네트워크/MQTT
[MQTT] 5. Certification 확인 (문제 발생시만 확인)
IT 기술자
2025. 2. 14. 11:00
서버 인증서 보기
openssl s_client -connect [mqtt server ip/domain]:8883
결과
CONNECTED(00000138)
Can't use SSL_get_servername
depth=1 C = KR, ST = seoul, O = korea_company, OU = lab, CN = dbserver, emailAddress = xxxx@korea.com
verify error:num=19:self signed certificate in certificate chain
verify return:1
depth=1 C = KR, ST = seoul, O = korea_company, OU = lab, CN = dbserver, emailAddress = xxxx@korea.com
verify return:1
depth=0 C = KR, ST = seoul, O = korea_company, OU = lab, CN = 192.168.99.225, emailAddress = xxxx@korea.com
verify return:1
---
Certificate chain
0 s:C = KR, ST = seoul, O = korea_company, OU = lab, CN = 192.168.99.225, emailAddress = xxxx@korea.com
i:C = KR, ST = seoul, O = korea_company, OU = lab, CN = dbserver, emailAddress = xxxx@korea.com
1 s:C = KR, ST = seoul, O = korea_company, OU = lab, CN = dbserver, emailAddress = xxxx@korea.com
i:C = KR, ST = seoul, O = korea_company, OU = lab, CN = dbserver, emailAddress = xxxx@korea.com
---
Server certificate
-----BEGIN CERTIFICATE-----
MIIDfTCCAmUCFAGMGehiEEUnQsHsJMEkWyausJtGMA0GCSqGSIb3DQEBCwUAMHgx
CzAJBgNVBAYTAktSMQ4wDAYDVQQIDAVzZW91bDENMAsGA1UECgwEa2l0czEMMAoG
A1UECwwDbGFiMREwDwYDVQQDDAhkYnNlcnZlcjEpMCcGCSqGSIb3DQEJARYaamFl
Y2hlb2wucGFya0Brb3JlYWl0cy5jb20wHhcNMjIwODI2MDEwNjUyWhcNMjIwOTI1
MDEwNjUyWjB+MQswCQYDVQQGEwJLUjEOMAwGA1UECAwFc2VvdWwxDTALBgNVBAoM
BGtpdHMxDDAKBgNVBAsMA2xhYjEXMBUGA1UEAwwOMTkyLjE2OC45OS4yMjUxKTAn
BgkqhkiG9w0BCQEWGmphZWNoZW9sLnBhcmtAa29yZWFpdHMuY29tMIIBIjANBgkq
hkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiHgm9YBlp4/LoHtIPp0JG4LbQN8LjdOs
yBctKSsDWdPxa2JBKXBLYj0YTUtzcWUiDmkjOMjf8Wk0fiAYEZ/N+TR5W4afz+Qf
AV195YepblU0put2dX5o/2h/j/d9mvEAc46SkA9ehiX2U7EVwcHw1kbbqAfLFct9
d6ga6hU43H2gN1ME0O0c4YKPwYwckZih8JCxtMcP9CQzShBYulNtM8w9Dtgo7IA2
8TqukOGZGa6HNlLbHNb7d0XWRBunjw5dreg9w6QUKERLQml9oIEyE3H8mzBHHu39
DUNsPHvocKdK2otkGZRoZz/clriuZ0I2F+T8KtZiwrDjFjs5INHx3QIDAQABMA0G
CSqGSIb3DQEBCwUAA4IBAQBfs8kd4LHRGQMj+Ji1JixFrP+rVBgY4jypLv/YuP+L
Sgn8NWbglMVcVhmxlfvg5ULEIcZleV5D+iE08leajaAggLOrVY7qIVUtOVE3r/Qp
dVNyRdk3l8MygACXQLVy+hXehiNFSBkRi5qj2zaQJMHV5FDUkOBt2fvwSRwVpyob
bn3X2Tm+AbsSmNL49wc2EyKqCrCT45dZrzYCjd13WyiSkP4OrAGakeIipHLdNUhP
72KrsemVw35vBfnUOWjAzQtpcc5RlNFfTnY+/p0i2mNm50cab7rtEkZAD6CAmegb
wDfsdzKgBglfSzYIUfQXExDw/N2L788byyBPuy3nFQo8
-----END CERTIFICATE-----
subject=C = KR, ST = seoul, O = korea_company, OU = lab, CN = 192.168.99.225, emailAddress = xxxx@korea.com
issuer=C = KR, ST = seoul, O = korea_company, OU = lab, CN = dbserver, emailAddress = xxxx@korea.com
---
No client certificate CA names sent
Requested Signature Algorithms: ECDSA+SHA256:ECDSA+SHA384:ECDSA+SHA512:Ed25519:Ed448:RSA-PSS+SHA256:RSA-PSS+SHA384:RSA-PSS+SHA512:RSA-PSS+SHA256:RSA-PSS+SHA384:RSA-PSS+SHA512:RSA+SHA256:RSA+SHA384:RSA+SHA512:ECDSA+SHA224:RSA+SHA224
Shared Requested Signature Algorithms: ECDSA+SHA256:ECDSA+SHA384:ECDSA+SHA512:Ed25519:Ed448:RSA-PSS+SHA256:RSA-PSS+SHA384:RSA-PSS+SHA512:RSA-PSS+SHA256:RSA-PSS+SHA384:RSA-PSS+SHA512:RSA+SHA256:RSA+SHA384:RSA+SHA512
