【证书】
关于epp连接时的SSL证书,他提到是的:用于EPP连接的证书的commonname必须同在注册局登记的一致才可以,也就是证书的域名。比如COM的注册局要求这些。这个证书既可以用来做网站站点证书,也用来和注册局连接。有些注册局会要求申请时提交指定域名,在注册局登记的域名和证书域名要一致。这个域名是可以找注册局改的。目前afilias没有要我提交域名。
这样就好理解了。之前epp连接成功的证书,对应的域名并未在afilias那边备案。仅仅是证书类型列于afilias列出的满足要求的SSL证书列表当中。
参考:https://www.info.info/registrars/registrar-toolkit
【代码】
参考:https://stackoverflow.com/questions/13696779/connecting-to-epp-server-from-local-system
参考:https://stackoverflow.com/questions/8973880/connect-to-epp-server-with-php-using-ssl
<?php $epp_server = 'ote-console.centralnic.com'; $port = 700; $verify_peer = 0; //$epp_server = 'epp.ispapi.net'; $port = 1700; $verify_peer = 0; //$epp_server = 'epp.test.norid.no'; $port = 700; $verify_peer = 0; //$epp_server = 'epp-test.rotld.ro'; $port = 5555; $verify_peer = 0; // SSLv3 $opts = array( 'ssl' => array( 'verify_peer' => $verify_peer, 'cafile' => "/CAfiles/gd_bundle.crt", 'local_cert' => "/certs/certificate.cer", 'passphrase' => 'YourCertificatePasswordHere' ) ); $context = stream_context_create($opts); // TLSv1 $fp = stream_socket_client( "tls://$epp_server:$port", $errno, $errstr, 1, STREAM_CLIENT_CONNECT, $context); // SSLv3 //$fp = stream_socket_client( "sslv3://$epp_server:$port", $errno, $errstr, 1, STREAM_CLIENT_CONNECT, $context); if (!$fp) { echo "$errstr ($errno)<br />\n"; } else { fwrite($fp, "GET / HTTP/1.0\r\nHost: www.example.com\r\nAccept: */*\r\n\r\n"); while (!feof($fp)) { echo fgets($fp, 1024); } fclose($fp); } ?>
【测试:epp-ote.centralnic.com:700】
输入:
openssl s_client -connect epp-ote.centralnic.com:700
输出:
CONNECTED(00000003) depth=3 C = SE, O = AddTrust AB, OU = AddTrust External TTP Network, CN = AddTrust External CA Root verify return:1 depth=2 C = GB, ST = Greater Manchester, L = Salford, O = COMODO CA Limited, CN = COMODO RSA Certification Authority verify return:1 depth=1 C = GB, ST = Greater Manchester, L = Salford, O = COMODO CA Limited, CN = COMODO RSA Domain Validation Secure Server CA verify return:1 depth=0 OU = Domain Control Validated, OU = COMODO SSL, CN = epp-ote.centralnic.com verify return:1 --- Certificate chain 0 s:/OU=Domain Control Validated/OU=COMODO SSL/CN=epp-ote.centralnic.com i:/C=GB/ST=Greater Manchester/L=Salford/O=COMODO CA Limited/CN=COMODO RSA Domain Validation Secure Server CA 1 s:/C=GB/ST=Greater Manchester/L=Salford/O=COMODO CA Limited/CN=COMODO RSA Domain Validation Secure Server CA i:/C=GB/ST=Greater Manchester/L=Salford/O=COMODO CA Limited/CN=COMODO RSA Certification Authority 2 s:/C=GB/ST=Greater Manchester/L=Salford/O=COMODO CA Limited/CN=COMODO RSA Certification Authority i:/C=SE/O=AddTrust AB/OU=AddTrust External TTP Network/CN=AddTrust External CA Root 3 s:/C=SE/O=AddTrust AB/OU=AddTrust External TTP Network/CN=AddTrust External CA Root i:/C=SE/O=AddTrust AB/OU=AddTrust External TTP Network/CN=AddTrust External CA Root --- Server certificate -----BEGIN CERTIFICATE----- MIIFZjCCBE6gAwIBAgIRALXrugDQuBH6NrW6bM0Ut8UwDQYJKoZIhvcNAQELBQAw gZAxCzAJBgNVBAYTAkdCMRswGQYDVQQIExJHcmVhdGVyIE1hbmNoZXN0ZXIxEDAO BgNVBAcTB1NhbGZvcmQxGjAYBgNVBAoTEUNPTU9ETyBDQSBMaW1pdGVkMTYwNAYD VQQDEy1DT01PRE8gUlNBIERvbWFpbiBWYWxpZGF0aW9uIFNlY3VyZSBTZXJ2ZXIg Q0EwHhcNMTcxMDI3MDAwMDAwWhcNMjAwMTA0MjM1OTU5WjBZMSEwHwYDVQQLExhE b21haW4gQ29udHJvbCBWYWxpZGF0ZWQxEzARBgNVBAsTCkNPTU9ETyBTU0wxHzAd BgNVBAMTFmVwcC1vdGUuY2VudHJhbG5pYy5jb20wggEiMA0GCSqGSIb3DQEBAQUA