OpenSSL - qual certificado é o certificado de CA?

1

Estou tentando baixar um certificado de CA para usar junto com meu programa PHP cURL, para que eu possa verificar o servidor localmente. Estou usando o seguinte comando, mas recebo uma lista de muitos certificados e não consigo descobrir qual é o certo.

openssl s_client -connect maps.google.com:443 -showcerts

A saída que recebo deste comando está aqui:

CONNECTED(00000003)
depth=2 /C=US/O=GeoTrust Inc./CN=GeoTrust Global CA
verify error:num=20:unable to get local issuer certificate
verify return:0
---
Certificate chain
 0 s:/C=US/ST=California/L=Mountain View/O=Google Inc/CN=google.com
   i:/C=US/O=Google Inc/CN=Google Internet Authority G2
-----BEGIN CERTIFICATE-----
MIIgVDCCHzygAwIBAgIILAlPBKryu1UwDQYJKoZIhvcNAQELBQAwSTELMAkGA1UE
BhMCVVMxEzARBgNVBAoTCkdvb2dsZSBJbmMxJTAjBgNVBAMTHEdvb2dsZSBJbnRl
cm5ldCBBdXRob3JpdHkgRzIwHhcNMTYxMDI2MDk1NTAwWhcNMTcwMTE4MDk1NTAw
WjBkMQswCQYDVQQGEwJVUzETMBEGA1UECAwKQ2FsaWZvcm5pYTEWMBQGA1UEBwwN
TW91bnRhaW4gVmlldzETMBEGA1UECgwKR29vZ2xlIEluYzETMBEGA1UEAwwKZ29v
Z2xlLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAK1a3MhaJK1X
M/GUPIgXcmk4EIBaGQ7yxEJ+tPcKBk9ezIII2Ey91EEF61inpGBQmOJnJKVTbdHp
5ATMv7mA2y+WunhjR5hYTLj+1rCHe3UzJEG9KWCUNFS4DNq4k0RtK9HNUaLVk4RR
j5xzKcdnqHZ2STEGnLvKNBvjPm+wvGdU7MffsNNDNJczlCHEOthGZzSrfMmOI/Ep
BfC7Y4Ffd0tSX8cb4CjoTdH8KRYj+iHhvFYUWWz2haZPCoxhmQcl7PV/m0/6UZ5V
gscD2EqRQe4rLndlWA0FNWN3xE9vsK5TbEI4vUBEqZ54NBUFlKoNtaC12CTLhlXT
Yjr90c16Z9kCAwEAAaOCHSMwgh0fMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEF
BQcDAjCCG+8GA1UdEQSCG+Ywghviggpnb29nbGUuY29tggoqLjJtZG4ubmV0gg0q
LmFuZHJvaWQuY29tghYqLmFwcGVuZ2luZS5nb29nbGUuY29tghQqLmF1LmRvdWJs
ZWNsaWNrLm5ldIILKi5jYy1kdC5jb22CEiouY2xvdWQuZ29vZ2xlLmNvbYIUKi5k
ZS5kb3VibGVjbGljay5uZXSCESouZG91YmxlY2xpY2suY29tghEqLmRvdWJsZWNs
aWNrLm5ldIIVKi5mbHMuZG91YmxlY2xpY2submV0ghQqLmZyLmRvdWJsZWNsaWNr
Lm5ldIIWKi5nb29nbGUtYW5hbHl0aWNzLmNvbYILKi5nb29nbGUuYWOCCyouZ29v
Z2xlLmFkggsqLmdvb2dsZS5hZYILKi5nb29nbGUuYWaCCyouZ29vZ2xlLmFnggsq
Lmdvb2dsZS5hbIILKi5nb29nbGUuYW2CCyouZ29vZ2xlLmFzggsqLmdvb2dsZS5h
dIILKi5nb29nbGUuYXqCCyouZ29vZ2xlLmJhggsqLmdvb2dsZS5iZYILKi5nb29n
