X.509数字证书之吊销客户端证书操作

 未分类  Add comments
3月 212020
 

修改中级CA配置文件

[root@ip-172-31-2-174 ca]# vi intermediate/openssl.cnf

适用于客户端验证服务端证书吊销状态

[ server_cert ]
authorityInfoAccess = OCSP;URI:http://ocsp.iot.com

适用于服务端验证客户端证书吊销状态

[ usr_cert ]
authorityInfoAccess = OCSP;URI:http://ocsp.iot.com

生成OCSP私钥

openssl genrsa -aes256 \
-out intermediate/private/ocsp.iot.com.key.pem 4096

[root@ip-172-31-2-174 ca]# openssl genrsa -aes256 \
> -out intermediate/private/ocsp.iot.com.key.pem 4096
Generating RSA private key, 4096 bit long modulus
...............++
............++
e is 65537 (0x10001)
Enter pass phrase for intermediate/private/ocsp.iot.com.key.pem:
Verifying - Enter pass phrase for intermediate/private/ocsp.iot.com.key.pem:
[root@ip-172-31-2-174 ca]#

生成OCSP CSR文件

openssl req -config intermediate/openssl.cnf -new -sha256 \
-key intermediate/private/ocsp.iot.com.key.pem \
-out intermediate/csr/ocsp.iot.com.csr.pem

[root@ip-172-31-2-174 ca]# openssl req -config intermediate/openssl.cnf -new -sha256 \
> -key intermediate/private/ocsp.iot.com.key.pem \
> -out intermediate/csr/ocsp.iot.com.csr.pem
Enter pass phrase for intermediate/private/ocsp.iot.com.key.pem:
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [GB]:CN
State or Province Name [England]:Guangdong
Locality Name []:Shenzhen
Organization Name [Alice Ltd]:YSWM
Organizational Unit Name []:YSWM Certificate Authority
Common Name []:ocsp.iot.com
Email Address []:
[root@ip-172-31-2-174 ca]#

生成OCSP证书

openssl ca -config intermediate/openssl.cnf \
-extensions ocsp -days 375 -notext -md sha256 \
-in intermediate/csr/ocsp.iot.com.csr.pem \
-out intermediate/certs/ocsp.iot.com.cert.pem

[root@ip-172-31-2-174 ca]# openssl ca -config intermediate/openssl.cnf \
> -extensions ocsp -days 375 -notext -md sha256 \
> -in intermediate/csr/ocsp.iot.com.csr.pem \
> -out intermediate/certs/ocsp.iot.com.cert.pem
Using configuration from intermediate/openssl.cnf
Enter pass phrase for /root/ca/intermediate/private/intermediate.key.pem:
Check that the request matches the signature
Signature ok
Certificate Details:
        Serial Number: 4098 (0x1002)
        Validity
            Not Before: Mar 21 06:17:03 2020 GMT
            Not After : Mar 31 06:17:03 2021 GMT
        Subject:
            countryName               = CN
            stateOrProvinceName       = Guangdong
            localityName              = Shenzhen
            organizationName          = YSWM
            organizationalUnitName    = YSWM Certificate Authority
            commonName                = ocsp.iot.com
        X509v3 extensions:
            X509v3 Basic Constraints: 
                CA:FALSE
            X509v3 Subject Key Identifier: 
                B0:F5:53:93:E6:76:AD:F9:2A:87:38:9B:0F:D9:00:AD:77:2E:F1:5B
            X509v3 Authority Key Identifier: 
                keyid:80:81:95:8B:B9:21:57:07:AE:5E:E2:0A:2C:EE:88:2D:B6:DB:EF:EF

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 Extended Key Usage: critical
                OCSP Signing
Certificate is to be certified until Mar 31 06:17:03 2021 GMT (375 days)
Sign the certificate? [y/n]:y


1 out of 1 certificate requests certified, commit? [y/n]y
Write out database with 1 new entries
Data Base Updated
[root@ip-172-31-2-174 ca]#