A4IBDwAwggEKAoIBAQDQLl9m5cLH9ri4PVVDt7eiU3Hh7IifYqHaUec3TqHPDvqG mcnTu9T3MDREvETVmOHGPOgUpzbwu1R4hcP0/ZieRB5TAODODWH/9fr47qlKx2xA JzL1JzvuH/F2NgyV/SjaCGMOCvxb7gL/28amwxDL2lfzrAUS4QTTwsQNlrAdNBWG wsnzfm5uuwQggeFdpjwVDTDWsRjN9/PrskhPZveY3RO0I/nd2oAlJSk+l6Tlz2C9 jDjACUk9HoNRvvQZ0qzWo0CNbzx1T7afpKG1o/LFoAnEZtL6vAYIXgSNCAb3wFGt qqnAg6+AYfrBYw53Aa1bml7yuaI6P8UOoDwO3rHBAgMBAAGjggHvMIIB6zAfBgNV HSMEGDAWgBSQr2o6lFoL2JDqElZz30O0Oija5zAdBgNVHQ4EFgQUoBMW4SFtYs6j 7lkXK7k3YwdG+3EwDgYDVR0PAQH/BAQDAgWgMAwGA1UdEwEB/wQCMAAwHQYDVR0l BBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCME8GA1UdIARIMEYwOgYLKwYBBAGyMQEC AgcwKzApBggrBgEFBQcCARYdaHR0cHM6Ly9zZWN1cmUuY29tb2RvLmNvbS9DUFMw CAYGZ4EMAQIBMFQGA1UdHwRNMEswSaBHoEWGQ2h0dHA6Ly9jcmwuY29tb2RvY2Eu Y29tL0NPTU9ET1JTQURvbWFpblZhbGlkYXRpb25TZWN1cmVTZXJ2ZXJDQS5jcmww gYUGCCsGAQUFBwEBBHkwdzBPBggrBgEFBQcwAoZDaHR0cDovL2NydC5jb21vZG9j YS5jb20vQ09NT0RPUlNBRG9tYWluVmFsaWRhdGlvblNlY3VyZVNlcnZlckNBLmNy dDAkBggrBgEFBQcwAYYYaHR0cDovL29jc3AuY29tb2RvY2EuY29tMD0GA1UdEQQ2 MDSCFmVwcC1vdGUuY2VudHJhbG5pYy5jb22CGnd3dy5lcHAtb3RlLmNlbnRyYWxu aWMuY29tMA0GCSqGSIb3DQEBCwUAA4IBAQAKWSI8Qsm8RnUH+mRmSmw/0Y0q/L3T 361/csqpGoM6YnBNHlcfUsUYrgHY+ISLjsrjZ9/6iAKfb6hBu15s8ydNhC3lTj98 ViaAMtcoMJSdRitwM1jfrpeuMa9dGarnCZhgX6UXaGYJKEKU7B519hTfhnTFvL1t QW/2E2XJohfPPEQu+IucIC6Uw9RGQbhYGSp7mdPVg3n6X412lGOf0iLfBM2QzCUX KIZ/2MeU01f22vKTebIOSktw+Wdx+qDe5TvKlJoFvc/TEjwDWuw2Yh2oss2vN0e7 w+ls10xQj/NCbFT4x8/NeKNQvC590nra1NEy78so3ojcj9kIgGvR29Z0 -----END CERTIFICATE----- subject=/OU=Domain Control Validated/OU=COMODO SSL/CN=epp-ote.centralnic.com issuer=/C=GB/ST=Greater Manchester/L=Salford/O=COMODO CA Limited/CN=COMODO RSA Domain Validation Secure Server CA --- Acceptable client certificate CA names /C=CN/O=CNNIC/CN=CNNIC ROOT /C=FR/O=Dhimyotis/CN=Certigna /O=TeliaSonera/CN=TeliaSonera Root CA v1 /C=ES/O=IZENPE S.A./CN=Izenpe.com /C=FI/O=Sonera/CN=Sonera Class2 CA /O=RSA Security Inc/OU=RSA Security 2048 V3 /C=RO/O=certSIGN/OU=certSIGN ROOT CA /O=Cybertrust, Inc/CN=Cybertrust Global Root /CN=ComSign Secured CA/O=ComSign/C=IL /CN=Atos TrustedRoot 2011/O=Atos/C=DE /C=FR/O=Certplus/CN=Class 2 Primary CA /C=PL/O=Unizeto Sp. z o.o./CN=Certum CA /C=TW/O=Government Root Certification Authority /O=Digital Signature Trust Co./CN=DST Root CA X3 /C=US/O=AffirmTrust/CN=AffirmTrust Premium /C=US/O=GeoTrust Inc./CN=GeoTrust Global CA /CN=ACCVRAIZ1/OU=PKIACCV/O=ACCV/C=ES /C=DK/O=TDC Internet/OU=TDC Internet Root CA /C=JP/O=Japanese Government/OU=ApplicationCA /C=US/O=AffirmTrust/CN=AffirmTrust Commercial /C=US/O=AffirmTrust/CN=AffirmTrust Networking /C=US/O=GeoTrust Inc./CN=GeoTrust Global CA 2 /CN=ACEDICOM Root/OU=PKI/O=EDICOM/C=ES /C=BM/O=QuoVadis Limited/CN=QuoVadis Root CA 2 /C=BM/O=QuoVadis Limited/CN=QuoVadis Root CA 3 /C=CH/O=SwissSign AG/CN=SwissSign Gold CA - G2 /C=GB/O=Trustis Limited/OU=Trustis FPS Root CA /C=US/O=AffirmTrust/CN=AffirmTrust Premium ECC /C=US/O=GeoTrust Inc./CN=GeoTrust Universal CA /C=CH/O=SwissSign AG/CN=SwissSign Silver CA - G2 /C=HK/O=Hongkong Post/CN=Hongkong Post Root CA 1 /C=US/O=GeoTrust Inc./CN=GeoTrust Universal CA 2 /C=US/O=SecureTrust Corporation/CN=SecureTrust CA /C=SK/L=Bratislava/O=Disig a.s./CN=CA Disig /C=US/O=SecureTrust Corporation/CN=Secure Global CA /C=NO/O=Buypass AS-983163327/CN=Buypass Class 2 CA 1 /C=NO/O=Buypass AS-983163327/CN=Buypass Class 3 CA 1 /OU=GlobalSign Root CA - R2/O=GlobalSign/CN=GlobalSign /OU=GlobalSign Root CA - R3/O=GlobalSign/CN=GlobalSign /C=DE/O=D-Trust GmbH/CN=D-TRUST Root Class 3 CA 2 2009 /C=NO/O=Buypass AS-983163327/CN=Buypass Class 2 Root CA /C=NO/O=Buypass AS-983163327/CN=Buypass Class 3 Root CA /C=US/O=Equifax/OU=Equifax Secure Certificate Authority /C=DE/O=D-Trust GmbH/CN=D-TRUST Root Class 3 CA 2 EV 2009 /C=JP/O=SECOM Trust.net/OU=Security Communication RootCA1 /C=ES/CN=Autoridad de Certificacion Firmaprofesional CIF A62634068 /C=TW/O=TAIWAN-CA/OU=Root CA/CN=TWCA Global Root CA /C=SK/L=Bratislava/O=Disig a.s./CN=CA Disig Root R1 /C=SK/L=Bratislava/O=Disig a.s./CN=CA Disig Root R2 /C=IL/O=StartCom Ltd./CN=StartCom Certification Authority G2 /C=US/O=Equifax Secure Inc./CN=Equifax Secure eBusiness CA-1 /C=NL/O=Staat der Nederlanden/CN=Staat der Nederlanden Root CA /C=BE/O=GlobalSign nv-sa/OU=Root CA/CN=GlobalSign Root CA /C=JP/O=Japan Certification Services, Inc./CN=SecureSign RootCA11 /C=US/O=GeoTrust Inc./CN=GeoTrust Primary Certification Authority /C=IE/O=Baltimore/OU=CyberTrust/CN=Baltimore CyberTrust Root /C=NL/O=Staat der Nederlanden/CN=Staat der Nederlanden Root CA - G2 /C=US/O=Equifax Secure Inc./CN=Equifax Secure Global eBusiness CA-1 /C=US/O=Digital Signature Trust/OU=DST ACES/CN=DST ACES CA X6 /C=JP/O=SECOM Trust Systems CO.,LTD./OU=Security Communication RootCA2 /[email protected]/C=EE/O=AS Sertifitseerimiskeskus/CN=Juur-SK /C=TW/O=Chunghwa Telecom Co., Ltd./OU=ePKI Root Certification Authority /C=TW/O=TAIWAN-CA/OU=Root CA/CN=TWCA Root Certification Authority /C=US/O=VeriSign, Inc./OU=Class 3 Public Primary Certification Authority /C=JP/O=SECOM Trust Systems CO.,LTD./OU=Security Communication EV RootCA1 /C=US/O=DigiCert Inc/OU=www.digicert.com/CN=DigiCert Global Root CA /C=US/O=Network Solutions L.L.C./CN=Network Solutions Certificate Authority /C=FR/O=Certinomis/OU=0002 433998903/CN=Certinomis - Autorit\xC3\xA9 Racine /C=US/O=America Online Inc./CN=America Online Root Certification Authority 1 /C=US/O=America Online Inc./CN=America Online Root Certification Authority 2 /C=US/O=The Go Daddy Group, Inc./OU=Go Daddy Class 2 Certification Authority /C=ch/O=Swisscom/OU=Digital Certificate Services/CN=Swisscom Root CA 1 /C=ch/O=Swisscom/OU=Digital Certificate Services/CN=Swisscom Root CA 2 /C=SE/O=AddTrust AB/OU=AddTrust TTP Network/CN=AddTrust Public CA Root /C=SE/O=AddTrust AB/OU=AddTrust TTP Network/CN=AddTrust Class 1 CA Root /C=US/O=DigiCert Inc/OU=www.digicert.com/CN=DigiCert Assured ID Root CA /C=ch/O=Swisscom/OU=Digital Certificate Services/CN=Swisscom Root EV CA 2 /C=SE/O=AddTrust AB/OU=AddTrust TTP Network/CN=AddTrust Qualified CA Root /C=ES/O=Generalitat Valenciana/OU=PKIGVA/CN=Root CA Generalitat Valenciana /C=US/O=Starfield Technologies, Inc./OU=Starfield Class 2 Certification Authority /C=IT/L=Milan/O=Actalis S.p.A./03358520967/CN=Actalis Authentication Root CA /C=US/O=VISA/OU=Visa International Service Association/CN=Visa eCommerce Root /C=US/O=DigiCert Inc/OU=www.digicert.com/CN=DigiCert High Assurance EV Root CA /C=SE/O=AddTrust AB/OU=AddTrust External TTP Network/CN=AddTrust External CA Root /C=DE/O=Deutsche Telekom AG/OU=T-TeleSec Trust Center/CN=Deutsche Telekom Root CA 2 /C=HU/L=Budapest/O=Microsec Ltd./OU=e-Szigno CA/CN=Microsec e-Szigno Root CA /C=EE/O=AS Sertifitseerimiskeskus/CN=EE Certification Centre Root CA/[email protected] /C=TR/O=Elektronik