怎样连接EPP服务器

2018年8月17日 | 分类: 【技术】

【证书】

关于epp连接时的SSL证书,他提到是的:用于EPP连接的证书的commonname必须同在注册局登记的一致才可以,也就是证书的域名。比如COM的注册局要求这些。这个证书既可以用来做网站站点证书,也用来和注册局连接。有些注册局会要求申请时提交指定域名,在注册局登记的域名和证书域名要一致。这个域名是可以找注册局改的。目前afilias没有要我提交域名。

这样就好理解了。之前epp连接成功的证书,对应的域名并未在afilias那边备案。仅仅是证书类型列于afilias列出的满足要求的SSL证书列表当中。

参考:https://www.info.info/registrars/registrar-toolkit

【代码】

参考:https://stackoverflow.com/questions/13696779/connecting-to-epp-server-from-local-system
参考:https://stackoverflow.com/questions/8973880/connect-to-epp-server-with-php-using-ssl

<?php
$epp_server = 'ote-console.centralnic.com'; $port = 700; $verify_peer = 0;
//$epp_server = 'epp.ispapi.net'; $port = 1700; $verify_peer = 0;
//$epp_server = 'epp.test.norid.no'; $port = 700; $verify_peer = 0;
//$epp_server = 'epp-test.rotld.ro'; $port = 5555; $verify_peer = 0; // SSLv3
$opts = array(
    'ssl' => array(
    'verify_peer' => $verify_peer,
    'cafile' => "/CAfiles/gd_bundle.crt",
    'local_cert' => "/certs/certificate.cer",
    'passphrase' => 'YourCertificatePasswordHere'
    )
);

$context = stream_context_create($opts);

// TLSv1

$fp = stream_socket_client( "tls://$epp_server:$port", $errno, $errstr, 1, STREAM_CLIENT_CONNECT, $context);

// SSLv3
//$fp = stream_socket_client( "sslv3://$epp_server:$port", $errno, $errstr, 1, STREAM_CLIENT_CONNECT, $context);

if (!$fp) {
    echo "$errstr ($errno)<br />\n";
}

else {
    fwrite($fp, "GET / HTTP/1.0\r\nHost: www.example.com\r\nAccept: */*\r\n\r\n");
    while (!feof($fp)) {
        echo fgets($fp, 1024);
    }

    fclose($fp);

}

?>

【测试:epp-ote.centralnic.com:700】

输入:

openssl s_client -connect epp-ote.centralnic.com:700

输出:

CONNECTED(00000003)
depth=3 C = SE, O = AddTrust AB, OU = AddTrust External TTP Network, CN = AddTrust External CA Root
verify return:1
depth=2 C = GB, ST = Greater Manchester, L = Salford, O = COMODO CA Limited, CN = COMODO RSA Certification Authority
verify return:1
depth=1 C = GB, ST = Greater Manchester, L = Salford, O = COMODO CA Limited, CN = COMODO RSA Domain Validation Secure Server CA
verify return:1
depth=0 OU = Domain Control Validated, OU = COMODO SSL, CN = epp-ote.centralnic.com
verify return:1
---
Certificate chain
 0 s:/OU=Domain Control Validated/OU=COMODO SSL/CN=epp-ote.centralnic.com
   i:/C=GB/ST=Greater Manchester/L=Salford/O=COMODO CA Limited/CN=COMODO RSA Domain Validation Secure Server CA
 1 s:/C=GB/ST=Greater Manchester/L=Salford/O=COMODO CA Limited/CN=COMODO RSA Domain Validation Secure Server CA
   i:/C=GB/ST=Greater Manchester/L=Salford/O=COMODO CA Limited/CN=COMODO RSA Certification Authority
 2 s:/C=GB/ST=Greater Manchester/L=Salford/O=COMODO CA Limited/CN=COMODO RSA Certification Authority
   i:/C=SE/O=AddTrust AB/OU=AddTrust External TTP Network/CN=AddTrust External CA Root
 3 s:/C=SE/O=AddTrust AB/OU=AddTrust External TTP Network/CN=AddTrust External CA Root
   i:/C=SE/O=AddTrust AB/OU=AddTrust External TTP Network/CN=AddTrust External CA Root
---
Server certificate
-----BEGIN CERTIFICATE-----
MIIFZjCCBE6gAwIBAgIRALXrugDQuBH6NrW6bM0Ut8UwDQYJKoZIhvcNAQELBQAw
gZAxCzAJBgNVBAYTAkdCMRswGQYDVQQIExJHcmVhdGVyIE1hbmNoZXN0ZXIxEDAO
BgNVBAcTB1NhbGZvcmQxGjAYBgNVBAoTEUNPTU9ETyBDQSBMaW1pdGVkMTYwNAYD
VQQDEy1DT01PRE8gUlNBIERvbWFpbiBWYWxpZGF0aW9uIFNlY3VyZSBTZXJ2ZXIg
Q0EwHhcNMTcxMDI3MDAwMDAwWhcNMjAwMTA0MjM1OTU5WjBZMSEwHwYDVQQLExhE
b21haW4gQ29udHJvbCBWYWxpZGF0ZWQxEzARBgNVBAsTCkNPTU9ETyBTU0wxHzAd
BgNVBAMTFmVwcC1vdGUuY2VudHJhbG5pYy5jb20wggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDQLl9m5cLH9ri4PVVDt7eiU3Hh7IifYqHaUec3TqHPDvqG
mcnTu9T3MDREvETVmOHGPOgUpzbwu1R4hcP0/ZieRB5TAODODWH/9fr47qlKx2xA
JzL1JzvuH/F2NgyV/SjaCGMOCvxb7gL/28amwxDL2lfzrAUS4QTTwsQNlrAdNBWG
wsnzfm5uuwQggeFdpjwVDTDWsRjN9/PrskhPZveY3RO0I/nd2oAlJSk+l6Tlz2C9
jDjACUk9HoNRvvQZ0qzWo0CNbzx1T7afpKG1o/LFoAnEZtL6vAYIXgSNCAb3wFGt
qqnAg6+AYfrBYw53Aa1bml7yuaI6P8UOoDwO3rHBAgMBAAGjggHvMIIB6zAfBgNV
HSMEGDAWgBSQr2o6lFoL2JDqElZz30O0Oija5zAdBgNVHQ4EFgQUoBMW4SFtYs6j
7lkXK7k3YwdG+3EwDgYDVR0PAQH/BAQDAgWgMAwGA1UdEwEB/wQCMAAwHQYDVR0l
BBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCME8GA1UdIARIMEYwOgYLKwYBBAGyMQEC
AgcwKzApBggrBgEFBQcCARYdaHR0cHM6Ly9zZWN1cmUuY29tb2RvLmNvbS9DUFMw
CAYGZ4EMAQIBMFQGA1UdHwRNMEswSaBHoEWGQ2h0dHA6Ly9jcmwuY29tb2RvY2Eu
Y29tL0NPTU9ET1JTQURvbWFpblZhbGlkYXRpb25TZWN1cmVTZXJ2ZXJDQS5jcmww
gYUGCCsGAQUFBwEBBHkwdzBPBggrBgEFBQcwAoZDaHR0cDovL2NydC5jb21vZG9j
YS5jb20vQ09NT0RPUlNBRG9tYWluVmFsaWRhdGlvblNlY3VyZVNlcnZlckNBLmNy
dDAkBggrBgEFBQcwAYYYaHR0cDovL29jc3AuY29tb2RvY2EuY29tMD0GA1UdEQQ2
MDSCFmVwcC1vdGUuY2VudHJhbG5pYy5jb22CGnd3dy5lcHAtb3RlLmNlbnRyYWxu
aWMuY29tMA0GCSqGSIb3DQEBCwUAA4IBAQAKWSI8Qsm8RnUH+mRmSmw/0Y0q/L3T
361/csqpGoM6YnBNHlcfUsUYrgHY+ISLjsrjZ9/6iAKfb6hBu15s8ydNhC3lTj98
ViaAMtcoMJSdRitwM1jfrpeuMa9dGarnCZhgX6UXaGYJKEKU7B519hTfhnTFvL1t
QW/2E2XJohfPPEQu+IucIC6Uw9RGQbhYGSp7mdPVg3n6X412lGOf0iLfBM2QzCUX
KIZ/2MeU01f22vKTebIOSktw+Wdx+qDe5TvKlJoFvc/TEjwDWuw2Yh2oss2vN0e7
w+ls10xQj/NCbFT4x8/NeKNQvC590nra1NEy78so3ojcj9kIgGvR29Z0
-----END CERTIFICATE-----
subject=/OU=Domain Control Validated/OU=COMODO SSL/CN=epp-ote.centralnic.com
issuer=/C=GB/ST=Greater Manchester/L=Salford/O=COMODO CA Limited/CN=COMODO RSA Domain Validation Secure Server CA
---
Acceptable client certificate CA names
/C=CN/O=CNNIC/CN=CNNIC ROOT
/C=FR/O=Dhimyotis/CN=Certigna
/O=TeliaSonera/CN=TeliaSonera Root CA v1
/C=ES/O=IZENPE S.A./CN=Izenpe.com
/C=FI/O=Sonera/CN=Sonera Class2 CA
/O=RSA Security Inc/OU=RSA Security 2048 V3
/C=RO/O=certSIGN/OU=certSIGN ROOT CA
/O=Cybertrust, Inc/CN=Cybertrust Global Root
