1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
|
# 签发证书用于E21项目加密通信
## 签发自签发证书用于TSG各组件间加密通信
**注意**
* 证书有效 10 年
* 为了前向保密使用椭圆曲线prime256v1,而未使用RSA
**证书信息**
```
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 15951331750435990784 (0xdd5e83b69725ad00)
Signature Algorithm: ecdsa-with-SHA256
Issuer: C=US, ST=California, L=San Francisco, O=Gdnt-cloud, CN=*.gdnt-cloud.com
Validity
Not Before: Aug 31 05:59:42 2021 GMT
Not After : Aug 29 05:59:42 2031 GMT
Subject: C=US, ST=California, L=San Francisco, O=Gdnt-cloud, CN=*.gdnt-cloud.com
Subject Public Key Info:
Public Key Algorithm: id-ecPublicKey
Public-Key: (256 bit)
pub:
04:49:70:50:9d:7b:57:ad:f3:61:99:8d:99:ab:ec:
cf:27:b3:1e:dd:42:48:b7:48:9e:af:11:f5:71:ad:
13:ba:01:a0:24:81:ee:9e:ab:59:a0:d0:cc:98:44:
27:36:8f:c4:3e:5b:87:e8:cb:6b:65:57:0c:b0:44:
90:a2:2a:7b:f3
ASN1 OID: prime256v1
NIST CURVE: P-256
X509v3 extensions:
X509v3 Basic Constraints:
CA:FALSE
X509v3 Subject Alternative Name:
DNS:*.gdnt-cloud.com, DNS:gdnt-cloud.com
Signature Algorithm: ecdsa-with-SHA256
30:45:02:20:18:b9:48:84:e3:34:6e:cf:ff:9a:95:b3:a1:32:
27:61:3d:eb:4d:8a:88:d5:12:d4:46:d8:dc:22:77:df:3d:18:
02:21:00:c9:24:3e:30:eb:53:11:2c:51:cd:18:24:c6:e4:07:
16:4b:72:08:6c:91:5a:6a:ab:90:e1:03:11:2d:63:f9:04
-----BEGIN CERTIFICATE-----
MIICBTCCAaugAwIBAgIJAN1eg7aXJa0AMAoGCCqGSM49BAMCMGoxCzAJBgNVBAYT
AlVTMRMwEQYDVQQIDApDYWxpZm9ybmlhMRYwFAYDVQQHDA1TYW4gRnJhbmNpc2Nv
MRMwEQYDVQQKDApHZG50LWNsb3VkMRkwFwYDVQQDDBAqLmdkbnQtY2xvdWQuY29t
MB4XDTIxMDgzMTA1NTk0MloXDTMxMDgyOTA1NTk0MlowajELMAkGA1UEBhMCVVMx
EzARBgNVBAgMCkNhbGlmb3JuaWExFjAUBgNVBAcMDVNhbiBGcmFuY2lzY28xEzAR
BgNVBAoMCkdkbnQtY2xvdWQxGTAXBgNVBAMMECouZ2RudC1jbG91ZC5jb20wWTAT
BgcqhkjOPQIBBggqhkjOPQMBBwNCAARJcFCde1et82GZjZmr7M8nsx7dQki3SJ6v
EfVxrRO6AaAkge6eq1mg0MyYRCc2j8Q+W4foy2tlVwywRJCiKnvzozowODAJBgNV
HRMEAjAAMCsGA1UdEQQkMCKCECouZ2RudC1jbG91ZC5jb22CDmdkbnQtY2xvdWQu
Y29tMAoGCCqGSM49BAMCA0gAMEUCIBi5SITjNG7P/5qVs6EyJ2E9602KiNUS1EbY
3CJ33z0YAiEAySQ+MOtTESxRzRgkxuQHFktyCGyRWmqrkOEDES1j+QQ=
-----END CERTIFICATE-----
Not Before: Aug 31 05:59:42 2021 GMT
Not After : Aug 29 05:59:42 2031 GMT
```
## 为 TSG/Nezha 的界面服务签发证书
**注意**
* 证书有效 20 年
* TSG/Nezha 的证书不绑定域名,不绑定IP
**根证书**
```