Bilgi Guvenligi A.S./CN=e-Guven Kok Elektronik Sertifika Hizmet Saglayicisi /C=US/O=GTE Corporation/OU=GTE CyberTrust Solutions, Inc./CN=GTE CyberTrust Global Root /C=DE/O=TC TrustCenter GmbH/OU=TC TrustCenter Class 2 CA/CN=TC TrustCenter Class 2 CA II /C=DE/O=TC TrustCenter GmbH/OU=TC TrustCenter Class 3 CA/CN=TC TrustCenter Class 3 CA II /C=DE/O=TC TrustCenter GmbH/OU=TC TrustCenter Universal CA/CN=TC TrustCenter Universal CA I /C=CO/O=Sociedad Cameral de Certificaci\xC3\xB3n Digital - Certic\xC3\xA1mara S.A./CN=AC Ra\xC3\xADz Certic\xC3\xA1mara S.A. /C=GB/ST=Greater Manchester/L=Salford/O=Comodo CA Limited/CN=AAA Certificate Services /C=EU/O=AC Camerfirma SA CIF A82743287/OU=http://www.chambersign.org/CN=Global Chambersign Root /C=IL/O=StartCom Ltd./OU=Secure Digital Certificate Signing/CN=StartCom Certification Authority /C=GB/ST=Greater Manchester/L=Salford/O=Comodo CA Limited/CN=Secure Certificate Services /C=PL/O=Unizeto Technologies S.A./OU=Certum Certification Authority/CN=Certum Trusted Network CA /C=BM/O=QuoVadis Limited/OU=Root Certification Authority/CN=QuoVadis Root Certification Authority /C=EU/O=AC Camerfirma SA CIF A82743287/OU=http://www.chambersign.org/CN=Chambers of Commerce Root /C=GB/ST=Greater Manchester/L=Salford/O=Comodo CA Limited/CN=Trusted Certificate Services /CN=EBG Elektronik Sertifika Hizmet Sa\xC4\x9Flay\xC4\xB1c\xC4\xB1s\xC4\xB1/O=EBG Bili\xC5\x9Fim Teknolojileri ve Hizmetleri A.\xC5\x9E./C=TR /C=GB/ST=Greater Manchester/L=Salford/O=COMODO CA Limited/CN=COMODO Certification Authority /C=DE/O=T-Systems Enterprise Services GmbH/OU=T-Systems Trust Center/CN=T-TeleSec GlobalRoot Class 2 /C=DE/O=T-Systems Enterprise Services GmbH/OU=T-Systems Trust Center/CN=T-TeleSec GlobalRoot Class 3 /C=HU/L=Budapest/O=Microsec Ltd./CN=Microsec e-Szigno Root CA 2009/[email protected] /C=US/OU=www.xrampsecurity.com/O=XRamp Security Services Inc/CN=XRamp Global Certification Authority /C=US/ST=Arizona/L=Scottsdale/O=GoDaddy.com, Inc./CN=Go Daddy Root Certificate Authority - G2 /C=US/O=thawte, Inc./OU=(c) 2007 thawte, Inc. - For authorized use only/CN=thawte Primary Root CA - G2 /C=FR/ST=France/L=Paris/O=PM/SGDN/OU=DCSSI/CN=IGC/A/[email protected] /C=GB/ST=Greater Manchester/L=Salford/O=COMODO CA Limited/CN=COMODO ECC Certification Authority /C=US/O=Wells Fargo WellsSecure/OU=Wells Fargo Bank NA/CN=WellsSecure Public Root Certificate Authority /C=CH/O=WISeKey/OU=Copyright (c) 2005/OU=OISTE Foundation Endorsed/CN=OISTE WISeKey Global Root GA CA /C=CN/O=China Internet Network Information Center/CN=China Internet Network Information Center EV Certificates Root /C=AT/O=A-Trust Ges. f. Sicherheitssysteme im elektr. Datenverkehr GmbH/OU=A-Trust-nQual-03/CN=A-Trust-nQual-03 /C=US/ST=Arizona/L=Scottsdale/O=Starfield Technologies, Inc./CN=Starfield Root Certificate Authority - G2 /C=US/ST=UT/L=Salt Lake City/O=The USERTRUST Network/OU=http://www.usertrust.com/CN=UTN - DATACorp SGC /C=GR/O=Hellenic Academic and Research Institutions Cert. Authority/CN=Hellenic Academic and Research Institutions RootCA 2011 /C=US/ST=UT/L=Salt Lake City/O=The USERTRUST Network/OU=http://www.usertrust.com/CN=UTN-USERFirst-Hardware /C=US/ST=Arizona/L=Scottsdale/O=Starfield Technologies, Inc./CN=Starfield Services Root Certificate Authority - G2 /C=US/O=GeoTrust Inc./OU=(c) 2007 GeoTrust Inc. - For authorized use