SSL/TLS证书体系
概述
SSL/TLS证书是互联网安全通信的基石,基于PKI(公钥基础设施)体系建立信任关系。证书将公钥与身份绑定,由受信任的CA(证书颁发机构)签发,使客户端能够验证服务端的真实身份。本文深入解析证书结构、验证流程和管理实践。
X.509证书结构
使用openssl查看证书详情:
# 查看证书内容
openssl x509 -in cert.pem -text -noout
# 输出示例:
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
04:00:00:00:00:01:15:4b:5a:c3:94
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=US, O=Let's Encrypt, CN=R3
Validity
Not Before: Jan 1 00:00:00 2025 GMT
Not After : Apr 1 00:00:00 2025 GMT
Subject: CN=example.com
Subject Public Key Info:
Public Key Algorithm: id-ecPublicKey
Public-Key: (256 bit)
X509v3 extensions:
X509v3 Subject Alternative Name:
DNS:example.com, DNS:*.example.com
X509v3 Key Usage: critical
Digital Signature
X509v3 Extended Key Usage:
TLS Web Server Authentication
X509v3 Basic Constraints: critical
CA:FALSE
Authority Information Access:
OCSP - URI:http://r3.o.lencr.org
CA Issuers - URI:http://r3.i.lencr.org/
# 查看证书链
openssl s_client -connect example.com:443 -showcerts
# 验证证书
openssl verify -CAfile ca-bundle.crt cert.pemCA层级体系
为什么使用中间CA?
- 根CA私钥安全性至关重要,应离线保存
- 中间CA被攻破时可以吊销,不影响根CA
- 不同中间CA可服务不同用途或区域
证书类型
按验证级别
| 类型 | 验证内容 | 签发时间 | 成本 | 地址栏显示 |
|---|---|---|---|---|
| DV (域名验证) | 仅验证域名所有权 | 分钟级 | 免费/低 | 锁标志 |
| OV (组织验证) | 验证组织身份 | 1-3天 | 中等 | 锁标志+组织名 |
| EV (扩展验证) | 严格验证组织 | 1-2周 | 高 | 锁标志(绿色已取消) |
按覆盖范围
# 单域名证书
Subject: CN=example.com
SAN: DNS:example.com
# 通配符证书
Subject: CN=*.example.com
SAN: DNS:*.example.com
# 注意:仅匹配一级子域名,不匹配 a.b.example.com
# 多域名证书 (SAN证书)
SAN: DNS:example.com, DNS:example.org, DNS:api.example.com证书链验证
常见验证失败原因:
# 1. 证书链不完整(缺少中间证书)
# 验证并修复证书链
openssl s_client -connect example.com:443 2>&1 | grep -i verify
# Verify return code: 21 (unable to verify the first certificate)
# 修复:合并证书链
cat server.crt intermediate.crt > fullchain.crt
# 2. 证书过期
openssl x509 -in cert.pem -noout -dates
# 3. 域名不匹配
openssl x509 -in cert.pem -noout -text | grep -A1 "Subject Alternative Name"
# 4. 使用在线工具检查
# https://www.ssllabs.com/ssltest/CSR生成
# 生成私钥和CSR(RSA 2048)
openssl req -new -newkey rsa:2048 -nodes \
-keyout server.key -out server.csr \
-subj "/C=CN/ST=Beijing/L=Beijing/O=MyCompany/CN=example.com"
# 生成ECC私钥和CSR(推荐,更小更快)
openssl ecparam -genkey -name prime256v1 -out server.key
openssl req -new -key server.key -out server.csr \
-subj "/CN=example.com"
# 带SAN的CSR(需要配置文件)
cat > san.cnf << EOF
[req]
default_bits = 2048
distinguished_name = req_distinguished_name
req_extensions = v3_req
prompt = no
[req_distinguished_name]
CN = example.com
[v3_req]
subjectAltName = @alt_names
[alt_names]
DNS.1 = example.com
DNS.2 = *.example.com
DNS.3 = example.org
EOF
openssl req -new -key server.key -out server.csr -config san.cnf
# 验证CSR内容
openssl req -in server.csr -text -nooutLet's Encrypt与ACME协议
Let's Encrypt提供免费的DV证书,使用ACME(Automatic Certificate Management Environment)协议自动化证书签发。
# certbot签发证书(Nginx)
certbot --nginx -d example.com -d www.example.com
# certbot签发证书(独立模式)
certbot certonly --standalone -d example.com
# DNS验证(适用于通配符证书)
certbot certonly --manual --preferred-challenges dns \
-d "*.example.com" -d example.com
# 自动续期
certbot renew --dry-run # 测试
certbot renew # 实际续期
# crontab自动续期
0 3 * * * certbot renew --quiet --post-hook "systemctl reload nginx"证书固定(Certificate Pinning)
证书固定将服务器的公钥或证书的哈希固定在客户端,防止CA被攻破后的中间人攻击。
# 获取证书公钥Pin
openssl s_client -servername example.com -connect example.com:443 2>/dev/null | \
openssl x509 -pubkey -noout | \
openssl pkey -pubin -outform der | \
openssl dgst -sha256 -binary | base64
# HTTP Public Key Pinning (HPKP) - 已废弃
# 替代方案:Certificate Transparency注意: HPKP因风险过高(pin错误会导致网站无法访问)已被浏览器废弃,现在推荐使用Certificate Transparency。
Certificate Transparency (CT)
CT要求CA在签发证书后将证书记录到公开的CT日志中,使域名所有者可以监控是否有未授权的证书签发。
# 搜索CT日志(crt.sh)
curl "https://crt.sh/?q=example.com&output=json" | jq '.[0:5]'
# 验证证书中的SCT
openssl s_client -connect example.com:443 2>/dev/null | \
openssl x509 -text -noout | grep -A 5 "CT Precertificate"证书吊销
# CRL (Certificate Revocation List)
openssl x509 -in cert.pem -noout -text | grep "CRL Distribution"
curl -o crl.der http://crl.example.com/ca.crl
openssl crl -in crl.der -inform DER -text
# OCSP (Online Certificate Status Protocol)
openssl ocsp -issuer intermediate.crt -cert server.crt \
-url http://ocsp.example.com -resp_text
# OCSP Stapling(服务端预取OCSP响应)
# Nginx配置
ssl_stapling on;
ssl_stapling_verify on;
resolver 8.8.8.8 valid=300s;
ssl_trusted_certificate /path/to/fullchain.pem;Nginx SSL最佳配置
server {
listen 443 ssl http2;
server_name example.com;
# 证书和私钥
ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem;
# 协议版本
ssl_protocols TLSv1.2 TLSv1.3;
# 密码套件
ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384;
ssl_prefer_server_ciphers off;
# OCSP Stapling
ssl_stapling on;
ssl_stapling_verify on;
ssl_trusted_certificate /etc/letsencrypt/live/example.com/chain.pem;
# Session缓存
ssl_session_cache shared:SSL:10m;
ssl_session_timeout 1d;
ssl_session_tickets off;
# HSTS
add_header Strict-Transport-Security "max-age=63072000; includeSubDomains; preload" always;
}总结
SSL/TLS证书体系是互联网安全的核心基础设施。从证书的生成、签发、验证到吊销,每个环节都需要正确配置。Let's Encrypt的出现使HTTPS部署变得免费且自动化,Certificate Transparency增加了证书签发的可审计性。在实际运维中,需要关注证书链完整性、自动续期、安全配置和CT监控。
贡献者
更新日志
2026/3/14 13:09
查看所有更新日志
9f6c2-于