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 14219135907191779218 (0xc55484c5792aef92)
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=CN, ST=Beijing, L=Xicheng, O=GDNT, OU=Certificate Authority, CN=support/[email protected]
Validity
Not Before: Nov 5 07:47:19 2021 GMT
Not After : Oct 31 07:47:19 2041 GMT
Subject: C=CN, ST=Beijing, L=Xicheng, O=GDNT, OU=Certificate Authority, CN=support/[email protected]
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (2048 bit)
Modulus:
00:d3:27:71:59:e9:1e:06:4d:68:3d:5c:01:ed:32:
a6:8f:c8:ff:75:b4:cc:4f:fa:8f:1e:9b:8a:6a:c8:
8b:14:20:cc:ed:e3:a2:8f:b1:2d:1b:b5:6b:c0:87:
d0:ad:d7:78:33:7d:3d:1f:e9:59:ff:d3:3e:c0:e3:
68:e6:7b:64:01:a3:e2:1d:10:9d:8b:ee:23:0b:12:
bc:3b:a7:9e:6d:68:b2:cf:c3:cf:2c:a6:30:20:fd:
da:83:6a:aa:d9:99:27:2d:da:c9:91:be:a8:1b:56:
65:f8:cb:f8:3b:6a:07:3c:65:5c:a8:09:58:73:c2:
55:e7:74:f5:11:de:dc:37:8a:47:44:01:f4:d1:3e:
42:73:9c:f3:6b:6c:0d:80:99:50:55:9b:27:b9:07:
33:fa:5c:36:60:ef:d0:d8:49:fe:a1:28:3d:ff:63:
c7:eb:be:0a:8f:9d:09:9b:8e:cf:41:6d:82:2e:ef:
bf:ee:e7:f1:b3:41:fa:cf:8d:37:1d:1c:24:69:d2:
fd:cd:c7:0c:b2:f9:3b:a5:37:55:53:e2:a6:7d:5d:
6a:7c:8c:f7:24:5c:86:66:a2:c3:a0:8b:45:60:6d:
f0:bc:e3:29:4f:f3:5a:d5:54:a0:46:2a:59:cf:fc:
95:d9:2c:a6:cb:3d:d5:ee:e8:fe:fe:03:2d:f0:a4:
4b:49
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Basic Constraints:
CA:TRUE
Signature Algorithm: sha256WithRSAEncryption
97:08:4e:dd:a1:b2:6b:de:d1:c1:8a:ef:e6:31:00:13:10:e8:
ca:5e:67:60:86:db:26:92:55:eb:6a:ce:5f:08:93:de:ad:4d:
9e:5d:5d:31:8e:bf:8f:26:4f:3c:05:11:1f:28:5e:f4:a5:49:
dc:e3:40:ec:a7:5d:17:67:09:2e:06:f5:88:ed:63:8a:c1:92:
fa:22:cb:2b:f1:c8:08:3c:61:e4:ad:3e:65:ba:8e:08:55:8b:
bb:35:e1:ba:4d:bc:fe:59:06:07:fd:b5:50:6c:0c:77:27:22:
1b:1f:d7:17:fd:d1:0a:6a:bd:38:6d:96:21:c2:47:dd:ca:ac:
84:97:f9:70:3b:e2:ee:15:b8:8a:84:0d:6b:0f:e7:5b:c3:eb:
2a:d0:33:a1:3a:ad:e7:ab:09:06:e2:fc:f9:44:3b:07:b1:13:
28:d3:66:48:33:20:6a:d4:23:34:18:4f:a4:c6:e4:c2:f0:83:
88:95:e7:a2:5e:f0:ce:59:98:42:e3:f1:05:f9:3d:f2:28:37:
33:8f:88:dd:e8:b4:79:72:a0:83:b5:af:1c:92:86:4d:48:9b:
5a:f4:97:c2:15:f2:31:2f:ca:95:b9:16:17:ce:de:0e:45:91:
f2:5b:de:27:3d:e0:7e:e4:3a:c7:45:f2:62:e7:3e:4e:d7:34:
23:5b:28:ef
```
**TSG实体证书**
```