only/CN=GeoTrust Primary Certification Authority - G2 /C=US/O=GeoTrust Inc./OU=(c) 2008 GeoTrust Inc. - For authorized use only/CN=GeoTrust Primary Certification Authority - G3 /C=HU/L=Budapest/O=NetLock Halozatbiztonsagi Kft./OU=Tanusitvanykiadok/CN=NetLock Uzleti (Class B) Tanusitvanykiado /C=HU/L=Budapest/O=NetLock Halozatbiztonsagi Kft./OU=Tanusitvanykiadok/CN=NetLock Expressz (Class C) Tanusitvanykiado /C=HU/L=Budapest/O=NetLock Kft./OU=Tan\xC3\xBAs\xC3\xADtv\xC3\xA1nykiad\xC3\xB3k (Certification Services)/CN=NetLock Arany (Class Gold) F\xC5\x91tan\xC3\xBAs\xC3\xADtv\xC3\xA1ny /C=US/O=thawte, Inc./OU=Certification Services Division/OU=(c) 2006 thawte, Inc. - For authorized use only/CN=thawte Primary Root CA /C=EU/L=Madrid (see current address at www.camerfirma.com/address)/serialNumber=A82743287/O=AC Camerfirma S.A./CN=Global Chambersign Root - 2008 /C=EU/L=Madrid (see current address at www.camerfirma.com/address)/serialNumber=A82743287/O=AC Camerfirma S.A./CN=Chambers of Commerce Root - 2008 /C=HU/ST=Hungary/L=Budapest/O=NetLock Halozatbiztonsagi Kft./OU=Tanusitvanykiadok/CN=NetLock Kozjegyzoi (Class A) Tanusitvanykiado /C=US/O=Entrust, Inc./OU=www.entrust.net/CPS is incorporated by reference/OU=(c) 2006 Entrust, Inc./CN=Entrust Root Certification Authority /C=TR/L=Ankara/O=E-Tu\xC4\x9Fra EBG Bili\xC5\x9Fim Teknolojileri ve Hizmetleri A.\xC5\x9E./OU=E-Tugra Sertifikasyon Merkezi/CN=E-Tugra Certification Authority /O=Entrust.net/OU=www.entrust.net/CPS_2048 incorp. by ref. (limits liab.)/OU=(c) 1999 Entrust.net Limited/CN=Entrust.net Certification Authority (2048) /CN=T\xC3\x9CRKTRUST Elektronik Sertifika Hizmet Sa\xC4\x9Flay\xC4\xB1c\xC4\xB1s\xC4\xB1/C=TR/L=ANKARA/O=(c) 2005 T\xC3\x9CRKTRUST Bilgi \xC4\xB0leti\xC5\x9Fim ve Bili\xC5\x9Fim G\xC3\xBCvenli\xC4\x9Fi Hizmetleri A.\xC5\x9E. /L=ValiCert Validation Network/O=ValiCert, Inc./OU=ValiCert Class 1 Policy Validation Authority/CN=http://www.valicert.com//[email protected] /L=ValiCert Validation Network/O=ValiCert, Inc./OU=ValiCert Class 2 Policy Validation Authority/CN=http://www.valicert.com//[email protected] /L=ValiCert Validation Network/O=ValiCert, Inc./OU=ValiCert Class 3 Policy Validation Authority/CN=http://www.valicert.com//[email protected] /C=US/O=VeriSign, Inc./OU=VeriSign Trust Network/OU=(c) 2008 VeriSign, Inc. - For authorized use only/CN=VeriSign Universal Root Certification Authority /CN=T\xC3\x9CRKTRUST Elektronik Sertifika Hizmet Sa\xC4\x9Flay\xC4\xB1c\xC4\xB1s\xC4\xB1/C=TR/L=Ankara/O=T\xC3\x9CRKTRUST Bilgi \xC4\xB0leti\xC5\x9Fim ve Bili\xC5\x9Fim G\xC3\xBCvenli\xC4\x9Fi Hizmetleri A.\xC5\x9E. (c) Kas\xC4\xB1m 2005 /CN=T\xC3\x9CRKTRUST Elektronik Sertifika Hizmet Sa\xC4\x9Flay\xC4\xB1c\xC4\xB1s\xC4\xB1/C=TR/L=Ankara/O=T\xC3\x9CRKTRUST Bilgi \xC4\xB0leti\xC5\x9Fim ve Bili\xC5\x9Fim G\xC3\xBCvenli\xC4\x9Fi Hizmetleri A.\xC5\x9E. (c) Aral\xC4\xB1k 2007 /C=US/O=VeriSign, Inc./OU=Class 3 Public Primary Certification Authority - G2/OU=(c) 1998 VeriSign, Inc. - For authorized use only/OU=VeriSign Trust Network /C=US/O=Entrust.net/OU=www.entrust.net/CPS incorp. by ref. (limits liab.)