/CN=ComSign Secured CA/O=ComSign/C=IL
/CN=Atos TrustedRoot 2011/O=Atos/C=DE
/C=FR/O=Certplus/CN=Class 2 Primary CA
/C=PL/O=Unizeto Sp. z o.o./CN=Certum CA
/C=TW/O=Government Root Certification Authority
/O=Digital Signature Trust Co./CN=DST Root CA X3
/C=US/O=AffirmTrust/CN=AffirmTrust Premium
/C=US/O=GeoTrust Inc./CN=GeoTrust Global CA
/CN=ACCVRAIZ1/OU=PKIACCV/O=ACCV/C=ES
/C=DK/O=TDC Internet/OU=TDC Internet Root CA
/C=JP/O=Japanese Government/OU=ApplicationCA
/C=US/O=AffirmTrust/CN=AffirmTrust Commercial
/C=US/O=AffirmTrust/CN=AffirmTrust Networking
/C=US/O=GeoTrust Inc./CN=GeoTrust Global CA 2
/CN=ACEDICOM Root/OU=PKI/O=EDICOM/C=ES
/C=BM/O=QuoVadis Limited/CN=QuoVadis Root CA 2
/C=BM/O=QuoVadis Limited/CN=QuoVadis Root CA 3
/C=CH/O=SwissSign AG/CN=SwissSign Gold CA - G2
/C=GB/O=Trustis Limited/OU=Trustis FPS Root CA
/C=US/O=AffirmTrust/CN=AffirmTrust Premium ECC
/C=US/O=GeoTrust Inc./CN=GeoTrust Universal CA
/C=CH/O=SwissSign AG/CN=SwissSign Silver CA - G2
/C=HK/O=Hongkong Post/CN=Hongkong Post Root CA 1
/C=US/O=GeoTrust Inc./CN=GeoTrust Universal CA 2
/C=US/O=SecureTrust Corporation/CN=SecureTrust CA
/C=SK/L=Bratislava/O=Disig a.s./CN=CA Disig
/C=US/O=SecureTrust Corporation/CN=Secure Global CA
/C=NO/O=Buypass AS-983163327/CN=Buypass Class 2 CA 1
/C=NO/O=Buypass AS-983163327/CN=Buypass Class 3 CA 1
/OU=GlobalSign Root CA - R2/O=GlobalSign/CN=GlobalSign
/OU=GlobalSign Root CA - R3/O=GlobalSign/CN=GlobalSign
/C=DE/O=D-Trust GmbH/CN=D-TRUST Root Class 3 CA 2 2009
/C=NO/O=Buypass AS-983163327/CN=Buypass Class 2 Root CA
/C=NO/O=Buypass AS-983163327/CN=Buypass Class 3 Root CA
/C=US/O=Equifax/OU=Equifax Secure Certificate Authority
/C=DE/O=D-Trust GmbH/CN=D-TRUST Root Class 3 CA 2 EV 2009
/C=JP/O=SECOM Trust.net/OU=Security Communication RootCA1
/C=ES/CN=Autoridad de Certificacion Firmaprofesional CIF A62634068
/C=TW/O=TAIWAN-CA/OU=Root CA/CN=TWCA Global Root CA
/C=SK/L=Bratislava/O=Disig a.s./CN=CA Disig Root R1
/C=SK/L=Bratislava/O=Disig a.s./CN=CA Disig Root R2
/C=IL/O=StartCom Ltd./CN=StartCom Certification Authority G2
/C=US/O=Equifax Secure Inc./CN=Equifax Secure eBusiness CA-1
/C=NL/O=Staat der Nederlanden/CN=Staat der Nederlanden Root CA
/C=BE/O=GlobalSign nv-sa/OU=Root CA/CN=GlobalSign Root CA
/C=JP/O=Japan Certification Services, Inc./CN=SecureSign RootCA11
/C=US/O=GeoTrust Inc./CN=GeoTrust Primary Certification Authority
/C=IE/O=Baltimore/OU=CyberTrust/CN=Baltimore CyberTrust Root
/C=NL/O=Staat der Nederlanden/CN=Staat der Nederlanden Root CA - G2
/C=US/O=Equifax Secure Inc./CN=Equifax Secure Global eBusiness CA-1
/C=US/O=Digital Signature Trust/OU=DST ACES/CN=DST ACES CA X6
/C=JP/O=SECOM Trust Systems CO.,LTD./OU=Security Communication RootCA2
/emailAddress=pki@sk.ee/C=EE/O=AS Sertifitseerimiskeskus/CN=Juur-SK
/C=TW/O=Chunghwa Telecom Co., Ltd./OU=ePKI Root Certification Authority
/C=TW/O=TAIWAN-CA/OU=Root CA/CN=TWCA Root Certification Authority
/C=US/O=VeriSign, Inc./OU=Class 3 Public Primary Certification Authority
/C=JP/O=SECOM Trust Systems CO.,LTD./OU=Security Communication EV RootCA1
/C=US/O=DigiCert Inc/OU=www.digicert.com/CN=DigiCert Global Root CA
/C=US/O=Network Solutions L.L.C./CN=Network Solutions Certificate Authority
/C=FR/O=Certinomis/OU=0002 433998903/CN=Certinomis - Autorit\xC3\xA9 Racine
/C=US/O=America Online Inc./CN=America Online Root Certification Authority 1
/C=US/O=America Online Inc./CN=America Online Root Certification Authority 2
/C=US/O=The Go Daddy Group, Inc./OU=Go Daddy Class 2 Certification Authority
/C=ch/O=Swisscom/OU=Digital Certificate Services/CN=Swisscom Root CA 1
/C=ch/O=Swisscom/OU=Digital Certificate Services/CN=Swisscom Root CA 2
/C=SE/O=AddTrust AB/OU=AddTrust TTP Network/CN=AddTrust Public CA Root
/C=SE/O=AddTrust AB/OU=AddTrust TTP Network/CN=AddTrust Class 1 CA Root
/C=US/O=DigiCert Inc/OU=www.digicert.com/CN=DigiCert Assured ID Root CA