bGUuYmaCCyouZ29vZ2xlLmJnggsqLmdvb2dsZS5iaYILKi5nb29nbGUuYmqCCyou
Z29vZ2xlLmJzggsqLmdvb2dsZS5idIILKi5nb29nbGUuYnmCCyouZ29vZ2xlLmNh
ggwqLmdvb2dsZS5jYXSCCyouZ29vZ2xlLmNjggsqLmdvb2dsZS5jZIILKi5nb29n
bGUuY2aCCyouZ29vZ2xlLmNnggsqLmdvb2dsZS5jaIILKi5nb29nbGUuY2mCCyou
Z29vZ2xlLmNsggsqLmdvb2dsZS5jbYILKi5nb29nbGUuY26CDiouZ29vZ2xlLmNv
LmFvgg4qLmdvb2dsZS5jby5id4IOKi5nb29nbGUuY28uY2uCDiouZ29vZ2xlLmNv
LmNygg4qLmdvb2dsZS5jby5odYIOKi5nb29nbGUuY28uaWSCDiouZ29vZ2xlLmNv
Lmlsgg4qLmdvb2dsZS5jby5pbYIOKi5nb29nbGUuY28uaW6CDiouZ29vZ2xlLmNv
Lmplgg4qLmdvb2dsZS5jby5qcIIOKi5nb29nbGUuY28ua2WCDiouZ29vZ2xlLmNv
Lmtygg4qLmdvb2dsZS5jby5sc4IOKi5nb29nbGUuY28ubWGCDiouZ29vZ2xlLmNv
Lm16gg4qLmdvb2dsZS5jby5ueoIOKi5nb29nbGUuY28udGiCDiouZ29vZ2xlLmNv
LnR6gg4qLmdvb2dsZS5jby51Z4IOKi5nb29nbGUuY28udWuCDiouZ29vZ2xlLmNv
LnV6gg4qLmdvb2dsZS5jby52ZYIOKi5nb29nbGUuY28udmmCDiouZ29vZ2xlLmNv
Lnphgg4qLmdvb2dsZS5jby56bYIOKi5nb29nbGUuY28ueneCDCouZ29vZ2xlLmNv
bYIPKi5nb29nbGUuY29tLmFmgg8qLmdvb2dsZS5jb20uYWeCDyouZ29vZ2xlLmNv
bS5haYIPKi5nb29nbGUuY29tLmFygg8qLmdvb2dsZS5jb20uYXWCDyouZ29vZ2xl
LmNvbS5iZIIPKi5nb29nbGUuY29tLmJogg8qLmdvb2dsZS5jb20uYm6CDyouZ29v
Z2xlLmNvbS5ib4IPKi5nb29nbGUuY29tLmJygg8qLmdvb2dsZS5jb20uYnmCDyou
Z29vZ2xlLmNvbS5ieoIPKi5nb29nbGUuY29tLmNugg8qLmdvb2dsZS5jb20uY2+C
DyouZ29vZ2xlLmNvbS5jdYIPKi5nb29nbGUuY29tLmN5gg8qLmdvb2dsZS5jb20u
ZG+CDyouZ29vZ2xlLmNvbS5lY4IPKi5nb29nbGUuY29tLmVngg8qLmdvb2dsZS5j
b20uZXSCDyouZ29vZ2xlLmNvbS5maoIPKi5nb29nbGUuY29tLmdlgg8qLmdvb2ds
ZS5jb20uZ2iCDyouZ29vZ2xlLmNvbS5naYIPKi5nb29nbGUuY29tLmdygg8qLmdv
b2dsZS5jb20uZ3SCDyouZ29vZ2xlLmNvbS5oa4IPKi5nb29nbGUuY29tLmlxgg8q
Lmdvb2dsZS5jb20uam2CDyouZ29vZ2xlLmNvbS5qb4IPKi5nb29nbGUuY29tLmto
gg8qLmdvb2dsZS5jb20ua3eCDyouZ29vZ2xlLmNvbS5sYoIPKi5nb29nbGUuY29t
Lmx5gg8qLmdvb2dsZS5jb20ubW2CDyouZ29vZ2xlLmNvbS5tdIIPKi5nb29nbGUu
Y29tLm14gg8qLmdvb2dsZS5jb20ubXmCDyouZ29vZ2xlLmNvbS5uYYIPKi5nb29n
bGUuY29tLm5mgg8qLmdvb2dsZS5jb20ubmeCDyouZ29vZ2xlLmNvbS5uaYIPKi5n
b29nbGUuY29tLm5wgg8qLmdvb2dsZS5jb20ubnKCDyouZ29vZ2xlLmNvbS5vbYIP
Ki5nb29nbGUuY29tLnBhgg8qLmdvb2dsZS5jb20ucGWCDyouZ29vZ2xlLmNvbS5w
Z4IPKi5nb29nbGUuY29tLnBogg8qLmdvb2dsZS5jb20ucGuCDyouZ29vZ2xlLmNv