/OU=(c) 1999 Entrust.net Limited/CN=Entrust.net Secure Server Certification Authority /C=ZA/ST=Western Cape/L=Cape Town/O=Thawte Consulting cc/OU=Certification Services Division/CN=Thawte Server CA/[email protected] /C=US/O=VeriSign, Inc./OU=VeriSign Trust Network/OU=(c) 1999 VeriSign, Inc. - For authorized use only/CN=VeriSign Class 3 Public Primary Certification Authority - G3 /C=US/O=VeriSign, Inc./OU=VeriSign Trust Network/OU=(c) 1999 VeriSign, Inc. - For authorized use only/CN=VeriSign Class 4 Public Primary Certification Authority - G3 /C=US/O=VeriSign, Inc./OU=VeriSign Trust Network/OU=(c) 2006 VeriSign, Inc. - For authorized use only/CN=VeriSign Class 3 Public Primary Certification Authority - G5 /C=US/O=VeriSign, Inc./OU=VeriSign Trust Network/OU=(c) 2007 VeriSign, Inc. - For authorized use only/CN=VeriSign Class 3 Public Primary Certification Authority - G4 /C=ZA/ST=Western Cape/L=Cape Town/O=Thawte Consulting cc/OU=Certification Services Division/CN=Thawte Premium Server CA/[email protected] /[email protected]/L=Chacao/ST=Miranda/OU=Proveedor de Certificados PROCERT/O=Sistema Nacional de Certificacion Electronica/C=VE/CN=PSCProcert /C=ES/O=Agencia Catalana de Certificacio (NIF Q-0801176-I)/OU=Serveis Publics de Certificacio/OU=Vegeu https://www.catcert.net/verarrel (c)03/OU=Jerarquia Entitats de Certificacio Catalanes/CN=EC-ACC /C=TR/L=Gebze - Kocaeli/O=T\xC3\xBCrkiye Bilimsel ve Teknolojik Ara\xC5\x9Ft\xC4\xB1rma Kurumu - T\xC3\x9CB\xC4\xB0TAK/OU=Ulusal Elektronik ve Kriptoloji Ara\xC5\x9Ft\xC4\xB1rma Enstit\xC3\xBCs\xC3\xBC - UEKAE/OU=Kamu Sertifikasyon Merkezi/CN=T\xC3\x9CB\xC4\xB0TAK UEKAE K\xC3\xB6k Sertifika Hizmet Sa\xC4\x9Flay\xC4\xB1c\xC4\xB1s\xC4\xB1 - S\xC3\xBCr\xC3\xBCm 3 /C=US/O=thawte, Inc./OU=Certification Services Division/OU=(c) 2008 thawte, Inc. - For authorized use only/CN=thawte Primary Root CA - G3 Client Certificate Types: RSA sign, DSA sign, ECDSA sign Requested Signature Algorithms: RSA+SHA512:DSA+SHA512:ECDSA+SHA512:RSA+SHA384:DSA+SHA384:ECDSA+SHA384:RSA+SHA256:DSA+SHA256:ECDSA+SHA256:RSA+SHA224:DSA+SHA224:ECDSA+SHA224:RSA+SHA1:DSA+SHA1:ECDSA+SHA1 Shared Requested Signature Algorithms: RSA+SHA512:DSA+SHA512:ECDSA+SHA512:RSA+SHA384:DSA+SHA384:ECDSA+SHA384:RSA+SHA256:DSA+SHA256:ECDSA+SHA256:RSA+SHA224:DSA+SHA224:ECDSA+SHA224:RSA+SHA1:DSA+SHA1:ECDSA+SHA1 Peer signing digest: SHA512 Server Temp Key: ECDH, P-256, 256 bits --- SSL handshake has read 24065 bytes and written 427 bytes --- New, TLSv1/SSLv3, Cipher is ECDHE-RSA-AES128-GCM-SHA256 Server public key is 2048 bit Secure Renegotiation IS supported Compression: NONE Expansion: NONE No ALPN negotiated SSL-Session: Protocol : TLSv1.2 Cipher : ECDHE-RSA-AES128-GCM-SHA256 Session-ID: 62529831470B8FD40179DDC647ACC9FF425F3A07CF1CC3A918857C8635DB2E6A Session-ID-ctx: Master-Key: CBFBE5E9CD32528E2C8DBCBC541643AA0336B4AEB3C2EF00FFB09A79D13AADFD7DEBD8C944B6690ABCB68E721AEAF418 Key-Arg : None Krb5 Principal: None PSK identity: None PSK identity hint: None TLS session ticket lifetime hint: 300 (seconds) TLS session ticket: 0000 - 3e c8 4b cd 0a 0c 93 d3-b3 8b 3e 74 24 89 76 a1 >.K.......>t$.v. 0010 - 25 b3 71 a5 bd 29 7c 5f-2b da 66 c2 2a 7c cd 15 %.q..)|_+.f.*|.. 0020 - be 74 aa f0 ab 23 b6 2f-29 4f b5 18 e4 41 63 e5 .t...#./)O...Ac. 0030 - 4d fe 66 1a fc 31 01 31-e0 93 b8 d3 dd 37 ca 54 M.f..1.1.....7.T 0040 - d7 81 e0 9a 90 18 be e3-bb 51 be a9 79 4e c9 29 .........Q..yN.) 0050 - 1a 06 12 18 62 f1 81 97-3b 67 e5 18 48 ef 8e d0 ....b...;g..H... 0060 - fb e3 66 cf c6 0a d3 e9-ee 74 5f 36 1a b3 f5 53 ..f......t_6...S 0070 - a6 05 5c 24 af 1c 44 f9-83 1b 05 6e 8b ab 64 2a ..