/C=ch/O=Swisscom/OU=Digital Certificate Services/CN=Swisscom Root EV CA 2
/C=SE/O=AddTrust AB/OU=AddTrust TTP Network/CN=AddTrust Qualified CA Root
/C=ES/O=Generalitat Valenciana/OU=PKIGVA/CN=Root CA Generalitat Valenciana
/C=US/O=Starfield Technologies, Inc./OU=Starfield Class 2 Certification Authority
/C=IT/L=Milan/O=Actalis S.p.A./03358520967/CN=Actalis Authentication Root CA
/C=US/O=VISA/OU=Visa International Service Association/CN=Visa eCommerce Root
/C=US/O=DigiCert Inc/OU=www.digicert.com/CN=DigiCert High Assurance EV Root CA
/C=SE/O=AddTrust AB/OU=AddTrust External TTP Network/CN=AddTrust External CA Root
/C=DE/O=Deutsche Telekom AG/OU=T-TeleSec Trust Center/CN=Deutsche Telekom Root CA 2
/C=HU/L=Budapest/O=Microsec Ltd./OU=e-Szigno CA/CN=Microsec e-Szigno Root CA
/C=EE/O=AS Sertifitseerimiskeskus/CN=EE Certification Centre Root CA/emailAddress=pki@sk.ee
/C=TR/O=Elektronik Bilgi Guvenligi A.S./CN=e-Guven Kok Elektronik Sertifika Hizmet Saglayicisi
/C=US/O=GTE Corporation/OU=GTE CyberTrust Solutions, Inc./CN=GTE CyberTrust Global Root
/C=DE/O=TC TrustCenter GmbH/OU=TC TrustCenter Class 2 CA/CN=TC TrustCenter Class 2 CA II
/C=DE/O=TC TrustCenter GmbH/OU=TC TrustCenter Class 3 CA/CN=TC TrustCenter Class 3 CA II
/C=DE/O=TC TrustCenter GmbH/OU=TC TrustCenter Universal CA/CN=TC TrustCenter Universal CA I
/C=CO/O=Sociedad Cameral de Certificaci\xC3\xB3n Digital - Certic\xC3\xA1mara S.A./CN=AC Ra\xC3\xADz Certic\xC3\xA1mara S.A.
/C=GB/ST=Greater Manchester/L=Salford/O=Comodo CA Limited/CN=AAA Certificate Services
/C=EU/O=AC Camerfirma SA CIF A82743287/OU=http://www.chambersign.org/CN=Global Chambersign Root
/C=IL/O=StartCom Ltd./OU=Secure Digital Certificate Signing/CN=StartCom Certification Authority
/C=GB/ST=Greater Manchester/L=Salford/O=Comodo CA Limited/CN=Secure Certificate Services
/C=PL/O=Unizeto Technologies S.A./OU=Certum Certification Authority/CN=Certum Trusted Network CA
/C=BM/O=QuoVadis Limited/OU=Root Certification Authority/CN=QuoVadis Root Certification Authority
/C=EU/O=AC Camerfirma SA CIF A82743287/OU=http://www.chambersign.org/CN=Chambers of Commerce Root
/C=GB/ST=Greater Manchester/L=Salford/O=Comodo CA Limited/CN=Trusted Certificate Services
/CN=EBG Elektronik Sertifika Hizmet Sa\xC4\x9Flay\xC4\xB1c\xC4\xB1s\xC4\xB1/O=EBG Bili\xC5\x9Fim Teknolojileri ve Hizmetleri A.\xC5\x9E./C=TR
/C=GB/ST=Greater Manchester/L=Salford/O=COMODO CA Limited/CN=COMODO Certification Authority
/C=DE/O=T-Systems Enterprise Services GmbH/OU=T-Systems Trust Center/CN=T-TeleSec GlobalRoot Class 2
/C=DE/O=T-Systems Enterprise Services GmbH/OU=T-Systems Trust Center/CN=T-TeleSec GlobalRoot Class 3
/C=HU/L=Budapest/O=Microsec Ltd./CN=Microsec e-Szigno Root CA 2009/emailAddress=info@e-szigno.hu
/C=US/OU=www.xrampsecurity.com/O=XRamp Security Services Inc/CN=XRamp Global Certification Authority
/C=US/ST=Arizona/L=Scottsdale/O=GoDaddy.com, Inc./CN=Go Daddy Root Certificate Authority - G2
/C=US/O=thawte, Inc./OU=(c) 2007 thawte, Inc. - For authorized use only/CN=thawte Primary Root CA - G2
/C=FR/ST=France/L=Paris/O=PM/SGDN/OU=DCSSI/CN=IGC/A/emailAddress=igca@sgdn.pm.gouv.fr
/C=GB/ST=Greater Manchester/L=Salford/O=COMODO CA Limited/CN=COMODO ECC Certification Authority
/C=US/O=Wells Fargo WellsSecure/OU=Wells Fargo Bank NA/CN=WellsSecure Public Root Certificate Authority
/C=CH/O=WISeKey/OU=Copyright (c) 2005/OU=OISTE Foundation Endorsed/CN=OISTE WISeKey Global Root GA CA
/C=CN/O=China Internet Network Information Center/CN=China Internet Network Information Center EV Certificates Root
/C=AT/O=A-Trust Ges. f. Sicherheitssysteme im elektr. Datenverkehr GmbH/OU=A-Trust-nQual-03/CN=A-Trust-nQual-03
/C=US/ST=Arizona/L=Scottsdale/O=Starfield Technologies, Inc./CN=Starfield Root Certificate Authority - G2
/C=US/ST=UT/L=Salt Lake City/O=The USERTRUST Network/OU=http://www.usertrust.com/CN=UTN - DATACorp SGC