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 16286509647829799335 (0xe2054e3c2dde11a7)
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=CN, ST=Beijing, L=Xicheng, O=GDNT, OU=Certificate Authority, CN=support/[email protected]
Validity
Not Before: Nov 5 08:32:21 2021 GMT
Not After : Oct 30 08:32:21 2041 GMT
Subject: C=CN, ST=Beijing, L=Xicheng, O=GDNT, OU=TSG, CN=TSG9140/[email protected]
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (2048 bit)
Modulus:
00:a8:5d:52:5b:9a:92:96:6c:e6:b8:19:02:e3:ce:
bd:b3:95:37:4d:a3:b6:5a:4e:d0:88:8c:af:db:64:
db:4e:3d:81:09:63:c1:78:d1:2b:13:6e:9c:57:c6:
d6:75:08:99:21:c3:54:a3:94:c7:b2:87:30:2d:0e:
b7:46:85:ac:bb:9b:3e:31:7f:6f:a5:61:e8:81:24:
dc:9e:9b:4a:a1:04:6d:1d:d7:24:8f:b7:34:85:57:
fa:88:07:b8:c2:c8:3f:c4:90:2c:05:6d:36:d0:c9:
5b:0e:e4:99:e6:11:d0:99:29:b9:3f:5f:bf:34:98:
82:bc:d8:2f:52:29:29:ab:f2:93:76:e6:e9:ab:49:
1b:0f:27:0b:44:b1:d2:78:2d:df:1c:bb:51:37:01:
0f:27:37:28:da:86:a3:6f:3a:f7:98:9a:76:fa:0f:
a6:dd:c1:74:96:75:ec:9d:38:df:c0:84:fe:c4:6f:
23:23:79:05:5e:a8:9f:19:45:22:39:8c:0e:de:76:
04:10:91:fe:6c:cc:da:69:79:a4:22:a7:fc:e3:7f:
76:62:1c:60:11:af:97:2a:69:04:8e:01:72:8d:44:
b9:f8:b8:12:89:2b:8e:54:ec:11:72:1c:3c:d1:7b:
68:ab:95:1c:c4:f8:59:a1:02:6e:5f:b1:00:57:cd:
88:4f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Basic Constraints:
CA:FALSE
Signature Algorithm: sha256WithRSAEncryption
96:da:8d:f7:ef:75:07:36:ff:42:f4:c0:29:77:75:32:8f:f7:
c5:dc:0c:9b:7c:f1:f5:69:6b:7a:c0:b4:17:b4:20:84:2d:ac:
58:0e:ad:93:31:3d:9d:ba:57:7f:04:44:96:21:9b:58:4c:5c:
37:34:98:2c:df:30:3f:f5:a9:e4:df:5e:76:fc:78:b1:95:6d:
d4:5f:d4:bc:93:5b:88:59:7b:b7:a2:2f:de:0b:df:7f:b5:83:
e0:34:8c:45:0e:67:c2:82:28:67:79:ff:be:62:99:eb:bd:4d:
6c:dc:7d:40:92:28:fa:cc:c1:22:c0:ef:f6:b1:f0:fd:cf:08:
8d:c2:54:30:cb:7d:10:ff:04:7b:46:63:64:79:69:ca:7f:14:
78:f4:90:be:bc:d0:54:5f:64:f2:c2:71:8d:d9:d2:8a:64:05:
53:bb:1c:d8:24:1f:01:6e:53:6a:af:2d:77:1f:58:be:95:6c:
8c:3c:b7:9d:ae:38:75:28:e3:f3:83:53:4b:7c:9e:7d:bd:d0:
f5:01:96:a5:5b:40:32:ff:79:ea:e1:3b:de:07:88:c9:1f:b9:
f2:70:a3:30:77:7e:15:d8:4b:b6:90:88:41:94:17:8a:2f:02:
81:14:d1:7c:ca:2b:c2:9d:0c:71:f0:dd:f0:06:14:c0:bd:81:
25:17:f9:d7
```
