我想使用 OpenSSL 或任何本机 Linux 命令来获取 SQL Server 的证书。我尝试了与 HTTP 服务器相同的方法,但它不起作用。
openssl s_client -showcerts -connect MY.MSSQL.SERVER:1433
CONNECTED(00000003)
write:errno=104
---
no peer certificate available
---
No client certificate CA names sent
---
SSL handshake has read 0 bytes and written 249 bytes
---
New, (NONE), Cipher is (NONE)
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
---
github 用户 lnattrass 提供的这个要点提供了一个 python 脚本,该脚本是 “连接到 MS SQL Server 并将证书转储为 PEM 的糟糕方法”(他的措辞)。是的,这不是你问的,你问的是 OpenSSL。但其中一条评论部分说了
我能够使用 openssl 获得相同的结果,如下所示:
,如某处建议的。openssl s_client -showcerts -connect <hostname>:<port> </dev/null 2>/dev/null|openssl x509 -outform PEM >dbcertfile.pem
(不知道“某个地方”在哪里。)
我尝试过 openssl 方法,但对我来说失败了:
rpresser@11MTLDEV-L11626:~$ openssl s_client -showcerts -connect mysqlserver.mydomain.com:1433 </dev/null 2>/dev/null|openssl x509 -outform PEM >dbcertfile.pem
unable to load certificate
140246796931520:error:0909006C:PEM routines:get_name:no start line:../crypto/pem/pem_lib.c:745:Expecting: TRUSTED CERTIFICATE
也许这是因为自签名证书(见下文)不受信任?我真的不确定。
修复了一个缩进错误后,python 方法对我有用了:
rpresser@11MTLDEV-L11626:/mnt/c/temp$ python3 get_tds_cert.py redacted.domain.COM 1433
# get_tdspacket: 0, tdspacket len: 43
# Header: {'type': 4, 'status': 1, 'length': 43, 'channel': 0, 'packet': 1, 'window': 0}
# Remaining tdspbuf length: 0
# Starting TLS handshake loop..
# Shaking (0/5)
# get_tdspacket: 0, tdspacket len: 894
# Header: {'type': 18, 'status': 1, 'length': 894, 'channel': 0, 'packet': 0, 'window': 0}
# Remaining tdspbuf length: 0
# Shaking (1/5)
# get_tdspacket: 0, tdspacket len: 67
# Header: {'type': 18, 'status': 1, 'length': 67, 'channel': 0, 'packet': 0, 'window': 0}
# Remaining tdspbuf length: 0
# Handshake completed, dumping certificates
-----BEGIN CERTIFICATE-----
MIIB+zCCAWSgAwIBAgIQYc0YElx/YYFF/Q0PIYETxDANBgkqhkiG9w0BAQUFADA7
MTkwNwYDVQQDHjAAUwBTAEwAXwBTAGUAbABmAF8AUwBpAGcAbgBlAGQAXwBGAGEA
bABsAGIAYQBjAGswIBcNMjAwMjAyMDQ0NzA5WhgPMjA1MDAyMDIwNDQ3MDlaMDsx
OTA3BgNVBAMeMABTAFMATABfAFMAZQBsAGYAXwBTAGkAZwBuAGUAZABfAEYAYQBs
AGwAYgBhAGMAazCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAohSQbug4qZug
ji16iKuNpX4OzGc9DPAORaho8LB2AGinol+rEmcTGRofeIg9zeXMbiOwWbrCnT3/
RUDLOW6V4papZ7H/qIcmVIKdzNCezWMlfPd0h4S00kVovHDIbC1t2uhcDdfEIsh+
fbgzS34bkXNACurtV5t8kpPWYDsRwqsCAwEAATANBgkqhkiG9w0BAQUFAAOBgQBr
qfAph+/NF6Cgxisp7UHq9kjQ6sYNCIXfq9mJnRqX+I8H6nxSQfpDlljdvKN3GYeg
SL4jowNL11z5xjpJS9/KhLFwodicWKt0Go/CqusPWJKVJo0HgIn9a1hHPipRbR8w
3+QRy50kaPXm5VOoSg83+CjEg9ri7jfgtWLetq+xoQ==
-----END CERTIFICATE-----
我没有费心去编辑证书,因为它是 SQL Server 自签名后备,如 SSLShopper 证书解码器
所示
- 证书信息:
- 通用名称:SSL_Self_Signed_Fallback
- 有效期:2020年2月1日
- 有效期至:2050 年 2 月 1 日 序列号:61cd18125c7f618145fd0d0f218113c4
在寻找 openssl 解决方案但没有成功并且与 python 脚本进行斗争也没有成功之后(初始版本和固定版本都抛出了错误),我求助于使用 nmap,在这种情况下它非常简单:
nmap -v --script=ssl-cert -p 1433 server.example.com
在输出中应该有一个这样的证书(自签名证书),您应该能够清理格式并在需要的地方使用它。
| SHA-1: dba1 14a3 d2c7 9410 0a7a bb8d d08e e1a0 d6a1 9e87
| -----BEGIN CERTIFICATE-----
| MIIB+zCCAWSgAwIBAgIQJW6eoEmJJJJDqpOSmq2W6TANBgkqhkiG9w0BAQUFADA7
| MTkwNwYDVQQDHjAAUwBTAEwAXwBTAGUAbABmAF8AUwBpAGcAbgBlAGQAXwBGAGEA
| bABsAGIAYQBjAGswIBcNMjMwMTE4MTEyOTQ5WhgPMjA1MzAxMTgxMTI5NDlaMDsx
| OTA3BgNVBAMeMABTAFMATABfAFMAZQBsAGYAXwBTAGkAZwBuAGUAZABfAEYAYQBs
| AGwAYgBhAGMAazCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAxKxXDgSq1++4
| yDSOmXDO5F2gDa1cW2x4USQOxXq5ux4RObhteo9pVOIDi2TfmKMUl9OTNUqfxiTl
| YJtHmBKP7aghWK5Z9p5VBDfbzmAG04tdII49piocKvdimy96veGWnPUGFdovx35k
| dEOT7+NpQTVIDscsIIDa8csQJmuwgdsCAwEAATANBgkqhkiG9w0BAQUFAAOBgQBV
| 0KzioJl5tcvpjG2VK/TTpfAdZnz4MZwhg/ThviRtcV3WLVkKbCOh0A1ljCoURgsX
| HIvYXBHn1XdJn4F8HHeh8B53tjwRYkvxg2jGWfKofr0nAu23rbMv3543UroSH6r2
| 3CeLkgsAwFUcXPUfYwae5L48FKlkD5V2TsOhmy8rvg==
|_-----END CERTIFICATE-----
受到 https://gist.github.com/lnattrass/a4a91dbf439fc1719d69f7865c1b1791 的启发,并得到帮助https://learn.microsoft.com/en-us/openspecs/windows_protocols/ms-tds/1ef08b76-1594-40cf-8ce0-d2407133dd3d
类似 groovy (java 11) 中的实现,它从 sql server 返回证书链:
groovy sqlserver-cert.groovy <host> <port>