验证OCSP证书状态

openssl x509 -in intermediate/certs/ocsp.iot.com.cert.pem \
-text -noout

[root@ip-172-31-2-174 ca]# openssl x509 -in intermediate/certs/ocsp.iot.com.cert.pem \
> -text -noout
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 4098 (0x1002)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: C=CN, ST=Guangdong, O=YSWM, OU=YSWM Certificate Authority, CN=YSWM Intermediate CA
        Validity
            Not Before: Mar 21 06:17:03 2020 GMT
            Not After : Mar 31 06:17:03 2021 GMT
        Subject: C=CN, ST=Guangdong, L=Shenzhen, O=YSWM, OU=YSWM Certificate Authority, CN=ocsp.iot.com
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                Public-Key: (4096 bit)
                Modulus:
                    00:c7:69:7f:2a:6b:ba:96:d9:52:43:88:91:fb:fa:
                    ce:3b:a0:b6:80:e5:1e:29:d4:4e:34:b5:45:c9:ae:
                    88:6a:12:90:cc:de:d3:1c:91:59:7a:84:d3:5c:53:
                    38:2b:e2:d9:47:a2:21:ff:ae:8c:51:03:76:dc:08:
                    44:84:77:e0:ea:34:ca:65:de:25:cd:19:34:70:95:
                    d7:cf:78:01:26:c1:79:f8:89:e2:c0:c3:b5:64:e1:
                    55:6c:ea:63:03:ac:c9:81:c6:33:f0:ad:64:32:6c:
                    5e:94:dc:71:76:9c:dd:7e:d0:a2:df:75:ec:47:6b:
                    22:de:0d:72:1d:a7:79:fa:5e:04:66:68:e9:8b:a2:
                    e4:bc:d6:b6:b9:6d:0d:7c:6b:7b:36:44:38:36:51:
                    a2:72:50:c2:51:66:21:f8:e0:2c:b9:68:2d:c7:75:
                    da:d3:95:ce:c0:33:3e:7c:ba:81:3b:c3:fa:74:29:
                    30:f4:c7:ce:dd:00:cc:27:6c:58:ea:8f:f2:24:f8:
                    09:f5:02:ff:4b:2e:9a:53:47:5b:27:77:29:c3:37:
                    26:4f:2d:1c:c9:c7:be:53:30:01:02:a6:41:b8:77:
                    03:14:a5:69:ef:9d:fe:ce:19:3b:09:25:a6:8e:eb:
                    52:18:9b:a7:88:ab:63:30:31:64:bb:52:13:04:8c:
                    34:cb:13:71:c0:94:6c:dd:fb:3d:8d:a1:d9:65:28:
                    bc:c8:e8:d3:6a:02:ca:50:8b:a9:97:4d:8e:be:c2:
                    04:3d:1f:76:76:96:b6:d2:43:a9:0a:75:4e:f2:e4:
                    39:67:aa:08:7f:75:12:6a:5a:45:36:e4:f9:7b:4e:
                    9e:bd:b8:42:45:95:16:07:42:4c:b9:23:42:04:c3:
                    71:1c:28:40:27:a7:e1:2d:77:fa:b6:56:29:67:e2:
                    e5:10:fc:38:c9:8c:e2:44:19:ae:b5:90:b0:63:1d:
                    76:82:21:93:95:01:2a:ba:7d:76:3e:f1:dc:1d:b8:
                    5c:ec:d2:04:7e:e6:11:a1:76:3f:f3:f1:7d:57:82:
                    77:d5:a8:eb:b0:fb:bb:65:c7:a7:74:ad:36:f5:a8:
                    b5:dc:4a:ba:91:f5:d7:1b:1f:31:4c:d4:e2:b7:35:
                    2b:b8:a5:a8:0a:76:d5:2e:71:dd:66:d4:23:34:87:
                    c5:61:e1:bd:83:df:99:85:42:a0:45:c2:12:90:09:
                    23:f0:f3:4b:f0:19:e4:3a:e5:2b:77:d0:79:5b:02:
                    62:50:03:38:2e:31:d5:c3:56:2b:bc:4a:7f:27:a7:
                    3b:05:80:0f:6f:34:b3:19:60:10:c1:a7:d6:8b:16:
                    ee:41:14:0e:c0:94:4c:9d:79:a0:15:1b:4d:39:fc:
                    f6:14:d9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Basic Constraints: 
                CA:FALSE
            X509v3 Subject Key Identifier: 
                B0:F5:53:93:E6:76:AD:F9:2A:87:38:9B:0F:D9:00:AD:77:2E:F1:5B
            X509v3 Authority Key Identifier: 
                keyid:80:81:95:8B:B9:21:57:07:AE:5E:E2:0A:2C:EE:88:2D:B6:DB:EF:EF