\$..D....n..d* 0080 - 64 61 f9 47 bc 72 92 31-08 76 49 eb a4 9f 3a 36 da.G.r.1.vI...:6 0090 - f3 e8 2e 22 da 2c 44 4b-bf d5 e9 fb 3c c5 8c 7c ...".,DK....<..| 00a0 - 62 27 7b 6f fc 23 f5 48-c5 f7 04 03 20 5f 6c 44 b'{o.#.H.... _lD 00b0 - e5 f4 ae 19 28 a6 b5 67-df 46 20 16 85 62 f4 1d ....(..g.F ..b.. Start Time: 1534496139 Timeout : 300 (sec) Verify return code: 0 (ok) --- ▒<?xml version="1.0" encoding="UTF-8" standalone="no"?><epp xmlns="urn:ietf:params:xml:ns:epp-1.0"><greeting><svID>CentralNic EPP server EPP-OTE.CENTRALNIC.COM</svID><svDate>2018-08-17T08:55:39.0Z</svDate><svcMenu><version>1.0</version><lang>en</lang><objURI>urn:ietf:params:xml:ns:domain-1.0</objURI><objURI>urn:ietf:params:xml:ns:contact-1.0</objURI><objURI>urn:ietf:params:xml:ns:host-1.0</objURI><svcExtension><extURI>urn:ietf:params:xml:ns:rgp-1.0</extURI><extURI>urn:ietf:params:xml:ns:secDNS-1.1</extURI><extURI>urn:ietf:params:xml:ns:idn-1.0</extURI><extURI>urn:ietf:params:xml:ns:fee-0.4</extURI><extURI>urn:ietf:params:xml:ns:fee-0.5</extURI><extURI>urn:ietf:params:xml:ns:launch-1.0</extURI><extURI>urn:ietf:params:xml:ns:regtype-0.1</extURI><extURI>urn:ietf:params:xml:ns:auxcontact-0.1</extURI><extURI>urn:ietf:params:xml:ns:artRecord-0.1</extURI><extURI>http://www.nic.coop/contactCoopExt-1.0</extURI></svcExtension></svcMenu><dcp><access><all></all></access><statement><purpose><admin></admin><prov></prov></purpose><recipient><ours></ours><public></public></recipient><retention><stated></stated></retention></statement></dcp></greeting></epp>
【测试:epp.whois.ai:700】
输入:
openssl s_client -connect epp.whois.ai:700
输出:
CONNECTED(00000003) depth=2 C = US, O = "thawte, Inc.", OU = Certification Services Division, OU = "(c) 2006 thawte, Inc. - For authorized use only", CN = thawte Primary Root CA verify return:1 depth=1 C = US, O = "thawte, Inc.", OU = Domain Validated SSL, CN = thawte DV SSL CA - G2 verify return:1 depth=0 CN = epp.whois.ai verify return:1 --- Certificate chain 0 s:/CN=epp.whois.ai i:/C=US/O=thawte, Inc./OU=Domain Validated SSL/CN=thawte DV SSL CA - G2 1 s:/C=US/O=thawte, Inc./OU=Domain Validated SSL/CN=thawte DV SSL CA - G2 i:/C=US/O=thawte, Inc./OU=Certification Services Division/OU=(c) 2006 thawte, Inc. - For authorized use only/CN=thawte Primary Root CA 2 s:/C=US/O=thawte, Inc./OU=Certification Services Division/OU=(c) 2006 thawte, Inc. - For authorized use only/CN=thawte Primary Root CA i:/C=US/O=thawte, Inc./OU=Certification Services Division/OU=(c) 2006 thawte, Inc. - For authorized use only/CN=thawte Primary Root CA --- Server certificate -----BEGIN CERTIFICATE----- MIIGbDCCBVSgAwIBAgIQEnysMVX0lo0MVBZPV8k9sjANBgkqhkiG9w0BAQsFADBj MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMdGhhd3RlLCBJbmMuMR0wGwYDVQQLExRE b21haW4gVmFsaWRhdGVkIFNTTDEeMBwGA1UEAxMVdGhhd3RlIERWIFNTTCBDQSAt IEcyMB4XDTE3MDMyNDAwMDAwMFoXDTIwMDMyMzIzNTk1OVowFzEVMBMGA1UEAwwM ZXBwLndob2lzLmFpMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAme4P rb6IbjTgPH/05aWMz43m/Xx+huRservQmOEQ7cz/hd1UTpZHvH7SvTMPSQTsANRE JdlqObW8pI3qwa2e1dwZdmLTwkiWF8fq5X+o4K+hrXCe50e9bRdT6/I7kTwVVnjH 0fhBEJMvO890Y7QQ2nPIxP0gjvv4ybJ1rQwI8gf50l1AZ/o/Mrb0zsykdBwLmJZW WVktVNI4II0mdpTwuydn9BobnAE/IsWyChJVO3HT+EMu+KpekCaqkKO5WL5GsTAn Jko2GcHFB+TaNmQ8o0+7tIgXd/mvYkIPxlfMrbxLaheyQykkeE2nJkdSEVYC9nDv X8dN/PCqcjV3vGOggwIDAQABo4IDZjCCA2IwFwYDVR0RBBAwDoIMZXBwLndob2lz