curl --resolve 查看证书情况
通过curl 解析证书
[root@harbor ~]# curl --resolve 'www.abc.com:127.0.0.1' https://www.abc.com/ -vvv * Couldn't parse CURLOPT_RESOLVE entry 'www.abc.com:127.0.0.1'! * Trying 117.121.111.212:443... * TCP_NODELAY set * Connected to www.abc.com (117.121.111.212) port 443 (#0) * ALPN, offering http/1.1 * Cipher selection: ALL:!EXPORT:!EXPORT40:!EXPORT56:!aNULL:!LOW:!RC4:@STRENGTH * successfully set certificate verify locations: * CAfile: /etc/pki/tls/certs/ca-bundle.crt CApath: none * TLSv1.2 (OUT), TLS header, Certificate Status (22): * TLSv1.2 (OUT), TLS handshake, Client hello (1): * TLSv1.2 (IN), TLS handshake, Server hello (2): * NPN, negotiated HTTP1.1 * TLSv1.2 (IN), TLS handshake, Certificate (11): * TLSv1.2 (IN), TLS handshake, Server key exchange (12): * TLSv1.2 (IN), TLS handshake, Server finished (14): * TLSv1.2 (OUT), TLS handshake, Client key exchange (16): * TLSv1.2 (OUT), TLS change cipher, Change cipher spec (1): * TLSv1.2 (OUT), TLS handshake, Next protocol (67): * TLSv1.2 (OUT), TLS handshake, Finished (20): * TLSv1.2 (IN), TLS change cipher, Change cipher spec (1): * TLSv1.2 (IN), TLS handshake, Finished (20): * SSL connection using TLSv1.2 / ECDHE-RSA-AES256-GCM-SHA384 * ALPN, server did not agree to a protocol * Server certificate: * subject: C=CN; ST=\U5317\U4EAC\U5E02; L=\U5317\U4EAC\U5E02; O=\U5FC3\U533B\U56FD\U9645\U6559\U80B2\U79D1\U6280(\U5317\U4EAC)\U6709\U9650\U516C\U53F8; OU=IT; CN=*.abc.com * start date: Mar 20 00:00:00 2018 GMT * expire date: Dec 20 12:00:00 2019 GMT * subjectAltName: host "www.abc.com" matched cert's "*.abc.com" * issuer: C=US; O=DigiCert Inc; OU=www.digicert.com; CN=GeoTrust RSA CA 2018 * SSL certificate verify ok. > GET / HTTP/1.1 > Host: www.xinyixy.com > User-Agent: curl/7.67.0 > Accept: */* > * Mark bundle as not supporting multiuse < HTTP/1.1 302 Found < Server: xinyixy web server < Date: Thu, 28 Nov 2019 02:51:05 GMT < Content-Length: 0 < Connection: keep-alive < Cache-Control: no-cache, no-store, max-age=0, must-revalidate < Pragma: no-cache < Expires: 0 < X-XSS-Protection: 1; mode=block < X-Content-Type-Options: nosniff < Location: http://www.abc.com/index < Content-Language: en-US < * Connection #0 to host www.abc.com left intact