/C=GR/O=Hellenic Academic and Research Institutions Cert. Authority/CN=Hellenic Academic and Research Institutions RootCA 2011
/C=US/ST=UT/L=Salt Lake City/O=The USERTRUST Network/OU=http://www.usertrust.com/CN=UTN-USERFirst-Hardware
/C=US/ST=Arizona/L=Scottsdale/O=Starfield Technologies, Inc./CN=Starfield Services Root Certificate Authority - G2
/C=US/O=GeoTrust Inc./OU=(c) 2007 GeoTrust Inc. - For authorized use only/CN=GeoTrust Primary Certification Authority - G2
/C=US/O=GeoTrust Inc./OU=(c) 2008 GeoTrust Inc. - For authorized use only/CN=GeoTrust Primary Certification Authority - G3
/C=HU/L=Budapest/O=NetLock Halozatbiztonsagi Kft./OU=Tanusitvanykiadok/CN=NetLock Uzleti (Class B) Tanusitvanykiado
/C=HU/L=Budapest/O=NetLock Halozatbiztonsagi Kft./OU=Tanusitvanykiadok/CN=NetLock Expressz (Class C) Tanusitvanykiado
/C=HU/L=Budapest/O=NetLock Kft./OU=Tan\xC3\xBAs\xC3\xADtv\xC3\xA1nykiad\xC3\xB3k (Certification Services)/CN=NetLock Arany (Class Gold) F\xC5\x91tan\xC3\xBAs\xC3\xADtv\xC3\xA1ny
/C=US/O=thawte, Inc./OU=Certification Services Division/OU=(c) 2006 thawte, Inc. - For authorized use only/CN=thawte Primary Root CA
/C=EU/L=Madrid (see current address at www.camerfirma.com/address)/serialNumber=A82743287/O=AC Camerfirma S.A./CN=Global Chambersign Root - 2008
/C=EU/L=Madrid (see current address at www.camerfirma.com/address)/serialNumber=A82743287/O=AC Camerfirma S.A./CN=Chambers of Commerce Root - 2008
/C=HU/ST=Hungary/L=Budapest/O=NetLock Halozatbiztonsagi Kft./OU=Tanusitvanykiadok/CN=NetLock Kozjegyzoi (Class A) Tanusitvanykiado
/C=US/O=Entrust, Inc./OU=www.entrust.net/CPS is incorporated by reference/OU=(c) 2006 Entrust, Inc./CN=Entrust Root Certification Authority
/C=TR/L=Ankara/O=E-Tu\xC4\x9Fra EBG Bili\xC5\x9Fim Teknolojileri ve Hizmetleri A.\xC5\x9E./OU=E-Tugra Sertifikasyon Merkezi/CN=E-Tugra Certification Authority
/O=Entrust.net/OU=www.entrust.net/CPS_2048 incorp. by ref. (limits liab.)/OU=(c) 1999 Entrust.net Limited/CN=Entrust.net Certification Authority (2048)
/CN=T\xC3\x9CRKTRUST Elektronik Sertifika Hizmet Sa\xC4\x9Flay\xC4\xB1c\xC4\xB1s\xC4\xB1/C=TR/L=ANKARA/O=(c) 2005 T\xC3\x9CRKTRUST Bilgi \xC4\xB0leti\xC5\x9Fim ve Bili\xC5\x9Fim G\xC3\xBCvenli\xC4\x9Fi Hizmetleri A.\xC5\x9E.
/L=ValiCert Validation Network/O=ValiCert, Inc./OU=ValiCert Class 1 Policy Validation Authority/CN=http://www.valicert.com//emailAddress=info@valicert.com
/L=ValiCert Validation Network/O=ValiCert, Inc./OU=ValiCert Class 2 Policy Validation Authority/CN=http://www.valicert.com//emailAddress=info@valicert.com
/L=ValiCert Validation Network/O=ValiCert, Inc./OU=ValiCert Class 3 Policy Validation Authority/CN=http://www.valicert.com//emailAddress=info@valicert.com
/C=US/O=VeriSign, Inc./OU=VeriSign Trust Network/OU=(c) 2008 VeriSign, Inc. - For authorized use only/CN=VeriSign Universal Root Certification Authority
/CN=T\xC3\x9CRKTRUST Elektronik Sertifika Hizmet Sa\xC4\x9Flay\xC4\xB1c\xC4\xB1s\xC4\xB1/C=TR/L=Ankara/O=T\xC3\x9CRKTRUST Bilgi \xC4\xB0leti\xC5\x9Fim ve Bili\xC5\x9Fim G\xC3\xBCvenli\xC4\x9Fi Hizmetleri A.\xC5\x9E. (c) Kas\xC4\xB1m 2005
/CN=T\xC3\x9CRKTRUST Elektronik Sertifika Hizmet Sa\xC4\x9Flay\xC4\xB1c\xC4\xB1s\xC4\xB1/C=TR/L=Ankara/O=T\xC3\x9CRKTRUST Bilgi \xC4\xB0leti\xC5\x9Fim ve Bili\xC5\x9Fim G\xC3\xBCvenli\xC4\x9Fi Hizmetleri A.\xC5\x9E. (c) Aral\xC4\xB1k 2007
/C=US/O=VeriSign, Inc./OU=Class 3 Public Primary Certification Authority - G2/OU=(c) 1998 VeriSign, Inc. - For authorized use only/OU=VeriSign Trust Network
/C=US/O=Entrust.net/OU=www.entrust.net/CPS incorp. by ref. (limits liab.)/OU=(c) 1999 Entrust.net Limited/CN=Entrust.net Secure Server Certification Authority
/C=ZA/ST=Western Cape/L=Cape Town/O=Thawte Consulting cc/OU=Certification Services Division/CN=Thawte Server CA/emailAddress=server-certs@thawte.com