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 Extended Key Usage: critical
                OCSP Signing
    Signature Algorithm: sha256WithRSAEncryption
         08:59:ae:bf:ef:a5:7c:8c:29:5e:0e:d4:ef:ce:84:6f:97:a1:
         0e:a1:5b:1f:00:30:86:93:b3:5d:3c:1c:88:63:09:17:c7:f1:
         a2:d1:40:d4:5d:11:59:36:37:e2:5b:f4:93:69:b9:08:6b:2d:
         dc:b8:55:d4:44:a1:d7:76:7d:e9:21:fa:f2:0d:c5:11:6a:2e:
         33:06:ba:3f:af:72:5b:73:01:d4:1a:1e:df:e8:a6:ac:fb:bc:
         e7:42:c5:c1:5e:96:63:ee:be:23:34:9b:89:12:1b:75:d7:04:
         fb:e0:a0:96:fc:29:54:cd:c2:d3:34:d4:1f:eb:bf:43:68:d3:
         ab:e6:3b:03:73:46:3d:e7:fe:23:63:ec:d7:d7:69:da:d5:67:
         55:b4:ca:20:74:2b:f0:f8:f2:ba:74:48:2f:53:be:7b:a9:e6:
         ce:c8:0a:c9:34:5d:3f:ae:d0:d5:30:87:88:ad:12:56:ee:5a:
         36:f2:96:d0:a4:55:c3:db:c0:1f:3c:3a:b7:e3:a2:d4:ad:91:
         5b:da:f2:51:87:05:46:68:95:97:67:37:02:a0:3c:0c:b2:d4:
         c0:bd:12:c9:c8:04:41:4f:33:32:96:2b:6e:6c:5f:e0:ea:f9:
         ac:ea:b5:58:6e:41:67:19:1f:02:73:20:62:85:6f:35:b5:f2:
         97:1c:33:08:25:d6:f9:eb:2b:aa:aa:cb:91:1c:13:98:cb:9b:
         d6:22:8c:fb:c6:20:ce:18:ce:0d:b8:d5:0b:92:d8:6d:dd:d3:
         a1:95:ad:1b:3e:be:4f:1e:5e:dd:bf:f2:f1:86:60:34:ae:e3:
         19:74:93:b1:42:9b:0e:3f:b8:05:a0:6a:4a:2a:25:63:48:70:
         b0:86:7f:14:90:f9:1c:9a:8a:47:70:29:1d:27:bd:dd:8f:99:
         f7:37:3e:a4:d5:08:83:4d:13:67:29:12:ae:99:25:43:39:9f:
         4c:5f:63:d6:e7:41:f4:d5:d0:68:45:c4:53:c1:25:99:27:00:
         af:4d:86:8e:f1:04:82:9c:b7:dc:6e:df:d5:f9:0c:2a:f4:c2:
         a8:fb:c4:c9:49:fb:c6:dd:0a:1a:be:d4:ef:05:95:1e:0f:d6:
         7b:0a:4e:8d:85:95:46:d7:aa:0c:5f:c4:9c:95:25:47:66:e2:
         d6:5f:43:b5:23:ad:92:bf:f8:8d:6e:3b:d6:37:8f:11:af:0e:
         b3:dd:29:51:34:b5:ae:45:5d:5c:e1:2d:d4:1c:93:fe:f9:da:
         cb:23:82:ad:23:88:3a:82:e6:ed:ab:91:56:58:05:f9:88:a2:
         0c:42:7d:dc:e0:d9:03:e3:51:fa:36:1b:a7:ad:5e:f1:f0:ff:
         53:06:de:c4:3b:6e:76:fd
[root@ip-172-31-2-174 ca]#

查看证书签发列表

[root@ip-172-31-2-174 ca]# cat intermediate/index.txt
V       210321055837Z           1000    unknown /C=CN/ST=Guangdong/L=Shenzhen/O=YSWL/OU=IT/CN=api.iot.com
V       200917060403Z           1001    unknown /C=CN/ST=Guangdong/L=Shenzhen/O=MENGNIU/OU=IT/CN=IOTHS0000238
V       210331061703Z           1002    unknown /C=CN/ST=Guangdong/L=Shenzhen/O=YSWM/OU=YSWM Certificate Authority/CN=ocsp.iot.com
[root@ip-172-31-2-174 ca]#

使用OCSP检查客户端证书吊销状态

运行服务端

openssl ocsp -port 127.0.0.1:2560 -text -sha256 \
-index intermediate/index.txt \
-CA intermediate/certs/ca-chain.cert.pem \
-rkey intermediate/private/ocsp.iot.com.key.pem \
-rsigner intermediate/certs/ocsp.iot.com.cert.pem \
-nrequest 1

[root@ip-172-31-2-174 ca]# openssl ocsp -port 127.0.0.1:2560 -text -sha256 \
> -index intermediate/index.txt \
> -CA intermediate/certs/ca-chain.cert.pem \
> -rkey intermediate/private/ocsp.iot.com.key.pem \
> -rsigner intermediate/certs/ocsp.iot.com.cert.pem \
> -nrequest 1
Enter pass phrase for intermediate/private/ocsp.iot.com.key.pem:
Waiting for OCSP client connections...

运行客户端

openssl ocsp -CAfile intermediate/certs/ca-chain.cert.pem \
-url http://127.0.0.1:2560 -resp_text \
-issuer intermediate/certs/intermediate.cert.pem \
-cert intermediate/certs/device.cert.pem