bS5wbIIPKi5nb29nbGUuY29tLnBygg8qLmdvb2dsZS5jb20ucHmCDyouZ29vZ2xl
LmNvbS5xYYIPKi5nb29nbGUuY29tLnJ1gg8qLmdvb2dsZS5jb20uc2GCDyouZ29v
Z2xlLmNvbS5zYoIPKi5nb29nbGUuY29tLnNngg8qLmdvb2dsZS5jb20uc2yCDyou
Z29vZ2xlLmNvbS5zdoIPKi5nb29nbGUuY29tLnRqgg8qLmdvb2dsZS5jb20udG6C
DyouZ29vZ2xlLmNvbS50coIPKi5nb29nbGUuY29tLnR3gg8qLmdvb2dsZS5jb20u
dWGCDyouZ29vZ2xlLmNvbS51eYIPKi5nb29nbGUuY29tLnZjgg8qLmdvb2dsZS5j
b20udmWCDyouZ29vZ2xlLmNvbS52boILKi5nb29nbGUuY3aCCyouZ29vZ2xlLmN6
ggsqLmdvb2dsZS5kZYILKi5nb29nbGUuZGqCCyouZ29vZ2xlLmRrggsqLmdvb2ds
ZS5kbYILKi5nb29nbGUuZHqCCyouZ29vZ2xlLmVlggsqLmdvb2dsZS5lc4IMKi5n
b29nbGUuZXVzggsqLmdvb2dsZS5maYILKi5nb29nbGUuZm2CCyouZ29vZ2xlLmZy
ggwqLmdvb2dsZS5mcmyCCyouZ29vZ2xlLmdhggwqLmdvb2dsZS5nYWyCCyouZ29v
Z2xlLmdlggsqLmdvb2dsZS5nZ4ILKi5nb29nbGUuZ2yCCyouZ29vZ2xlLmdtggsq
Lmdvb2dsZS5ncIILKi5nb29nbGUuZ3KCCyouZ29vZ2xlLmd5ggsqLmdvb2dsZS5o
a4ILKi5nb29nbGUuaG6CCyouZ29vZ2xlLmhyggsqLmdvb2dsZS5odIILKi5nb29n
bGUuaHWCCyouZ29vZ2xlLmllggsqLmdvb2dsZS5pbYILKi5nb29nbGUuaW6CDSou
Z29vZ2xlLmluZm+CCyouZ29vZ2xlLmlxggsqLmdvb2dsZS5pcoILKi5nb29nbGUu
aXOCCyouZ29vZ2xlLml0gg4qLmdvb2dsZS5pdC5hb4ILKi5nb29nbGUuamWCCyou
Z29vZ2xlLmpvgg0qLmdvb2dsZS5qb2JzggsqLmdvb2dsZS5qcIILKi5nb29nbGUu
a2eCCyouZ29vZ2xlLmtpggsqLmdvb2dsZS5reoILKi5nb29nbGUubGGCCyouZ29v
Z2xlLmxpggsqLmdvb2dsZS5sa4ILKi5nb29nbGUubHSCCyouZ29vZ2xlLmx1ggsq
Lmdvb2dsZS5sdoILKi5nb29nbGUubWSCCyouZ29vZ2xlLm1lggsqLmdvb2dsZS5t
Z4ILKi5nb29nbGUubWuCCyouZ29vZ2xlLm1sggsqLmdvb2dsZS5tboILKi5nb29n
bGUubXOCCyouZ29vZ2xlLm11ggsqLmdvb2dsZS5tdoILKi5nb29nbGUubXeCCyou
Z29vZ2xlLm5lgg4qLmdvb2dsZS5uZS5qcIIMKi5nb29nbGUubmV0ggsqLmdvb2ds
ZS5uZ4ILKi5nb29nbGUubmyCCyouZ29vZ2xlLm5vggsqLmdvb2dsZS5ucoILKi5n
b29nbGUubnWCDyouZ29vZ2xlLm9mZi5haYILKi5nb29nbGUucGuCCyouZ29vZ2xl
LnBsggsqLmdvb2dsZS5wboILKi5nb29nbGUucHOCCyouZ29vZ2xlLnB0ggsqLmdv
b2dsZS5yb4ILKi5nb29nbGUucnOCCyouZ29vZ2xlLnJ1ggsqLmdvb2dsZS5yd4IL
Ki5nb29nbGUuc2OCCyouZ29vZ2xlLnNlggsqLmdvb2dsZS5zaIILKi5nb29nbGUu
c2mCCyouZ29vZ2xlLnNrggsqLmdvb2dsZS5zbYILKi5nb29nbGUuc26CCyouZ29v
Z2xlLnNvggsqLmdvb2dsZS5zcoILKi5nb29nbGUuc3SCCyouZ29vZ2xlLnRkggwq
Lmdvb2dsZS50ZWyCCyouZ29vZ2xlLnRnggsqLmdvb2dsZS50a4ILKi5nb29nbGUu