/C=US/O=VeriSign, Inc./OU=VeriSign Trust Network/OU=(c) 1999 VeriSign, Inc. - For authorized use only/CN=VeriSign Class 3 Public Primary Certification Authority - G3
/C=US/O=VeriSign, Inc./OU=VeriSign Trust Network/OU=(c) 1999 VeriSign, Inc. - For authorized use only/CN=VeriSign Class 4 Public Primary Certification Authority - G3
/C=US/O=VeriSign, Inc./OU=VeriSign Trust Network/OU=(c) 2006 VeriSign, Inc. - For authorized use only/CN=VeriSign Class 3 Public Primary Certification Authority - G5
/C=US/O=VeriSign, Inc./OU=VeriSign Trust Network/OU=(c) 2007 VeriSign, Inc. - For authorized use only/CN=VeriSign Class 3 Public Primary Certification Authority - G4
/C=ZA/ST=Western Cape/L=Cape Town/O=Thawte Consulting cc/OU=Certification Services Division/CN=Thawte Premium Server CA/emailAddress=premium-server@thawte.com
/emailAddress=contacto@procert.net.ve/L=Chacao/ST=Miranda/OU=Proveedor de Certificados PROCERT/O=Sistema Nacional de Certificacion Electronica/C=VE/CN=PSCProcert
/C=ES/O=Agencia Catalana de Certificacio (NIF Q-0801176-I)/OU=Serveis Publics de Certificacio/OU=Vegeu https://www.catcert.net/verarrel (c)03/OU=Jerarquia Entitats de Certificacio Catalanes/CN=EC-ACC
/C=TR/L=Gebze - Kocaeli/O=T\xC3\xBCrkiye Bilimsel ve Teknolojik Ara\xC5\x9Ft\xC4\xB1rma Kurumu - T\xC3\x9CB\xC4\xB0TAK/OU=Ulusal Elektronik ve Kriptoloji Ara\xC5\x9Ft\xC4\xB1rma Enstit\xC3\xBCs\xC3\xBC - UEKAE/OU=Kamu Sertifikasyon Merkezi/CN=T\xC3\x9CB\xC4\xB0TAK UEKAE K\xC3\xB6k Sertifika Hizmet Sa\xC4\x9Flay\xC4\xB1c\xC4\xB1s\xC4\xB1 - S\xC3\xBCr\xC3\xBCm 3
/C=US/O=thawte, Inc./OU=Certification Services Division/OU=(c) 2008 thawte, Inc. - For authorized use only/CN=thawte Primary Root CA - G3
Client Certificate Types: RSA sign, DSA sign, ECDSA sign
Requested Signature Algorithms: RSA+SHA512:DSA+SHA512:ECDSA+SHA512:RSA+SHA384:DSA+SHA384:ECDSA+SHA384:RSA+SHA256:DSA+SHA256:ECDSA+SHA256:RSA+SHA224:DSA+SHA224:ECDSA+SHA224:RSA+SHA1:DSA+SHA1:ECDSA+SHA1
Shared Requested Signature Algorithms: RSA+SHA512:DSA+SHA512:ECDSA+SHA512:RSA+SHA384:DSA+SHA384:ECDSA+SHA384:RSA+SHA256:DSA+SHA256:ECDSA+SHA256:RSA+SHA224:DSA+SHA224:ECDSA+SHA224:RSA+SHA1:DSA+SHA1:ECDSA+SHA1
Peer signing digest: SHA512
Server Temp Key: ECDH, P-256, 256 bits
---
SSL handshake has read 24065 bytes and written 427 bytes
---
New, TLSv1/SSLv3, Cipher is ECDHE-RSA-AES128-GCM-SHA256
Server public key is 2048 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
SSL-Session:
    Protocol  : TLSv1.2
    Cipher    : ECDHE-RSA-AES128-GCM-SHA256
    Session-ID: 62529831470B8FD40179DDC647ACC9FF425F3A07CF1CC3A918857C8635DB2E6A
    Session-ID-ctx:
    Master-Key: CBFBE5E9CD32528E2C8DBCBC541643AA0336B4AEB3C2EF00FFB09A79D13AADFD7DEBD8C944B6690ABCB68E721AEAF418
    Key-Arg   : None
    Krb5 Principal: None
    PSK identity: None
    PSK identity hint: None
    TLS session ticket lifetime hint: 300 (seconds)
    TLS session ticket:
    0000 - 3e c8 4b cd 0a 0c 93 d3-b3 8b 3e 74 24 89 76 a1   >.K.......>t$.v.
    0010 - 25 b3 71 a5 bd 29 7c 5f-2b da 66 c2 2a 7c cd 15   %.q..)|_+.f.*|..
    0020 - be 74 aa f0 ab 23 b6 2f-29 4f b5 18 e4 41 63 e5   .t...#./)O...Ac.
    0030 - 4d fe 66 1a fc 31 01 31-e0 93 b8 d3 dd 37 ca 54   M.f..1.1.....7.T
    0040 - d7 81 e0 9a 90 18 be e3-bb 51 be a9 79 4e c9 29   .........Q..yN.)
    0050 - 1a 06 12 18 62 f1 81 97-3b 67 e5 18 48 ef 8e d0   ....b...;g..H...
    0060 - fb e3 66 cf c6 0a d3 e9-ee 74 5f 36 1a b3 f5 53   ..f......t_6...S
    0070 - a6 05 5c 24 af 1c 44 f9-83 1b 05 6e 8b ab 64 2a   ..\$..D....n..d*
    0080 - 64 61 f9 47 bc 72 92 31-08 76 49 eb a4 9f 3a 36   da.G.r.1.vI...:6
    0090 - f3 e8 2e 22 da 2c 44 4b-bf d5 e9 fb 3c c5 8c 7c   ...".,DK....<..|
    00a0 - 62 27 7b 6f fc 23 f5 48-c5 f7 04 03 20 5f 6c 44   b'{o.#.H.... _lD
    00b0 - e5 f4 ae 19 28 a6 b5 67-df 46 20 16 85 62 f4 1d   ....(..g.F ..b..