服务端输出

OCSP Request Data:
    Version: 1 (0x0)
    Requestor List:
        Certificate ID:
          Hash Algorithm: sha1
          Issuer Name Hash: BF07CCE36736D257F8D75DE02D5E65E1CB8068F3
          Issuer Key Hash: 8081958BB9215707AE5EE20A2CEE882DB6DBEFEF
          Serial Number: 1001
    Request Extensions:
        OCSP Nonce: 
            0410C85B38CAADFCCAB98072C7F6BF3D6EE1
OCSP Response Data:
    OCSP Response Status: successful (0x0)
    Response Type: Basic OCSP Response
    Version: 1 (0x0)
    Responder Id: C = CN, ST = Guangdong, L = Shenzhen, O = YSWM, OU = YSWM Certificate Authority, CN = ocsp.iot.com
    Produced At: Mar 21 06:42:58 2020 GMT
    Responses:
    Certificate ID:
      Hash Algorithm: sha1
      Issuer Name Hash: BF07CCE36736D257F8D75DE02D5E65E1CB8068F3
      Issuer Key Hash: 8081958BB9215707AE5EE20A2CEE882DB6DBEFEF
      Serial Number: 1001
    Cert Status: good
    This Update: Mar 21 06:42:58 2020 GMT

    Response Extensions:
        OCSP Nonce: 
            0410C85B38CAADFCCAB98072C7F6BF3D6EE1
    Signature Algorithm: sha256WithRSAEncryption
         51:40:18:da:ef:c5:e3:e6:af:b9:26:6a:19:a8:63:24:f7:4a:
         41:0a:de:88:b4:16:73:7c:3e:7e:af:cb:f6:75:41:eb:19:da:
         55:2a:96:b1:77:d1:98:aa:f8:4a:02:88:4c:5a:1f:03:a6:d4:
         97:1b:4d:cb:4d:98:bc:19:02:6a:b5:be:5e:d0:c2:33:3e:c7:
         5d:b7:63:86:b3:71:8f:63:58:6b:7d:9d:7c:29:0d:52:a4:03:
         b2:ba:7a:da:90:19:93:68:04:ad:8d:66:1b:f0:f6:af:ce:98:
         09:26:88:b6:98:43:0f:e6:6d:32:4d:2d:9a:01:9d:fb:8c:00:
         b2:89:95:c7:2b:c2:aa:e2:ea:b1:75:81:7f:3c:12:fd:8a:a4:
         ae:92:22:9a:70:fe:97:f4:04:4d:8a:dd:ea:9b:11:28:96:cb:
         ff:12:9d:64:76:a8:27:5d:1b:bf:05:66:25:58:8e:8a:2e:cf:
         27:a6:ab:28:c6:ff:13:7c:7a:65:ef:ec:31:b2:da:9b:95:1f:
         c5:b7:72:4e:f6:00:04:ec:74:65:1c:6b:37:ce:46:b1:c5:27:
         91:9f:96:81:40:dd:33:42:05:cf:a1:f7:77:06:12:a3:f3:5e:
         52:58:35:34:25:a8:1e:1e:44:e6:0e:26:13:32:ac:a6:f8:75:
         7f:f9:91:64:1e:73:51:8b:42:3d:d6:25:68:c2:23:c4:63:dd:
         ff:73:50:01:15:af:15:af:0e:91:ed:a4:16:58:c0:f2:31:d3:
         5f:49:83:d4:11:60:9e:15:fd:94:48:1a:21:41:39:d7:57:6b:
         34:3a:97:3f:24:e3:90:62:ab:ec:77:72:7c:ef:35:cd:80:a0:
         8a:b9:6a:66:00:a5:3c:45:da:59:fd:c7:37:53:72:40:9e:33:
         9d:1e:c1:4d:f2:a8:23:ea:57:76:b5:df:67:91:d5:64:fe:d7:
         81:9e:53:36:e1:64:40:39:87:4c:f7:b7:1f:02:a1:71:4e:ea:
         45:42:ab:22:c7:9f:4e:9a:08:3b:95:11:32:eb:16:dd:95:ac:
         11:99:66:ce:4a:a3:0f:9f:f1:16:9b:ff:0e:de:a7:27:4e:70:
         cb:cd:fa:e6:be:79:ff:a3:13:5d:76:2c:1b:3e:d7:bd:19:0f:
         f3:da:12:76:57:3b:98:30:24:eb:95:0e:db:aa:e9:62:d6:89:
         e7:af:80:3e:00:fc:84:fa:3c:6f:3a:8e:9d:60:59:60:5c:76:
         38:1e:73:1f:71:3a:be:2e:a6:f2:ca:1c:ba:2c:36:5f:33:24:
         f0:c9:cb:3f:1f:49:16:fb:63:65:7e:90:47:05:e3:0d:f7:fa:
         c8:59:a5:05:a0:31:00:65
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 4098 (0x1002)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: C=CN, ST=Guangdong, O=YSWM, OU=YSWM Certificate Authority, CN=YSWM Intermediate CA