dGyCCyouZ29vZ2xlLnRtggsqLmdvb2dsZS50boILKi5nb29nbGUudG+CCyouZ29v
Z2xlLnR0ggsqLmdvb2dsZS51YYILKi5nb29nbGUudXOCCyouZ29vZ2xlLnV6ggsq
Lmdvb2dsZS52Z4ILKi5nb29nbGUudnWCCyouZ29vZ2xlLndzghIqLmdvb2dsZWFk
YXBpcy5jb22CFSouZ29vZ2xlYWRzc2VydmluZy5jboIPKi5nb29nbGVhcGlzLmNu
ghQqLmdvb2dsZWNvbW1lcmNlLmNvbYIWKi5nb29nbGV1c2VyY29udGVudC5jboIR
Ki5nb29nbGV2aWRlby5jb22CDCouZ3N0YXRpYy5jboINKi5nc3RhdGljLmNvbYIK
Ki5ndnQxLmNvbYIKKi5ndnQyLmNvbYIUKi5qcC5kb3VibGVjbGljay5uZXSCFCou
bWV0cmljLmdzdGF0aWMuY29tghQqLnVrLmRvdWJsZWNsaWNrLm5ldIIMKi51cmNo
aW4uY29tghAqLnVybC5nb29nbGUuY29tghYqLnlvdXR1YmUtbm9jb29raWUuY29t
gg0qLnlvdXR1YmUuY29tghYqLnlvdXR1YmVlZHVjYXRpb24uY29tggsqLnl0aW1n
LmNvbYIVYWQubW8uZG91YmxlY2xpY2submV0ghphbmRyb2lkLmNsaWVudHMuZ29v
Z2xlLmNvbYILYW5kcm9pZC5jb22CG2RldmVsb3Blci5hbmRyb2lkLmdvb2dsZS5j
boIPZG91YmxlY2xpY2submV0ggRnLmNvggZnb28uZ2yCFGdvb2dsZS1hbmFseXRp
Y3MuY29tgglnb29nbGUuYWOCCWdvb2dsZS5hZIIJZ29vZ2xlLmFlgglnb29nbGUu
YWaCCWdvb2dsZS5hZ4IJZ29vZ2xlLmFsgglnb29nbGUuYW2CCWdvb2dsZS5hc4IJ
Z29vZ2xlLmF0gglnb29nbGUuYXqCCWdvb2dsZS5iYYIJZ29vZ2xlLmJlgglnb29n
bGUuYmaCCWdvb2dsZS5iZ4IJZ29vZ2xlLmJpgglnb29nbGUuYmqCCWdvb2dsZS5i
c4IJZ29vZ2xlLmJ0gglnb29nbGUuYnmCCWdvb2dsZS5jYYIKZ29vZ2xlLmNhdIIJ
Z29vZ2xlLmNjgglnb29nbGUuY2SCCWdvb2dsZS5jZoIJZ29vZ2xlLmNngglnb29n
bGUuY2iCCWdvb2dsZS5jaYIJZ29vZ2xlLmNsgglnb29nbGUuY22CCWdvb2dsZS5j
boIMZ29vZ2xlLmNvLmFvggxnb29nbGUuY28uYneCDGdvb2dsZS5jby5ja4IMZ29v
Z2xlLmNvLmNyggxnb29nbGUuY28uaHWCDGdvb2dsZS5jby5pZIIMZ29vZ2xlLmNv
Lmlsggxnb29nbGUuY28uaW2CDGdvb2dsZS5jby5pboIMZ29vZ2xlLmNvLmplggxn
b29nbGUuY28uanCCDGdvb2dsZS5jby5rZYIMZ29vZ2xlLmNvLmtyggxnb29nbGUu
Y28ubHOCDGdvb2dsZS5jby5tYYIMZ29vZ2xlLmNvLm16ggxnb29nbGUuY28ubnqC
DGdvb2dsZS5jby50aIIMZ29vZ2xlLmNvLnR6ggxnb29nbGUuY28udWeCDGdvb2ds
ZS5jby51a4IMZ29vZ2xlLmNvLnV6ggxnb29nbGUuY28udmWCDGdvb2dsZS5jby52
aYIMZ29vZ2xlLmNvLnphggxnb29nbGUuY28uem2CDGdvb2dsZS5jby56d4INZ29v
Z2xlLmNvbS5hZoINZ29vZ2xlLmNvbS5hZ4INZ29vZ2xlLmNvbS5haYINZ29vZ2xl
LmNvbS5hcoINZ29vZ2xlLmNvbS5hdYINZ29vZ2xlLmNvbS5iZIINZ29vZ2xlLmNv
bS5iaIINZ29vZ2xlLmNvbS5iboINZ29vZ2xlLmNvbS5ib4INZ29vZ2xlLmNvbS5i
coINZ29vZ2xlLmNvbS5ieYINZ29vZ2xlLmNvbS5ieoINZ29vZ2xlLmNvbS5jboIN
