从我的 AWS 账户中的域获取证书,证书由 AWS ACM 颁发:
aws acm get-certificate --certificate-arn arn:aws:acm:us-east-1:...:certificate/... --query CertificateChain | jq . -r > ca.pem
该文件中有 3 个项目。我想获取该文件中每个项目的发行者和主题。我在网上找到了以下内容,它工作正常:
$ openssl crl2pkcs7 -nocrl -certfile ca.pem | openssl pkcs7 -print_certs -noout
subject=C = US, O = Amazon, OU = Server CA 1B, CN = Amazon
issuer=C = US, O = Amazon, CN = Amazon Root CA 1
subject=C = US, O = Amazon, CN = Amazon Root CA 1
issuer=C = US, ST = Arizona, L = Scottsdale, O = "Starfield Technologies, Inc.", CN = Starfield Services Root Certificate Authority - G2
subject=C = US, ST = Arizona, L = Scottsdale, O = "Starfield Technologies, Inc.", CN = Starfield Services Root Certificate Authority - G2
issuer=C = US, O = "Starfield Technologies, Inc.", OU = Starfield Class 2 Certification Authority
不过实话说?除非您每天都使用这些东西,否则无法记住这一点。当然有更简单的东西吗?Ubuntu 上可用的另一个命令,或者 Python 或 Go 中的库,或者其他什么?任何使基本证书管理比 openssl 更简单的东西都将不胜感激。