        Validity
            Not Before: Mar 21 06:17:03 2020 GMT
            Not After : Mar 31 06:17:03 2021 GMT
        Subject: C=CN, ST=Guangdong, L=Shenzhen, O=YSWM, OU=YSWM Certificate Authority, CN=ocsp.iot.com
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                Public-Key: (4096 bit)
                Modulus:
                    00:c7:69:7f:2a:6b:ba:96:d9:52:43:88:91:fb:fa:
                    ce:3b:a0:b6:80:e5:1e:29:d4:4e:34:b5:45:c9:ae:
                    88:6a:12:90:cc:de:d3:1c:91:59:7a:84:d3:5c:53:
                    38:2b:e2:d9:47:a2:21:ff:ae:8c:51:03:76:dc:08:
                    44:84:77:e0:ea:34:ca:65:de:25:cd:19:34:70:95:
                    d7:cf:78:01:26:c1:79:f8:89:e2:c0:c3:b5:64:e1:
                    55:6c:ea:63:03:ac:c9:81:c6:33:f0:ad:64:32:6c:
                    5e:94:dc:71:76:9c:dd:7e:d0:a2:df:75:ec:47:6b:
                    22:de:0d:72:1d:a7:79:fa:5e:04:66:68:e9:8b:a2:
                    e4:bc:d6:b6:b9:6d:0d:7c:6b:7b:36:44:38:36:51:
                    a2:72:50:c2:51:66:21:f8:e0:2c:b9:68:2d:c7:75:
                    da:d3:95:ce:c0:33:3e:7c:ba:81:3b:c3:fa:74:29:
                    30:f4:c7:ce:dd:00:cc:27:6c:58:ea:8f:f2:24:f8:
                    09:f5:02:ff:4b:2e:9a:53:47:5b:27:77:29:c3:37:
                    26:4f:2d:1c:c9:c7:be:53:30:01:02:a6:41:b8:77:
                    03:14:a5:69:ef:9d:fe:ce:19:3b:09:25:a6:8e:eb:
                    52:18:9b:a7:88:ab:63:30:31:64:bb:52:13:04:8c:
                    34:cb:13:71:c0:94:6c:dd:fb:3d:8d:a1:d9:65:28:
                    bc:c8:e8:d3:6a:02:ca:50:8b:a9:97:4d:8e:be:c2:
                    04:3d:1f:76:76:96:b6:d2:43:a9:0a:75:4e:f2:e4:
                    39:67:aa:08:7f:75:12:6a:5a:45:36:e4:f9:7b:4e:
                    9e:bd:b8:42:45:95:16:07:42:4c:b9:23:42:04:c3:
                    71:1c:28:40:27:a7:e1:2d:77:fa:b6:56:29:67:e2:
                    e5:10:fc:38:c9:8c:e2:44:19:ae:b5:90:b0:63:1d:
                    76:82:21:93:95:01:2a:ba:7d:76:3e:f1:dc:1d:b8:
                    5c:ec:d2:04:7e:e6:11:a1:76:3f:f3:f1:7d:57:82:
                    77:d5:a8:eb:b0:fb:bb:65:c7:a7:74:ad:36:f5:a8:
                    b5:dc:4a:ba:91:f5:d7:1b:1f:31:4c:d4:e2:b7:35:
                    2b:b8:a5:a8:0a:76:d5:2e:71:dd:66:d4:23:34:87:
                    c5:61:e1:bd:83:df:99:85:42:a0:45:c2:12:90:09:
                    23:f0:f3:4b:f0:19:e4:3a:e5:2b:77:d0:79:5b:02:
                    62:50:03:38:2e:31:d5:c3:56:2b:bc:4a:7f:27:a7:
                    3b:05:80:0f:6f:34:b3:19:60:10:c1:a7:d6:8b:16:
                    ee:41:14:0e:c0:94:4c:9d:79:a0:15:1b:4d:39:fc:
                    f6:14:d9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Basic Constraints: 
                CA:FALSE
            X509v3 Subject Key Identifier: 
                B0:F5:53:93:E6:76:AD:F9:2A:87:38:9B:0F:D9:00:AD:77:2E:F1:5B
            X509v3 Authority Key Identifier: 
                keyid:80:81:95:8B:B9:21:57:07:AE:5E:E2:0A:2C:EE:88:2D:B6:DB:EF:EF