LmFpMAkGA1UdEwQCMAAwKwYDVR0fBCQwIjAgoB6gHIYaaHR0cDovL3RuLnN5bWNi LmNvbS90bi5jcmwwbgYDVR0gBGcwZTBjBgZngQwBAgEwWTAmBggrBgEFBQcCARYa aHR0cHM6Ly93d3cudGhhd3RlLmNvbS9jcHMwLwYIKwYBBQUHAgIwIwwhaHR0cHM6 Ly93d3cudGhhd3RlLmNvbS9yZXBvc2l0b3J5MB8GA1UdIwQYMBaAFJ+4wals8vXA IiqU7VyZrNTs18YHMA4GA1UdDwEB/wQEAwIFoDAdBgNVHSUEFjAUBggrBgEFBQcD AQYIKwYBBQUHAwIwVwYIKwYBBQUHAQEESzBJMB8GCCsGAQUFBzABhhNodHRwOi8v dG4uc3ltY2QuY29tMCYGCCsGAQUFBzAChhpodHRwOi8vdG4uc3ltY2IuY29tL3Ru LmNydDCCAfQGCisGAQQB1nkCBAIEggHkBIIB4AHeAHUA3esdK3oNT6Ygi4GtgWhw fi6OnQHVXIiNPRHEzbbsvswAAAFbAFmghQAABAMARjBEAiBjU6XrUrBick0rFM3M Ij1igfeXezeFqnSSMxbfwogg6wIgFmhhaaX/ieut8fZvPFgRH4JOkhysIgAkL470 oaR2+L4AdgCkuQmQtBhYFIe7E6LMZ3AKPDWYBPkb37jjd80OyA3cEAAAAVsAWaDC AAAEAwBHMEUCID9a8ntBsgM5nCWkKT/Mz0d5aM65Bq5Le1nwkr4XABCNAiEAvzcP qb/cuwrdivZW+23DdSzss7jbriA/PpUTbIVNk5cAdQDuS723dc5guuFCaR+r4Z5m ow9+X7By2IMAxHuJeqj9ywAAAVsAWaJ/AAAEAwBGMEQCIQDsd/8sspv64QJs+/LD v2GzvThCjPgWybe8EVy5vgAauQIfYWkXWAl5LyNibTTSl2nW/TZWD/xyHjODUgJ8 y9kPLQB2ALx44d/F9jxoRkkzTaEPoV8JeWkgCcCBtPP2kX8+2bilAAABWwBZoeUA AAQDAEcwRQIgfs6+I16mxLPQP+a0IXncdxFwHNnWahmLlv5Z7wIzkL8CIQDV8TTT r+Sm11Xv5jSNihRKeu+n+JMIskUhw9GvI5RhDDANBgkqhkiG9w0BAQsFAAOCAQEA Qc2q2D6HurGj4isTwh1fRMQeqIEqRDv8jD6oS62+DF5wADif+nhalFmb2SR+xYJa yM7/rlS307T6H/YlAgMTqP9Ew2VFX73K2A6Ie45ACAN3RS4pwmZ+4Pi6p7PrERnQ ytYf1phZRbE8ly0ZXs1lMfJUleiIWfKPm5539DljNoMQDhp12lde+Zi75q5vjDFN PwEPp6JcrguWSe9zF3HjcGgITmAUTgdE2U2THSknklJmGuTl3domFoIMZah3z3i9 Znp+fiLnyXDpzWtkLgPQdkj+XRDisO3t+WtCcsAu3PmYxPbmTpLiPeUCxfOPbUyy eihlqt4RXwAlesfohy4L/g== -----END CERTIFICATE----- subject=/CN=epp.whois.ai issuer=/C=US/O=thawte, Inc./OU=Domain Validated SSL/CN=thawte DV SSL CA - G2 --- No client certificate CA names sent Peer signing digest: SHA512 Server Temp Key: ECDH, P-256, 256 bits --- SSL handshake has read 4436 bytes and written 415 bytes --- New, TLSv1/SSLv3, Cipher is ECDHE-RSA-AES256-GCM-SHA384 Server public key is 2048 bit Secure Renegotiation IS supported Compression: NONE Expansion: NONE No ALPN negotiated SSL-Session: Protocol : TLSv1.2 Cipher : ECDHE-RSA-AES256-GCM-SHA384 Session-ID: 5B768D2FCD122E8BF1ED307E0829534ADD053622C075E5DC099E9ED95A465AD3 Session-ID-ctx: Master-Key: AE32C56BF15A2D98AB2E9EA69FDBC1BA8932C81DBF3F0A10E88B61E665DCB7610EC1231B42C66D76088AD83EC2669FDA Key-Arg : None Krb5 Principal: None PSK identity: None PSK identity hint: None Start Time: 1534496047 Timeout : 300 (sec) Verify return code: 0 (ok) --- ▒<?xml version="1.0" encoding="UTF-8"?><epp xmlns="urn:ietf:params:xml:ns:epp-1.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="urn:ietf:params:xml:ns:epp-1.0 epp-1.0.xsd"><greeting><svID>CoCCA EPP Server - epp.cocca.iors.cx</svID><svDate>2018-08-17T08:54:07.780Z</svDate><svcMenu><version>1.0</version><lang>en</lang><objURI>urn:ietf:params:xml:ns:contact-1.0</objURI><objURI>urn:ietf:params:xml:ns:domain-1.0</objURI><objURI>urn:ietf:params:xml:ns:host-1.0</objURI><svcExtension><extURI>urn:ietf:params:xml:ns:rgp-1.0</extURI><extURI>urn:ietf:params:xml:ns:auxcontact-0.1</extURI><extURI>urn:ietf:params:xml:ns:secDNS-1.1</extURI><extURI>urn:ietf:params:xml:ns:fee-1.0</extURI><extURI>https://production.coccaregistry.net/cocca-activation-1.0</extURI></svcExtension></svcMenu><dcp><access><all/></access><statement><purpose><admin/><prov/></purpose><recipient><ours/><public/></recipient><retention><stated/></retention></statement></dcp></greeting></epp>