Ao usar o certificado raiz pessoal do Kaspersky Anti-Virus, você pode visualizar o certificado do site?

2

O uso do Certificado Raiz Pessoal do Kaspersky Anti-Virus com o Firefox é discutido neste post, Qual certificado emitido pela CA para https://www.google.com .

A minha pergunta é (diferente de google.com) é possível ver o certificado SSL para o site em si?
Não quero desabilitar essa função, mas, até onde posso dizer, você só pode ver o Certificado do Kaspersky Root.

    
por user3169 13.02.2016 / 01:06

1 resposta

2

When using Kaspersky Anti-Virus Personal Root Certificate, can you view the website's certificate?
... is it possible to view the SSL certificate for the website itself?

Você deve conseguir, mas precisa fazê-lo fora do navegador. Por exemplo, aqui está o Google usando o s_client :

do OpenSSL
$ openssl s_client -connect www.google.com:443 -tls1 -servername www.google.com | openssl x509 -text -noout

...
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 3497310530607939837 (0x3088f165e61e80fd)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: C=US, O=Google Inc, CN=Google Internet Authority G2
        Validity
            Not Before: Feb 11 11:17:05 2016 GMT
            Not After : May 11 00:00:00 2016 GMT
        Subject: C=US, ST=California, L=Mountain View, O=Google Inc, CN=www.google.com
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                Public-Key: (2048 bit)
                Modulus:
                    00:d4:90:20:6e:c9:e9:f7:1b:ce:57:59:b3:ee:45:
                    13:e1:e0:d1:7d:68:b2:05:69:c0:e1:0d:77:2c:89:
                    10:ea:b4:0a:d9:d5:5b:8d:a9:ac:9a:98:2b:b6:33:
                    1d:ba:53:8b:e0:1a:df:d9:01:fe:83:24:3f:6d:af:
                    0a:4b:c5:e0:de:75:7e:76:81:19:e0:c4:a8:ae:1f:
                    09:21:40:31:43:a7:52:d7:53:9c:f2:69:cc:2f:78:
                    ef:39:d8:ad:d4:b2:4b:7d:8c:c5:70:8b:90:c7:48:
                    f9:57:c2:69:85:b9:ba:4b:cb:17:f4:b1:1a:a9:e6:
                    50:60:ca:78:5a:7a:16:91:44:a9:56:4e:59:0f:93:
                    0d:23:a1:53:3c:5b:47:38:9d:76:ff:f7:b2:c2:ce:
                    fd:09:d7:49:48:5e:39:fb:71:e8:b8:90:59:44:ed:
                    85:14:15:a1:4b:67:a7:66:40:3b:04:58:0a:6c:06:
                    aa:df:71:f2:02:74:82:14:ad:4c:98:5a:09:53:82:
                    1e:40:2b:36:78:7e:31:8e:36:20:c5:c8:59:9a:dd:
                    8b:8e:24:2b:9e:8d:4f:94:d6:6b:0d:a2:7e:5e:a4:
                    7d:14:ac:c0:8a:17:5c:7a:c8:00:46:9c:24:75:50:
                    a5:be:ec:51:d1:60:99:2f:6d:94:17:77:ce:63:09:
                    01:29
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Extended Key Usage: 
                TLS Web Server Authentication, TLS Web Client Authentication
            X509v3 Subject Alternative Name: 
                DNS:www.google.com
            Authority Information Access: 
                CA Issuers - URI:http://pki.google.com/GIAG2.crt
                OCSP - URI:http://clients1.google.com/ocsp

            X509v3 Subject Key Identifier: 
                4F:C7:02:93:EC:46:43:9C:34:43:03:3E:CB:18:CB:4E:7A:B4:0E:DE
            X509v3 Basic Constraints: critical
                CA:FALSE
            X509v3 Authority Key Identifier: 
                keyid:4A:DD:06:16:1B:BC:F6:68:B5:76:F5:81:B6:BB:62:1A:BA:5A:81:2F

            X509v3 Certificate Policies: 
                Policy: 1.3.6.1.4.1.11129.2.5.1
                Policy: 2.23.140.1.2.2

            X509v3 CRL Distribution Points: 

                Full Name:
                  URI:http://pki.google.com/GIAG2.crl

    Signature Algorithm: sha256WithRSAEncryption
         19:5a:93:63:e9:3b:8a:f2:80:01:70:a9:02:8a:51:84:23:3b:
         94:77:9b:4a:e1:38:d4:a1:8c:51:1d:67:79:a1:03:b5:1f:0d:
         c7:77:d8:52:64:92:55:77:c0:d9:0e:1c:6a:ff:f2:a9:56:04:
         66:90:66:ca:e1:21:4a:45:cd:06:09:64:23:58:75:3f:84:23:
         7b:d1:c9:bb:d8:b2:d0:4f:f2:4a:09:9d:6e:cf:14:2a:8b:8e:
         52:f7:a6:8b:16:14:bc:13:71:e7:b0:50:e8:a0:04:c0:c7:c6:
         89:13:67:19:a0:41:da:99:83:48:bb:ed:e3:f5:b4:29:bf:bc:
         2b:95:2c:3b:54:ca:cf:5a:df:00:51:47:2d:cd:5a:7d:fb:e0:
         15:bf:34:9e:a0:8b:ff:ba:80:57:e0:d3:c5:71:12:df:48:49:
         98:13:d1:95:ef:68:b4:f4:50:77:0e:51:3e:98:e5:8f:31:57:
         a4:6a:8f:73:0b:9d:b4:ec:db:4d:04:c2:6a:ad:ec:5c:ac:02:
         3a:0a:c1:96:f3:2a:53:02:f3:7a:19:94:17:80:ff:0f:4e:5d:
         19:f4:b9:18:ba:89:dd:62:5d:01:39:da:4a:28:f8:32:39:84:
         69:ef:5d:3b:5c:d0:9d:38:10:30:93:7b:2c:ee:0b:a2:9f:e5:
         17:0c:cf:81

Você pode limpar o erro verify error: num = 20: não foi possível obter o certificado de emissor local usando a opção -CAfile :

$ openssl s_client -connect www.google.com:443 -tls1 -servername www.google.com -CAfile GeoTrust-Root.pem
    
por 17.02.2016 / 13:54