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 Extended Key Usage: critical
                OCSP Signing
    Signature Algorithm: sha256WithRSAEncryption
         08:59:ae:bf:ef:a5:7c:8c:29:5e:0e:d4:ef:ce:84:6f:97:a1:
         0e:a1:5b:1f:00:30:86:93:b3:5d:3c:1c:88:63:09:17:c7:f1:
         a2:d1:40:d4:5d:11:59:36:37:e2:5b:f4:93:69:b9:08:6b:2d:
         dc:b8:55:d4:44:a1:d7:76:7d:e9:21:fa:f2:0d:c5:11:6a:2e:
         33:06:ba:3f:af:72:5b:73:01:d4:1a:1e:df:e8:a6:ac:fb:bc:
         e7:42:c5:c1:5e:96:63:ee:be:23:34:9b:89:12:1b:75:d7:04:
         fb:e0:a0:96:fc:29:54:cd:c2:d3:34:d4:1f:eb:bf:43:68:d3:
         ab:e6:3b:03:73:46:3d:e7:fe:23:63:ec:d7:d7:69:da:d5:67:
         55:b4:ca:20:74:2b:f0:f8:f2:ba:74:48:2f:53:be:7b:a9:e6:
         ce:c8:0a:c9:34:5d:3f:ae:d0:d5:30:87:88:ad:12:56:ee:5a:
         36:f2:96:d0:a4:55:c3:db:c0:1f:3c:3a:b7:e3:a2:d4:ad:91:
         5b:da:f2:51:87:05:46:68:95:97:67:37:02:a0:3c:0c:b2:d4:
         c0:bd:12:c9:c8:04:41:4f:33:32:96:2b:6e:6c:5f:e0:ea:f9:
         ac:ea:b5:58:6e:41:67:19:1f:02:73:20:62:85:6f:35:b5:f2:
         97:1c:33:08:25:d6:f9:eb:2b:aa:aa:cb:91:1c:13:98:cb:9b:
         d6:22:8c:fb:c6:20:ce:18:ce:0d:b8:d5:0b:92:d8:6d:dd:d3:
         a1:95:ad:1b:3e:be:4f:1e:5e:dd:bf:f2:f1:86:60:34:ae:e3:
         19:74:93:b1:42:9b:0e:3f:b8:05:a0:6a:4a:2a:25:63:48:70:
         b0:86:7f:14:90:f9:1c:9a:8a:47:70:29:1d:27:bd:dd:8f:99:
         f7:37:3e:a4:d5:08:83:4d:13:67:29:12:ae:99:25:43:39:9f:
         4c:5f:63:d6:e7:41:f4:d5:d0:68:45:c4:53:c1:25:99:27:00:
         af:4d:86:8e:f1:04:82:9c:b7:dc:6e:df:d5:f9:0c:2a:f4:c2:
         a8:fb:c4:c9:49:fb:c6:dd:0a:1a:be:d4:ef:05:95:1e:0f:d6:
         7b:0a:4e:8d:85:95:46:d7:aa:0c:5f:c4:9c:95:25:47:66:e2:
         d6:5f:43:b5:23:ad:92:bf:f8:8d:6e:3b:d6:37:8f:11:af:0e:
         b3:dd:29:51:34:b5:ae:45:5d:5c:e1:2d:d4:1c:93:fe:f9:da:
         cb:23:82:ad:23:88:3a:82:e6:ed:ab:91:56:58:05:f9:88:a2:
         0c:42:7d:dc:e0:d9:03:e3:51:fa:36:1b:a7:ad:5e:f1:f0:ff:
         53:06:de:c4:3b:6e:76:fd
-----BEGIN CERTIFICATE-----
MIIF5DCCA8ygAwIBAgICEAIwDQYJKoZIhvcNAQELBQAwdDELMAkGA1UEBhMCQ04x