Z29vZ2xlLmNvbS5jb4INZ29vZ2xlLmNvbS5jdYINZ29vZ2xlLmNvbS5jeYINZ29v
Z2xlLmNvbS5kb4INZ29vZ2xlLmNvbS5lY4INZ29vZ2xlLmNvbS5lZ4INZ29vZ2xl
LmNvbS5ldIINZ29vZ2xlLmNvbS5maoINZ29vZ2xlLmNvbS5nZYINZ29vZ2xlLmNv
bS5naIINZ29vZ2xlLmNvbS5naYINZ29vZ2xlLmNvbS5ncoINZ29vZ2xlLmNvbS5n
dIINZ29vZ2xlLmNvbS5oa4INZ29vZ2xlLmNvbS5pcYINZ29vZ2xlLmNvbS5qbYIN
Z29vZ2xlLmNvbS5qb4INZ29vZ2xlLmNvbS5raIINZ29vZ2xlLmNvbS5rd4INZ29v
Z2xlLmNvbS5sYoINZ29vZ2xlLmNvbS5seYINZ29vZ2xlLmNvbS5tbYINZ29vZ2xl
LmNvbS5tdIINZ29vZ2xlLmNvbS5teIINZ29vZ2xlLmNvbS5teYINZ29vZ2xlLmNv
bS5uYYINZ29vZ2xlLmNvbS5uZoINZ29vZ2xlLmNvbS5uZ4INZ29vZ2xlLmNvbS5u
aYINZ29vZ2xlLmNvbS5ucIINZ29vZ2xlLmNvbS5ucoINZ29vZ2xlLmNvbS5vbYIN
Z29vZ2xlLmNvbS5wYYINZ29vZ2xlLmNvbS5wZYINZ29vZ2xlLmNvbS5wZ4INZ29v
Z2xlLmNvbS5waIINZ29vZ2xlLmNvbS5wa4INZ29vZ2xlLmNvbS5wbIINZ29vZ2xl
LmNvbS5wcoINZ29vZ2xlLmNvbS5weYINZ29vZ2xlLmNvbS5xYYINZ29vZ2xlLmNv
bS5ydYINZ29vZ2xlLmNvbS5zYYINZ29vZ2xlLmNvbS5zYoINZ29vZ2xlLmNvbS5z
Z4INZ29vZ2xlLmNvbS5zbIINZ29vZ2xlLmNvbS5zdoINZ29vZ2xlLmNvbS50aoIN
Z29vZ2xlLmNvbS50boINZ29vZ2xlLmNvbS50coINZ29vZ2xlLmNvbS50d4INZ29v
Z2xlLmNvbS51YYINZ29vZ2xlLmNvbS51eYINZ29vZ2xlLmNvbS52Y4INZ29vZ2xl
LmNvbS52ZYINZ29vZ2xlLmNvbS52boIJZ29vZ2xlLmN2gglnb29nbGUuY3qCCWdv
b2dsZS5kZYIJZ29vZ2xlLmRqgglnb29nbGUuZGuCCWdvb2dsZS5kbYIJZ29vZ2xl
LmR6gglnb29nbGUuZWWCCWdvb2dsZS5lc4IKZ29vZ2xlLmV1c4IJZ29vZ2xlLmZp
gglnb29nbGUuZm2CCWdvb2dsZS5mcoIKZ29vZ2xlLmZybIIJZ29vZ2xlLmdhggpn
b29nbGUuZ2Fsgglnb29nbGUuZ2WCCWdvb2dsZS5nZ4IJZ29vZ2xlLmdsgglnb29n
bGUuZ22CCWdvb2dsZS5ncIIJZ29vZ2xlLmdygglnb29nbGUuZ3mCCWdvb2dsZS5o
a4IJZ29vZ2xlLmhugglnb29nbGUuaHKCCWdvb2dsZS5odIIJZ29vZ2xlLmh1ggln
b29nbGUuaWWCCWdvb2dsZS5pbYIJZ29vZ2xlLmluggtnb29nbGUuaW5mb4IJZ29v
Z2xlLmlxgglnb29nbGUuaXKCCWdvb2dsZS5pc4IJZ29vZ2xlLml0ggxnb29nbGUu
aXQuYW+CCWdvb2dsZS5qZYIJZ29vZ2xlLmpvggtnb29nbGUuam9ic4IJZ29vZ2xl
Lmpwgglnb29nbGUua2eCCWdvb2dsZS5raYIJZ29vZ2xlLmt6gglnb29nbGUubGGC
CWdvb2dsZS5saYIJZ29vZ2xlLmxrgglnb29nbGUubHSCCWdvb2dsZS5sdYIJZ29v
Z2xlLmx2gglnb29nbGUubWSCCWdvb2dsZS5tZYIJZ29vZ2xlLm1ngglnb29nbGUu
bWuCCWdvb2dsZS5tbIIJZ29vZ2xlLm1ugglnb29nbGUubXOCCWdvb2dsZS5tdYIJ
Z29vZ2xlLm12gglnb29nbGUubXeCCWdvb2dsZS5uZYIMZ29vZ2xlLm5lLmpwggpn