**Nezha实体证书**
```
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 16286509647829799334 (0xe2054e3c2dde11a6)
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=CN, ST=Beijing, L=Xicheng, O=GDNT, OU=Certificate Authority, CN=support/[email protected]
Validity
Not Before: Nov 5 08:04:17 2021 GMT
Not After : Oct 30 08:04:17 2041 GMT
Subject: C=CN, ST=Beijing, L=Xicheng, O=GDNT, OU=TSG, CN=Nezha/[email protected]
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (2048 bit)
Modulus:
00:ab:5c:2e:a1:9c:49:33:c2:04:10:63:c2:2a:8b:
6a:9a:81:71:96:75:35:0d:62:f3:85:de:03:b4:8b:
db:03:ba:dd:f9:bf:49:29:96:65:34:4b:0a:8e:ba:
2c:4e:ad:92:d0:71:ed:b1:75:7f:5e:98:1c:a0:6c:
80:be:00:94:d0:8e:74:8f:fb:e9:04:ba:c6:8b:88:
bf:a6:08:b5:2f:02:da:5f:4e:88:a5:44:2c:61:ef:
2f:11:30:d9:b1:6e:df:6c:fc:dc:b9:6d:2e:0c:76:
53:7a:15:ac:27:9f:b3:5b:db:a9:e4:3b:8d:ce:68:
c3:d6:d2:10:af:84:22:4e:4d:f3:b8:24:4f:71:72:
f2:81:e6:9f:d1:97:89:bd:1e:fa:31:6b:fd:1f:d2:
ea:6b:93:ac:14:6f:29:4b:3c:3b:38:87:ea:fb:57:
82:11:fc:5e:3b:66:47:57:5e:5d:01:d6:a5:fc:4f:
5e:da:6c:5f:d5:fc:45:4a:1e:71:96:fe:b6:7c:72:
2b:7e:ab:8d:83:20:98:98:72:be:45:b7:5b:fe:1f:
49:6b:6f:b4:ba:57:5b:52:41:3b:66:a7:42:c0:8a:
53:46:a6:9e:fa:a5:5c:41:62:5b:73:07:36:b2:3d:
07:ad:39:62:4c:3a:cb:bc:20:e4:c2:f7:60:07:c8:
ea:59
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Basic Constraints:
CA:FALSE
Signature Algorithm: sha256WithRSAEncryption
5a:59:68:75:bd:4f:3f:33:f9:85:8a:6e:eb:f9:da:25:28:fe:
9f:a1:3a:3c:a3:bc:82:65:74:20:da:f1:45:53:5f:8b:e0:8e:
f1:54:b6:e2:5c:f4:6e:b5:78:b0:ea:09:e6:3d:05:e5:0b:64:
31:5d:21:63:9c:56:de:3a:4c:54:aa:ea:56:8f:ef:14:59:c8:
d6:37:8b:57:9e:1c:68:f2:f4:c0:88:0c:c8:30:9d:95:cc:d1:
1f:7c:cf:cb:cf:28:7e:ca:9d:ee:e7:13:6e:66:f9:b9:20:2c:
3b:f3:18:19:63:fd:c2:fb:b8:ec:4c:aa:01:5f:20:16:08:86:
62:e0:28:2b:d6:9b:38:05:2c:3c:ab:f8:b7:89:28:3d:80:ac:
76:1c:45:d4:f3:6b:32:26:9f:e3:78:c2:42:97:8b:6c:ed:ef:
b1:39:27:bd:30:6d:d3:ef:1c:ef:c6:d8:cd:8b:8e:16:ad:e0:
8a:9a:e4:6b:51:a9:b4:e5:5f:35:fa:ee:94:47:82:ee:25:d3:
00:7d:5c:d8:87:c7:00:f6:9f:19:7a:90:64:9b:af:36:19:d5:
c9:0c:45:73:be:69:b4:05:f7:65:e8:eb:27:76:52:9c:00:1f:
48:1e:2b:81:79:0d:2b:70:75:04:e2:08:11:bd:e6:49:12:2b:
88:5b:ca:fd
```
|
