2018-05-17T17:33:54
GwenDragonAh, also Zertifikate?
Ja. Habe ich mich falsch ausgedrückt?
2018-05-17T17:33:54
GwenDragonWenn dann oben drin steht sowas wie
-----BEGIN CERTIFICATE-----
...
(einige BASE64-kodierte Zeilen)
...
-----END CERTIFICATE-----
drin ist.
Ja das steht drin aber die Zeilen sind nicht 64 Zeichen lang sondern 76 Zeichen.
Ist das OK oder vlt. der Grund für die Apache Meldung?
2018-05-17T17:33:54
GwenDragonOder zusätzlich
-----BEGIN CERTIFICATE REQUEST-----
...
...
Nein, das ist eine andere Datei.
2018-05-17T17:33:54
GwenDragon-----BEGIN PRIVATE KEY-----
Ja, das ist die key Datei und darin sind die Zeilen auch wie erwartet 64 Zeichen.
2018-05-17T17:33:54
GwenDragonWenn du schauen willst was da im Zert definiert ist:
openssl x509 -in Zertifikatsdatei -text -noout
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
fa:a0:84:13:9f:ec:81:32:91:d7:a9:2b:aa:62:bd:d9:78:87
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=Fake LE Intermediate X1
Validity
Not Before: May 17 07:06:06 2018 GMT
Not After : Aug 15 07:06:06 2018 GMT
Subject: CN=meine.domain.net
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (2048 bit)
Modulus:
00:d8:a4:6f:00:41:04:b4:74:29:b2:ee:d5:49:e8:
4c:42:67:13:07:2e:95:84:de:af:d0:0b:ce:b4:95:
03:ec:82:b8:f0:c9:68:ef:5b:61:6c:de:38:8b:63:
.
.
.
91:44:b0:e5:cd:b7:8d:ee:b3:9f:d3:15:c1:5e:de:
3a:f4:44:25:2f:f3:ff:70:db:70:aa:4c:ee:ce:67:
25:c3
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Key Usage: critical
Digital Signature, Key Encipherment
X509v3 Extended Key Usage:
TLS Web Server Authentication, TLS Web Client Authentication
X509v3 Basic Constraints: critical
CA:FALSE
X509v3 Subject Key Identifier:
A3:FD:D1:67:33:19:B2:62:68:C2:26:BC:51:8C:D7:20:50:97:A9:F4
X509v3 Authority Key Identifier:
keyid:C0:CC:03:46:B9:58:20:CC:5C:72:70:F3:E1:2E:CB:20:A6:F5:68:3A
Authority Information Access:
OCSP - URI:http://ocsp.stg-int-x1.letsencrypt.org
CA Issuers - URI:http://cert.stg-int-x1.letsencrypt.org/
X509v3 Subject Alternative Name:
DNS:meine.domain.net
X509v3 Certificate Policies:
Policy: 2.23.140.1.2.1
Policy: 1.3.6.1.4.1.44947.1.1.1
CPS: http://cps.letsencrypt.org
User Notice:
Explicit Text: This Certificate may only be relied upon by Relying Parties and only in accordance with the Certificate Policy found at https://letsencrypt.org/repository/
CT Precertificate SCTs:
Signed Certificate Timestamp:
Version : v1(0)
Log ID : B0:CC:83:E5:A5:F9:7D:6B:AF:7C:09:CC:28:49:04:87:
2A:C7:E8:8B:13:2C:63:50:B7:C6:FD:26:E1:6C:6C:77
Timestamp : May 17 08:06:06.370 2018 GMT
Extensions: none
Signature : ecdsa-with-SHA256
30:45:02:20:27:C7:BC:B5:25:EE:65:66:E0:34:5F:61:
7B:6C:06:FF:BC:80:55:AF:CE:90:7B:5D:A1:44:2A:71:
95:F8:48:17:02:21:00:97:DA:C0:53:45:0A:B4:13:EE:
B7:E7:E6:02:0F:6B:98:96:11:67:D4:36:C9:3A:8F:B8:
A8:C1:A7:9A:C7:85:00
Signed Certificate Timestamp:
Version : v1(0)
Log ID : DD:99:34:FC:A5:E7:24:80:C9:56:68:7D:81:34:99:08:
49:B2:49:F7:B5:69:D8:C7:BC:AB:3F:5C:C1:F3:6E:64
Timestamp : May 17 08:06:08.274 2018 GMT
Extensions: none
Signature : ecdsa-with-SHA256
30:45:02:20:18:02:ED:C6:C0:78:76:69:7D:B5:D6:FD:
FC:BA:56:52:01:CC:FE:C6:09:E8:6F:1A:2C:69:0E:80:
6F:FE:02:55:02:21:00:FF:62:4D:48:E6:6C:A1:37:8D:
C0:2F:C3:04:8A:25:8D:00:18:F8:97:A8:FA:F4:3F:E4:
04:56:A5:8F:0D:D1:AD
Signature Algorithm: sha256WithRSAEncryption
c7:ba:99:03:df:82:f2:88:5c:4e:8a:12:e5:25:b6:36:51:30:
ff:7f:34:cd:b0:48:34:f8:14:56:cc:9a:f1:98:63:df:68:29:
.
.
.
35:fa:72:45:77:5d:3a:9b:81:57:aa:3d:f5:65:b1:5c:37:d0:
4e:ef:5a:b4:04:bd:d7:35:5e:9a:2b:47:32:a2:27:e5:7d:8d:
74:93:11:ab
Ist gekürzt und die Domain escapet.
Ist das OK?
10 print "Hallo"
20 goto 10