b29nbGUubmV0gglnb29nbGUubmeCCWdvb2dsZS5ubIIJZ29vZ2xlLm5vgglnb29n
bGUubnKCCWdvb2dsZS5udYINZ29vZ2xlLm9mZi5haYIJZ29vZ2xlLnBrgglnb29n
bGUucGyCCWdvb2dsZS5wboIJZ29vZ2xlLnBzgglnb29nbGUucHSCCWdvb2dsZS5y
b4IJZ29vZ2xlLnJzgglnb29nbGUucnWCCWdvb2dsZS5yd4IJZ29vZ2xlLnNjggln
b29nbGUuc2WCCWdvb2dsZS5zaIIJZ29vZ2xlLnNpgglnb29nbGUuc2uCCWdvb2ds
ZS5zbYIJZ29vZ2xlLnNugglnb29nbGUuc2+CCWdvb2dsZS5zcoIJZ29vZ2xlLnN0
gglnb29nbGUudGSCCmdvb2dsZS50ZWyCCWdvb2dsZS50Z4IJZ29vZ2xlLnRrggln
b29nbGUudGyCCWdvb2dsZS50bYIJZ29vZ2xlLnRugglnb29nbGUudG+CCWdvb2ds
ZS50dIIJZ29vZ2xlLnVhgglnb29nbGUudXOCCWdvb2dsZS51eoIJZ29vZ2xlLnZn
gglnb29nbGUudnWCCWdvb2dsZS53c4ISZ29vZ2xlY29tbWVyY2UuY29tggtnc3Rh
dGljLmNvbYIZcG9saWN5Lm10YS1zdHMuZ29vZ2xlLmNvbYIKdXJjaGluLmNvbYIK
d3d3Lmdvby5nbIIIeW91dHUuYmWCC3lvdXR1YmUuY29tghR5b3V0dWJlZWR1Y2F0
aW9uLmNvbTBoBggrBgEFBQcBAQRcMFowKwYIKwYBBQUHMAKGH2h0dHA6Ly9wa2ku
Z29vZ2xlLmNvbS9HSUFHMi5jcnQwKwYIKwYBBQUHMAGGH2h0dHA6Ly9jbGllbnRz
MS5nb29nbGUuY29tL29jc3AwHQYDVR0OBBYEFIa2xzSpstF9IRJo0Iy0L5Psge2C
MAwGA1UdEwEB/wQCMAAwHwYDVR0jBBgwFoAUSt0GFhu89mi1dvWBtrtiGrpagS8w
IQYDVR0gBBowGDAMBgorBgEEAdZ5AgUBMAgGBmeBDAECAjAwBgNVHR8EKTAnMCWg
I6Ahhh9odHRwOi8vcGtpLmdvb2dsZS5jb20vR0lBRzIuY3JsMA0GCSqGSIb3DQEB
CwUAA4IBAQAejkFS8sGmN0YrWIdQuwCSpUSVh+IqRQWxyeD3ZgBk/OXRcRNxR27Y
NCvp/01tFr89S5z/YreKoC3vAkWkMTq1Q8IFRjumWpWkCUI0HjZtUGfuClhHeUMu
vET+Tg8Iv8tMeDP5r6Gug9vzwtfVdWVL3jtScF7EPl9Qp6I71DPbTeshhAJOHmKi
YVaGLP2xwocuUOAfQqq7ULvQgfdhNx/+a7IF5PfS2nz3A7EcundpsNk83KppxKfw
vGMtsyNn48hE9tE2lPl09AdklbbmmHPei/4p8WfLyOgZq7g1b+j/K78fkU+KIINH
MxXeIpXsqZkiwgr0N28vpFvAJ6ohCye8
-----END CERTIFICATE-----
 1 s:/C=US/O=Google Inc/CN=Google Internet Authority G2
   i:/C=US/O=GeoTrust Inc./CN=GeoTrust Global CA
-----BEGIN CERTIFICATE-----
MIID8DCCAtigAwIBAgIDAjqSMA0GCSqGSIb3DQEBCwUAMEIxCzAJBgNVBAYTAlVT
MRYwFAYDVQQKEw1HZW9UcnVzdCBJbmMuMRswGQYDVQQDExJHZW9UcnVzdCBHbG9i
YWwgQ0EwHhcNMTUwNDAxMDAwMDAwWhcNMTcxMjMxMjM1OTU5WjBJMQswCQYDVQQG
EwJVUzETMBEGA1UEChMKR29vZ2xlIEluYzElMCMGA1UEAxMcR29vZ2xlIEludGVy
bmV0IEF1dGhvcml0eSBHMjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB
AJwqBHdc2FCROgajguDYUEi8iT/xGXAaiEZ+4I/F8YnOIe5a/mENtzJEiaB0C1NP