EjAQBgNVBAgMCUd1YW5nZG9uZzENMAsGA1UECgwEWVNXTTEjMCEGA1UECwwaWVNX
TSBDZXJ0aWZpY2F0ZSBBdXRob3JpdHkxHTAbBgNVBAMMFFlTV00gSW50ZXJtZWRp
YXRlIENBMB4XDTIwMDMyMTA2MTcwM1oXDTIxMDMzMTA2MTcwM1owfzELMAkGA1UE
BhMCQ04xEjAQBgNVBAgMCUd1YW5nZG9uZzERMA8GA1UEBwwIU2hlbnpoZW4xDTAL
BgNVBAoMBFlTV00xIzAhBgNVBAsMGllTV00gQ2VydGlmaWNhdGUgQXV0aG9yaXR5
MRUwEwYDVQQDDAxvY3NwLmlvdC5jb20wggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAw
ggIKAoICAQDHaX8qa7qW2VJDiJH7+s47oLaA5R4p1E40tUXJrohqEpDM3tMckVl6
hNNcUzgr4tlHoiH/roxRA3bcCESEd+DqNMpl3iXNGTRwldfPeAEmwXn4ieLAw7Vk
4VVs6mMDrMmBxjPwrWQybF6U3HF2nN1+0KLfdexHayLeDXIdp3n6XgRmaOmLouS8
1ra5bQ18a3s2RDg2UaJyUMJRZiH44Cy5aC3HddrTlc7AMz58uoE7w/p0KTD0x87d
AMwnbFjqj/Ik+An1Av9LLppTR1sndynDNyZPLRzJx75TMAECpkG4dwMUpWnvnf7O
GTsJJaaO61IYm6eIq2MwMWS7UhMEjDTLE3HAlGzd+z2NodllKLzI6NNqAspQi6mX
TY6+wgQ9H3Z2lrbSQ6kKdU7y5Dlnqgh/dRJqWkU25Pl7Tp69uEJFlRYHQky5I0IE
w3EcKEAnp+Etd/q2Viln4uUQ/DjJjOJEGa61kLBjHXaCIZOVASq6fXY+8dwduFzs
0gR+5hGhdj/z8X1XgnfVqOuw+7tlx6d0rTb1qLXcSrqR9dcbHzFM1OK3NSu4pagK
dtUucd1m1CM0h8Vh4b2D35mFQqBFwhKQCSPw80vwGeQ65St30HlbAmJQAzguMdXD
Viu8Sn8npzsFgA9vNLMZYBDBp9aLFu5BFA7AlEydeaAVG005/PYU2QIDAQABo3Uw
czAJBgNVHRMEAjAAMB0GA1UdDgQWBBSw9VOT5nat+SqHOJsP2QCtdy7xWzAfBgNV
HSMEGDAWgBSAgZWLuSFXB65e4gos7ogtttvv7zAOBgNVHQ8BAf8EBAMCB4AwFgYD
VR0lAQH/BAwwCgYIKwYBBQUHAwkwDQYJKoZIhvcNAQELBQADggIBAAhZrr/vpXyM
KV4O1O/OhG+XoQ6hWx8AMIaTs108HIhjCRfH8aLRQNRdEVk2N+Jb9JNpuQhrLdy4
VdREodd2fekh+vINxRFqLjMGuj+vcltzAdQaHt/opqz7vOdCxcFelmPuviM0m4kS
G3XXBPvgoJb8KVTNwtM01B/rv0No06vmOwNzRj3n/iNj7NfXadrVZ1W0yiB0K/D4
8rp0SC9Tvnup5s7ICsk0XT+u0NUwh4itElbuWjbyltCkVcPbwB88OrfjotStkVva
8lGHBUZolZdnNwKgPAyy1MC9EsnIBEFPMzKWK25sX+Dq+azqtVhuQWcZHwJzIGKF
bzW18pccMwgl1vnrK6qqy5EcE5jLm9YijPvGIM4Yzg241QuS2G3d06GVrRs+vk8e
Xt2/8vGGYDSu4xl0k7FCmw4/uAWgakoqJWNIcLCGfxSQ+RyaikdwKR0nvd2Pmfc3
PqTVCINNE2cpEq6ZJUM5n0xfY9bnQfTV0GhFxFPBJZknAK9Nho7xBIKct9xu39X5
DCr0wqj7xMlJ+8bdChq+1O8FlR4P1nsKTo2FlUbXqgxfxJyVJUdm4tZfQ7UjrZK/
+I1uO9Y3jxGvDrPdKVE0ta5FXVzhLdQck/752ssjgq0jiDqC5u2rkVZYBfmIogxC
fdzg2QPjUfo2G6etXvHw/1MG3sQ7bnb9
-----END CERTIFICATE-----