    Start Time: 1534496139
    Timeout   : 300 (sec)
    Verify return code: 0 (ok)
---
▒<?xml version="1.0" encoding="UTF-8" standalone="no"?><epp xmlns="urn:ietf:params:xml:ns:epp-1.0"><greeting><svID>CentralNic EPP server EPP-OTE.CENTRALNIC.COM</svID><svDate>2018-08-17T08:55:39.0Z</svDate><svcMenu><version>1.0</version><lang>en</lang><objURI>urn:ietf:params:xml:ns:domain-1.0</objURI><objURI>urn:ietf:params:xml:ns:contact-1.0</objURI><objURI>urn:ietf:params:xml:ns:host-1.0</objURI><svcExtension><extURI>urn:ietf:params:xml:ns:rgp-1.0</extURI><extURI>urn:ietf:params:xml:ns:secDNS-1.1</extURI><extURI>urn:ietf:params:xml:ns:idn-1.0</extURI><extURI>urn:ietf:params:xml:ns:fee-0.4</extURI><extURI>urn:ietf:params:xml:ns:fee-0.5</extURI><extURI>urn:ietf:params:xml:ns:launch-1.0</extURI><extURI>urn:ietf:params:xml:ns:regtype-0.1</extURI><extURI>urn:ietf:params:xml:ns:auxcontact-0.1</extURI><extURI>urn:ietf:params:xml:ns:artRecord-0.1</extURI><extURI>http://www.nic.coop/contactCoopExt-1.0</extURI></svcExtension></svcMenu><dcp><access><all></all></access><statement><purpose><admin></admin><prov></prov></purpose><recipient><ours></ours><public></public></recipient><retention><stated></stated></retention></statement></dcp></greeting></epp>