VaTOgmKV7utZX8bhBYASxF6UP7xbSDj0U/ck5vuR6RXEz/RTDfRK/J9U3n2+oGtv
h8DQUB8oMANA2ghzUWx//zo8pzcGjr1LEQTrfSTe5vn8MXH7lNVg8y5Kr0LSy+rE
ahqyzFPdFUuLH8gZYR/Nnag+YyuENWllhMgZxUYi+FOVvuOAShDGKuy6lyARxzmZ
EASg8GF6lSWMTlJ14rbtCMoU/M4iarNOz0YDl5cDfsCx3nuvRTPPuj5xt970JSXC
DTWJnZ37DhF5iR43xa+OcmkCAwEAAaOB5zCB5DAfBgNVHSMEGDAWgBTAephojYn7
qwVkDBF9qn1luMrMTjAdBgNVHQ4EFgQUSt0GFhu89mi1dvWBtrtiGrpagS8wDgYD
VR0PAQH/BAQDAgEGMC4GCCsGAQUFBwEBBCIwIDAeBggrBgEFBQcwAYYSaHR0cDov
L2cuc3ltY2QuY29tMBIGA1UdEwEB/wQIMAYBAf8CAQAwNQYDVR0fBC4wLDAqoCig
JoYkaHR0cDovL2cuc3ltY2IuY29tL2NybHMvZ3RnbG9iYWwuY3JsMBcGA1UdIAQQ
MA4wDAYKKwYBBAHWeQIFATANBgkqhkiG9w0BAQsFAAOCAQEACE4Ep4B/EBZDXgKt
10KA9LCO0q6z6xF9kIQYfeeQFftJf6iZBZG7esnWPDcYCZq2x5IgBzUzCeQoY3IN
tOAynIeYxBt2iWfBUFiwE6oTGhsypb7qEZVMSGNJ6ZldIDfM/ippURaVS6neSYLA
EHD0LPPsvCQk0E6spdleHm2SwaesSDWB+eXknGVpzYekQVA/LlelkVESWA6MCaGs
eqQSpSfzmhCXfVUDBvdmWF9fZOGrXW2lOUh1mEwpWjqN0yvKnFUEv/TmFNWArCbt
F4mmk2xcpMy48GaOZON9muIAs0nH5Aqq3VuDx3CQRk6+0NtZlmwu9RY23nHMAcIS
wSHGFg==
-----END CERTIFICATE-----
 2 s:/C=US/O=GeoTrust Inc./CN=GeoTrust Global CA
   i:/C=US/O=Equifax/OU=Equifax Secure Certificate Authority
-----BEGIN CERTIFICATE-----
MIIDfTCCAuagAwIBAgIDErvmMA0GCSqGSIb3DQEBBQUAME4xCzAJBgNVBAYTAlVT
MRAwDgYDVQQKEwdFcXVpZmF4MS0wKwYDVQQLEyRFcXVpZmF4IFNlY3VyZSBDZXJ0
aWZpY2F0ZSBBdXRob3JpdHkwHhcNMDIwNTIxMDQwMDAwWhcNMTgwODIxMDQwMDAw
WjBCMQswCQYDVQQGEwJVUzEWMBQGA1UEChMNR2VvVHJ1c3QgSW5jLjEbMBkGA1UE
AxMSR2VvVHJ1c3QgR2xvYmFsIENBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB
CgKCAQEA2swYYzD99BcjGlZ+W988bDjkcbd4kdS8odhM+KhDtgPpTSEHCIjaWC9m
OSm9BXiLnTjoBbdqfnGk5sRgprDvgOSJKA+eJdbtg/OtppHHmMlCGDUUna2YRpIu
T8rxh0PBFpVXLVDviS2Aelet8u5fa9IAjbkU+BQVNdnARqN7csiRv8lVK83Qlz6c
JmTM386DGXHKTubU1XupGc1V3sjs0l44U+VcT4wt/lAjNvxm5suOpDkZALeVAjmR
Cw7+OC7RHQWa9k0+bw8HHa8sHo9gOeL6NlMTOdReJivbPagUvTLrGAMoUgRx5asz
PeE4uwc2hGKceeoWMPRfwCvocWvk+QIDAQABo4HwMIHtMB8GA1UdIwQYMBaAFEjm
aPkr0rKV10fYIyAQTzOYkJ/UMB0GA1UdDgQWBBTAephojYn7qwVkDBF9qn1luMrM
TjAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIBBjA6BgNVHR8EMzAxMC+g
LaArhilodHRwOi8vY3JsLmdlb3RydXN0LmNvbS9jcmxzL3NlY3VyZWNhLmNybDBO
BgNVHSAERzBFMEMGBFUdIAAwOzA5BggrBgEFBQcCARYtaHR0cHM6Ly93d3cuZ2Vv
