Signature Trust Co./CN=DST Root CA X3 -BEGIN CERTIFICATE- MIIEkjCCA3qgAwIBAgIQCgFBQgAAAVOFc2oLheynCDANBgkqhkiG9w0BAQsFADA/ MSQwIgYDVQQKExtEaWdpdGFsIFNpZ25hdHVyZSBUcnVzdCBDby4xFzAVBgNVBAMT DkRTVCBSb290IENBIFgzMB4XDTE2MDMxNzE2NDA0NloXDTIxMDMxNzE2NDA0Nlow SjELMAkGA1UEBhMCVVMxFjAUBgNVBAoTDUxldCdzIEVuY3J5cHQxIzAhBgNVBAMT GkxldCdzIEVuY3J5cHQgQXV0aG9yaXR5IFgzMIIBIjANBgkqhkiG9w0BAQEFAAOC AQ8AMIIBCgKCAQEAnNMM8FrlLke3cl03g7NoYzDq1zUmGSXhvb418XCSL7e4S0EF q6meNQhY7LEqxGiHC6PjdeTm86dicbp5gWAf15Gan/PQeGdxyGkOlZHP/uaZ6WA8 SMx+yk13EiSdRxta67nsHjcAHJyse6cF6s5K671B5TaYucv9bTyWaN8jKkKQDIZ0 Z8h/pZq4UmEUEz9l6YKHy9v6Dlb2honzhT+Xhq+w3Brvaw2VFn3EK6BlspkENnWA a6xK8xuQSXgvopZPKiAlKQTGdMDQMc2PMTiVFrqoM7hD8bEfwzB/onkxEz0tNvjj /PIzark5McWvxI0NHWQWM6r6hCm21AvA2H3DkwIDAQABo4IBfTCCAXkwEgYDVR0T AQH/BAgwBgEB/wIBADAOBgNVHQ8BAf8EBAMCAYYwfwYIKwYBBQUHAQEEczBxMDIG CCsGAQUFBzABhiZodHRwOi8vaXNyZy50cnVzdGlkLm9jc3AuaWRlbnRydXN0LmNv bTA7BggrBgEFBQcwAoYvaHR0cDovL2FwcHMuaWRlbnRydXN0LmNvbS9yb290cy9k c3Ryb290Y2F4My5wN2MwHwYDVR0jBBgwFoAUxKexpHsscfrb4UuQdf/EFWCFiRAw VAYDVR0gBE0wSzAIBgZngQwBAgEwPwYLKwYBBAGC3xMBAQEwMDAuBggrBgEFBQcC ARYiaHR0cDovL2Nwcy5yb290LXgxLmxldHNlbmNyeXB0Lm9yZzA8BgNVHR8ENTAz MDGgL6AthitodHRwOi8vY3JsLmlkZW50cnVzdC5jb20vRFNUUk9PVENBWDNDUkwu Y3JsMB0GA1UdDgQWBBSoSmpjBH3duubRObemRWXv86jsoTANBgkqhkiG9w0BAQsF AAOCAQEA3TPXEfNjWDjdGBX7CVW+dla5cEilaUcne8IkCJLxWh9KEik3JHRRHGJo uM2VcGfl96S8TihRzZvoroed6ti6WqEBmtzw3Wodatg+VyOeph4EYpr/1wXKtx8/ wApIvJSwtmVi4MFU5aMqrSDE6ea73Mj2tcMyo5jMd6jmeWUHK8so/joWUoHOUgwu X4Po1QYz+3dszkDqMp4fklxBwXRsW10KXzPMTZ+sOPAveyxindmjkW8lGy+QsRlG PfZ+G6Z6h7mjem0Y+iWlkYcV4PIWL1iwBi8saCbGS5jN2p8M+X+Q7UNKEkROb3N6 KOqkqm57TH2H3eDJAkSnh6/DNFu0Qg== -END CERTIFICATE- --- Server certificate subject=/CN=green-nrj.com issuer=/C=US/O=Let's Encrypt/CN=Let's Encrypt Authority X3 --- No client certificate CA names sent --- SSL handshake has read 4690 bytes and written 712 bytes --- New, TLSv1/SSLv3, Cipher is DHE-RSA-AES256-SHA Server public key is 4096 bit Secure
Vérifier la validité d'un certificat let's encrypt
J'ai découvert cette commande avec cURL qui permet de ping un fichier PHP derrière une protection .htpasswd : curl -u USER:PASSWORD --silent --compressed https://www.example.com/script.php Dans le premier exemple que j'ai partagé sur le chat Développez, le lien était de la forme http:// J'ai demandé si il y avait un risque de capture des accès, en utilisant cette commande. On m'a fait remarquer que le domaine était en http:// ce à quoi j'ai répondu que effectivement le domaine était en https:// On m'a alors conseillé de vérifier, à chaque fois, le certificat. Je ne sais pas comment faire pour vérifier le certificat en ligne de commande. Qu'entendait par la mon interlocuteur ? Je sais vérifier si il est valide et le renouveler mais je suppose qu'il y a une autre commande à utiliser, pour vérifier que le site distant soit bien celui vers lequel on souhaite communiquer et envoyer la requête curl -u USER:PASSWORD pour exécuter le script PHP distant. Bernard m'a conseillé de demander à Philippe Gras. Je poste ma demande directement sur la liste debian user french. J'ai utilisé des outils en ligne pour vérifier le SSL de mon site https://www.unis-pour-le-climat.com et, j'obtiens la note B. Sur un tutoriel, j'ai vu qu'il devrait être possible d'obtenir un A / A+ Je ne sais pas si ma configuration est adéquate à l'heure actuelle. La méthode de création du certificat : https://www.visionduweb.eu/wiki/index.php?title=Certificats_SSL_TLS_Letsencrypt#webroot Le VirtualHost utilisé : https://www.visionduweb.eu/wiki/index.php?title=VirtualHosts_des_domaines_enregistr%C3%A9s#Configuration_de_l.27.C3.A9coute_du_port_SSL_443_3