Peer signing digest: SHA256
Peer signature type: RSA-PSS
Server Temp Key: X25519, 253 bits
---
SSL handshake has read 2506 bytes and written 403 bytes
Verification error: self signed certificate in certificate chain
---
New, TLSv1.3, Cipher is TLS_AES_256_GCM_SHA384
Server public key is 2048 bit
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
Early data was not sent
Verify return code: 19 (self signed certificate in certificate chain)
---
read:errno=10054
생성된 인증서 확인
openssl verify -CAfile ca.crt server.crt
결과
server.crt: OK
인증서 내용 보기
openssl x509 -in ca.crt -text -noout
결과
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
06:56:e5:11:b1:16:46:8d:d8:fb:70:bd:41:d2:84:9e:3f:43:b5:31
Signature Algorithm: sha256WithRSAEncryption
Issuer: C = KR, ST = seoul, O = korea_company, OU = lab, CN = dbserver, emailAddress = xxxx@korea.com
Validity
Not Before: Aug 26 01:06:12 2022 GMT
Not After : Aug 26 01:06:12 2027 GMT
Subject: C = KR, ST = seoul, O = korea_company, OU = lab, CN = dbserver, emailAddress = xxxx@korea.com
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:bb:87:40:77:8f:fa:07:70:11:27:35:b4:f6:13:
77:2e:33:9c:c6:9b:99:11:65:30:6a:dd:1a:be:0a:
93:0e:f7:d3:40:2a:7a:96:64:dc:75:33:cc:26:e5:
1c:6c:e7:23:b4:98:12:51:7d:b1:18:41:20:74:cb:
e9:f4:8a:0e:d3:72:05:91:69:07:f3:86:84:07:93:
cd:aa:dd:fa:12:72:d2:2e:ec:cd:77:5a:ec:1c:f2:
80:94:a6:b5:d5:4b:3e:ba:ee:71:74:b1:9f:7f:93:
31:9d:09:7f:40:64:79:b6:56:53:ea:fc:4a:fc:f4:
f5:09:26:c7:1b:97:0c:68:c9:71:34:d4:7f:f2:5c:
df:56:61:91:f3:57:b9:64:d7:82:e1:2c:bf:d2:1c:
60:03:37:26:d1:34:15:03:59:32:5a:4e:d6:39:bd:
ba:8b:2a:f2:bb:fa:e3:02:99:df:ea:7c:fe:aa:5e:
74:97:45:84:03:b6:45:7a:81:af:63:ea:bf:77:4b:
35:79:3a:3a:cf:19:2e:71:e0:10:a9:74:7f:eb:95:
d0:14:54:e3:00:05:04:1a:df:ce:84:b9:4d:17:8b:
ed:75:5d:b3:31:ea:ef:76:7f:2e:1c:f9:7d:f0:c7:
8e:53:7a:da:31:cb:8a:f2:b1:a7:f5:4b:ff:57:81:
41:8d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
04:6E:20:10:D2:C9:DB:CE:AE:70:D3:EF:98:BD:BC:9F:AF:0A:EB:91
X509v3 Authority Key Identifier:
keyid:04:6E:20:10:D2:C9:DB:CE:AE:70:D3:EF:98:BD:BC:9F:AF:0A:EB:91
X509v3 Basic Constraints: critical
CA:TRUE
Signature Algorithm: sha256WithRSAEncryption
3f:33:88:41:c7:45:73:f9:1f:09:2a:bf:a9:9e:f8:da:79:75:
b6:03:f1:e1:a9:75:d9:0b:02:63:35:5e:09:af:df:31:52:94:
8b:90:c5:d6:ac:e0:64:ee:d1:46:47:09:6b:76:6a:0e:04:60:
f0:37:24:79:f7:1a:83:f0:08:c7:60:b9:d0:f5:3d:60:71:77:
64:a3:b4:21:19:6d:9d:69:ea:a5:7b:6d:f0:b9:9a:96:39:24:
b4:e3:7a:ec:25:0e:5e:a3:23:5e:fe:9d:b3:8a:28:2b:96:28:
76:3b:e1:de:e9:3a:df:b6:72:42:dd:8b:d4:2c:5f:e1:2c:e4:
6d:b1:32:2a:51:6b:33:ce:e6:f7:4a:cf:96:f0:96:9a:a4:32:
b1:fc:94:aa:82:a6:f3:f2:8f:ae:74:93:93:86:a9:1c:7d:d2:
2e:2e:fb:f1:08:68:a8:57:49:72:b1:ed:b8:c1:da:c3:f2:92:
39:ba:95:e6:38:f7:2f:fc:e4:47:3b:4e:0c:2d:6a:76:87:d1:
67:15:fd:60:69:72:0b:d4:c9:9c:e9:56:8f:d7:2f:b9:d8:c7:
24:4f:db:d6:05:3a:a7:85:5f:cf:0a:c9:96:c7:75:51:1e:1a:
76:55:60:26:1e:c3:a4:7f:d9:36:df:f6:3c:05:4e:da:c6:d0:
7f:f2:57:3a