dHJ1c3QuY29tL3Jlc291cmNlcy9yZXBvc2l0b3J5MA0GCSqGSIb3DQEBBQUAA4GB
AHbhEm5OSxYShjAGsoEIz/AIx8dxfmbuwu3UOx//8PDITtZDOLC5MH0Y0FWDomrL
NhGc6Ehmo21/uBPUR/6LWlxz/K7ZGzIZOKuXNBSqltLroxwUCEm2u+WR74M26x1W
b8ravHNjkOR/ez4iyz0H7V84dJzjA1BOoa+Y7mHyhD8S
-----END CERTIFICATE-----
---
Server certificate
subject=/C=US/ST=California/L=Mountain View/O=Google Inc/CN=google.com
issuer=/C=US/O=Google Inc/CN=Google Internet Authority G2
---
No client certificate CA names sent
---
SSL handshake has read 10364 bytes and written 456 bytes
---
New, TLSv1/SSLv3, Cipher is AES128-SHA
Server public key is 2048 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
SSL-Session:
    Protocol  : TLSv1
    Cipher    : AES128-SHA
    Session-ID: 4083BF08C73AE573B7A4E9D8FE1A56169B84EDF192A956D34035785106593C53
    Session-ID-ctx: 
    Master-Key: 7366BCF9D518917DDBC4444DF52DA1E6BA6DBB75AC05C2BEC07B8230F16815F7176A4BC2B72E85A9A07874CD2AD36C79
    Key-Arg   : None
    Start Time: 1478635083
    Timeout   : 300 (sec)
    Verify return code: 0 (ok)
---
read:errno=0

O tutorial que estou usando:

link

    
por user2789433 08.11.2016 / 21:18

1 resposta

2

Não é nenhum deles. Normalmente, os servidores TLS enviam somente as CAs intermediárias; eles não enviam a CA raiz, pois podem seguramente assumir que:

  • Ele já estará presente na lista de âncoras de confiança do cliente (CA confiável), portanto, desnecessária
  • Se não estiver presente, isso significa que o cliente não confia nele, portanto, incluir não mudaria nada.

Em geral, a opção mais confiável seria usar o conjunto de certificados de CA da Mozilla , que tem certificados de CA para verificar a maioria dos sites.

Se por algum motivo você não puder usá-lo, primeiro veja o último certificado na cadeia (GeoTrust emitido pela Equifax), então encontre seu emissor (Equifax) na lista de CA do seu sistema e extraia para um arquivo.

(Embora CAs tecnicamente intermediárias também possam atuar como âncoras de confiança, as versões mais antigas do OpenSSL aceitarão apenas CAs raiz aqui.)

    
por 09.11.2016 / 07:06