【测试:epp.whois.ai:700】

输入:

openssl s_client -connect epp.whois.ai:700

输出:

CONNECTED(00000003)
depth=2 C = US, O = "thawte, Inc.", OU = Certification Services Division, OU = "(c) 2006 thawte, Inc. - For authorized use only", CN = thawte Primary Root CA
verify return:1
depth=1 C = US, O = "thawte, Inc.", OU = Domain Validated SSL, CN = thawte DV SSL CA - G2
verify return:1
depth=0 CN = epp.whois.ai
verify return:1
---
Certificate chain
 0 s:/CN=epp.whois.ai
   i:/C=US/O=thawte, Inc./OU=Domain Validated SSL/CN=thawte DV SSL CA - G2
 1 s:/C=US/O=thawte, Inc./OU=Domain Validated SSL/CN=thawte DV SSL CA - G2
   i:/C=US/O=thawte, Inc./OU=Certification Services Division/OU=(c) 2006 thawte, Inc. - For authorized use only/CN=thawte Primary Root CA
 2 s:/C=US/O=thawte, Inc./OU=Certification Services Division/OU=(c) 2006 thawte, Inc. - For authorized use only/CN=thawte Primary Root CA
   i:/C=US/O=thawte, Inc./OU=Certification Services Division/OU=(c) 2006 thawte, Inc. - For authorized use only/CN=thawte Primary Root CA
---
Server certificate
-----BEGIN CERTIFICATE-----
MIIGbDCCBVSgAwIBAgIQEnysMVX0lo0MVBZPV8k9sjANBgkqhkiG9w0BAQsFADBj
MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMdGhhd3RlLCBJbmMuMR0wGwYDVQQLExRE
b21haW4gVmFsaWRhdGVkIFNTTDEeMBwGA1UEAxMVdGhhd3RlIERWIFNTTCBDQSAt
IEcyMB4XDTE3MDMyNDAwMDAwMFoXDTIwMDMyMzIzNTk1OVowFzEVMBMGA1UEAwwM
ZXBwLndob2lzLmFpMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAme4P
rb6IbjTgPH/05aWMz43m/Xx+huRservQmOEQ7cz/hd1UTpZHvH7SvTMPSQTsANRE
JdlqObW8pI3qwa2e1dwZdmLTwkiWF8fq5X+o4K+hrXCe50e9bRdT6/I7kTwVVnjH
0fhBEJMvO890Y7QQ2nPIxP0gjvv4ybJ1rQwI8gf50l1AZ/o/Mrb0zsykdBwLmJZW
WVktVNI4II0mdpTwuydn9BobnAE/IsWyChJVO3HT+EMu+KpekCaqkKO5WL5GsTAn
Jko2GcHFB+TaNmQ8o0+7tIgXd/mvYkIPxlfMrbxLaheyQykkeE2nJkdSEVYC9nDv
X8dN/PCqcjV3vGOggwIDAQABo4IDZjCCA2IwFwYDVR0RBBAwDoIMZXBwLndob2lz
LmFpMAkGA1UdEwQCMAAwKwYDVR0fBCQwIjAgoB6gHIYaaHR0cDovL3RuLnN5bWNi
LmNvbS90bi5jcmwwbgYDVR0gBGcwZTBjBgZngQwBAgEwWTAmBggrBgEFBQcCARYa
aHR0cHM6Ly93d3cudGhhd3RlLmNvbS9jcHMwLwYIKwYBBQUHAgIwIwwhaHR0cHM6
Ly93d3cudGhhd3RlLmNvbS9yZXBvc2l0b3J5MB8GA1UdIwQYMBaAFJ+4wals8vXA
IiqU7VyZrNTs18YHMA4GA1UdDwEB/wQEAwIFoDAdBgNVHSUEFjAUBggrBgEFBQcD
AQYIKwYBBQUHAwIwVwYIKwYBBQUHAQEESzBJMB8GCCsGAQUFBzABhhNodHRwOi8v
dG4uc3ltY2QuY29tMCYGCCsGAQUFBzAChhpodHRwOi8vdG4uc3ltY2IuY29tL3Ru
LmNydDCCAfQGCisGAQQB1nkCBAIEggHkBIIB4AHeAHUA3esdK3oNT6Ygi4GtgWhw
fi6OnQHVXIiNPRHEzbbsvswAAAFbAFmghQAABAMARjBEAiBjU6XrUrBick0rFM3M
Ij1igfeXezeFqnSSMxbfwogg6wIgFmhhaaX/ieut8fZvPFgRH4JOkhysIgAkL470
oaR2+L4AdgCkuQmQtBhYFIe7E6LMZ3AKPDWYBPkb37jjd80OyA3cEAAAAVsAWaDC
AAAEAwBHMEUCID9a8ntBsgM5nCWkKT/Mz0d5aM65Bq5Le1nwkr4XABCNAiEAvzcP
qb/cuwrdivZW+23DdSzss7jbriA/PpUTbIVNk5cAdQDuS723dc5guuFCaR+r4Z5m
ow9+X7By2IMAxHuJeqj9ywAAAVsAWaJ/AAAEAwBGMEQCIQDsd/8sspv64QJs+/LD
v2GzvThCjPgWybe8EVy5vgAauQIfYWkXWAl5LyNibTTSl2nW/TZWD/xyHjODUgJ8
y9kPLQB2ALx44d/F9jxoRkkzTaEPoV8JeWkgCcCBtPP2kX8+2bilAAABWwBZoeUA
AAQDAEcwRQIgfs6+I16mxLPQP+a0IXncdxFwHNnWahmLlv5Z7wIzkL8CIQDV8TTT
r+Sm11Xv5jSNihRKeu+n+JMIskUhw9GvI5RhDDANBgkqhkiG9w0BAQsFAAOCAQEA
Qc2q2D6HurGj4isTwh1fRMQeqIEqRDv8jD6oS62+DF5wADif+nhalFmb2SR+xYJa
yM7/rlS307T6H/YlAgMTqP9Ew2VFX73K2A6Ie45ACAN3RS4pwmZ+4Pi6p7PrERnQ
ytYf1phZRbE8ly0ZXs1lMfJUleiIWfKPm5539DljNoMQDhp12lde+Zi75q5vjDFN
PwEPp6JcrguWSe9zF3HjcGgITmAUTgdE2U2THSknklJmGuTl3domFoIMZah3z3i9
Znp+fiLnyXDpzWtkLgPQdkj+XRDisO3t+WtCcsAu3PmYxPbmTpLiPeUCxfOPbUyy
eihlqt4RXwAlesfohy4L/g==
-----END CERTIFICATE-----
subject=/CN=epp.whois.ai
issuer=/C=US/O=thawte, Inc./OU=Domain Validated SSL/CN=thawte DV SSL CA - G2
---
No client certificate CA names sent
Peer signing digest: SHA512
Server Temp Key: ECDH, P-256, 256 bits
---
SSL handshake has read 4436 bytes and written 415 bytes
---
New, TLSv1/SSLv3, Cipher is ECDHE-RSA-AES256-GCM-SHA384
Server public key is 2048 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
SSL-Session:
    Protocol  : TLSv1.2
    Cipher    : ECDHE-RSA-AES256-GCM-SHA384
    Session-ID: 5B768D2FCD122E8BF1ED307E0829534ADD053622C075E5DC099E9ED95A465AD3
    Session-ID-ctx:
    Master-Key: AE32C56BF15A2D98AB2E9EA69FDBC1BA8932C81DBF3F0A10E88B61E665DCB7610EC1231B42C66D76088AD83EC2669FDA
    Key-Arg   : None
    Krb5 Principal: None
    PSK identity: None
    PSK identity hint: None
    Start Time: 1534496047
    Timeout   : 300 (sec)
    Verify return code: 0 (ok)
---
▒<?xml version="1.0" encoding="UTF-8"?><epp xmlns="urn:ietf:params:xml:ns:epp-1.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="urn:ietf:params:xml:ns:epp-1.0 epp-1.0.xsd"><greeting><svID>CoCCA EPP Server - epp.cocca.iors.cx</svID><svDate>2018-08-17T08:54:07.780Z</svDate><svcMenu><version>1.0</version><lang>en</lang><objURI>urn:ietf:params:xml:ns:contact-1.0</objURI><objURI>urn:ietf:params:xml:ns:domain-1.0</objURI><objURI>urn:ietf:params:xml:ns:host-1.0</objURI><svcExtension><extURI>urn:ietf:params:xml:ns:rgp-1.0</extURI><extURI>urn:ietf:params:xml:ns:auxcontact-0.1</extURI><extURI>urn:ietf:params:xml:ns:secDNS-1.1</extURI><extURI>urn:ietf:params:xml:ns:fee-1.0</extURI><extURI>https://production.coccaregistry.net/cocca-activation-1.0</extURI></svcExtension></svcMenu><dcp><access><all/></access><statement><purpose><admin/><prov/></purpose><recipient><ours/><public/></recipient><retention><stated/></retention></statement></dcp></greeting></epp>