客户端输出

OCSP Response Data:
    OCSP Response Status: successful (0x0)
    Response Type: Basic OCSP Response
    Version: 1 (0x0)
    Responder Id: C = CN, ST = Guangdong, L = Shenzhen, O = YSWM, OU = YSWM Certificate Authority, CN = ocsp.iot.com
    Produced At: Mar 21 06:42:58 2020 GMT
    Responses:
    Certificate ID:
      Hash Algorithm: sha1
      Issuer Name Hash: BF07CCE36736D257F8D75DE02D5E65E1CB8068F3
      Issuer Key Hash: 8081958BB9215707AE5EE20A2CEE882DB6DBEFEF
      Serial Number: 1001
    Cert Status: good
    This Update: Mar 21 06:42:58 2020 GMT

    Response Extensions:
        OCSP Nonce: 
            0410C85B38CAADFCCAB98072C7F6BF3D6EE1
    Signature Algorithm: sha256WithRSAEncryption
         51:40:18:da:ef:c5:e3:e6:af:b9:26:6a:19:a8:63:24:f7:4a:
         41:0a:de:88:b4:16:73:7c:3e:7e:af:cb:f6:75:41:eb:19:da:
         55:2a:96:b1:77:d1:98:aa:f8:4a:02:88:4c:5a:1f:03:a6:d4:
         97:1b:4d:cb:4d:98:bc:19:02:6a:b5:be:5e:d0:c2:33:3e:c7:
         5d:b7:63:86:b3:71:8f:63:58:6b:7d:9d:7c:29:0d:52:a4:03:
         b2:ba:7a:da:90:19:93:68:04:ad:8d:66:1b:f0:f6:af:ce:98:
         09:26:88:b6:98:43:0f:e6:6d:32:4d:2d:9a:01:9d:fb:8c:00:
         b2:89:95:c7:2b:c2:aa:e2:ea:b1:75:81:7f:3c:12:fd:8a:a4:
         ae:92:22:9a:70:fe:97:f4:04:4d:8a:dd:ea:9b:11:28:96:cb:
         ff:12:9d:64:76:a8:27:5d:1b:bf:05:66:25:58:8e:8a:2e:cf:
         27:a6:ab:28:c6:ff:13:7c:7a:65:ef:ec:31:b2:da:9b:95:1f:
         c5:b7:72:4e:f6:00:04:ec:74:65:1c:6b:37:ce:46:b1:c5:27:
         91:9f:96:81:40:dd:33:42:05:cf:a1:f7:77:06:12:a3:f3:5e:
         52:58:35:34:25:a8:1e:1e:44:e6:0e:26:13:32:ac:a6:f8:75:
         7f:f9:91:64:1e:73:51:8b:42:3d:d6:25:68:c2:23:c4:63:dd:
         ff:73:50:01:15:af:15:af:0e:91:ed:a4:16:58:c0:f2:31:d3:
         5f:49:83:d4:11:60:9e:15:fd:94:48:1a:21:41:39:d7:57:6b:
         34:3a:97:3f:24:e3:90:62:ab:ec:77:72:7c:ef:35:cd:80:a0:
         8a:b9:6a:66:00:a5:3c:45:da:59:fd:c7:37:53:72:40:9e:33:
         9d:1e:c1:4d:f2:a8:23:ea:57:76:b5:df:67:91:d5:64:fe:d7:
         81:9e:53:36:e1:64:40:39:87:4c:f7:b7:1f:02:a1:71:4e:ea:
         45:42:ab:22:c7:9f:4e:9a:08:3b:95:11:32:eb:16:dd:95:ac:
         11:99:66:ce:4a:a3:0f:9f:f1:16:9b:ff:0e:de:a7:27:4e:70:
         cb:cd:fa:e6:be:79:ff:a3:13:5d:76:2c:1b:3e:d7:bd:19:0f:
         f3:da:12:76:57:3b:98:30:24:eb:95:0e:db:aa:e9:62:d6:89:
         e7:af:80:3e:00:fc:84:fa:3c:6f:3a:8e:9d:60:59:60:5c:76:
         38:1e:73:1f:71:3a:be:2e:a6:f2:ca:1c:ba:2c:36:5f:33:24:
         f0:c9:cb:3f:1f:49:16:fb:63:65:7e:90:47:05:e3:0d:f7:fa:
         c8:59:a5:05:a0:31:00:65
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 4098 (0x1002)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: C=CN, ST=Guangdong, O=YSWM, OU=YSWM Certificate Authority, CN=YSWM Intermediate CA
        Validity
            Not Before: Mar 21 06:17:03 2020 GMT
            Not After : Mar 31 06:17:03 2021 GMT
        Subject: C=CN, ST=Guangdong, L=Shenzhen, O=YSWM, OU=YSWM Certificate Authority, CN=ocsp.iot.com
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                Public-Key: (4096 bit)
                Modulus:
                    00:c7:69:7f:2a:6b:ba:96:d9:52:43:88:91:fb:fa:
                    ce:3b:a0:b6:80:e5:1e:29:d4:4e:34:b5:45:c9:ae:
                    88:6a:12:90:cc:de:d3:1c:91:59:7a:84:d3:5c:53:
                    38:2b:e2:d9:47:a2:21:ff:ae:8c:51:03:76:dc:08:
                    44:84:77:e0:ea:34:ca:65:de:25:cd:19:34:70:95:
                    d7:cf:78:01:26:c1:79:f8:89:e2:c0:c3:b5:64:e1:
                    55:6c:ea:63:03:ac:c9:81:c6:33:f0:ad:64:32:6c:
                    5e:94:dc:71:76:9c:dd:7e:d0:a2:df:75:ec:47:6b:
                    22:de:0d:72:1d:a7:79:fa:5e:04:66:68:e9:8b:a2:
                    e4:bc:d6:b6:b9:6d:0d:7c:6b:7b:36:44:38:36:51:
                    a2:72:50:c2:51:66:21:f8:e0:2c:b9:68:2d:c7:75:
                    da:d3:95:ce:c0:33:3e:7c:ba:81:3b:c3:fa:74:29:
                    30:f4:c7:ce:dd:00:cc:27:6c:58:ea:8f:f2:24:f8:
                    09:f5:02:ff:4b:2e:9a:53:47:5b:27:77:29:c3:37:
                    26:4f:2d:1c:c9:c7:be:53:30:01:02:a6:41:b8:77:
                    03:14:a5:69:ef:9d:fe:ce:19:3b:09:25:a6:8e:eb:
                    52:18:9b:a7:88:ab:63:30:31:64:bb:52:13:04:8c:
                    34:cb:13:71:c0:94:6c:dd:fb:3d:8d:a1:d9:65:28:
                    bc:c8:e8:d3:6a:02:ca:50:8b:a9:97:4d:8e:be:c2:
                    04:3d:1f:76:76:96:b6:d2:43:a9:0a:75:4e:f2:e4:
                    39:67:aa:08:7f:75:12:6a:5a:45:36:e4:f9:7b:4e:
                    9e:bd:b8:42:45:95:16:07:42:4c:b9:23:42:04:c3:
                    71:1c:28:40:27:a7:e1:2d:77:fa:b6:56:29:67:e2:
                    e5:10:fc:38:c9:8c:e2:44:19:ae:b5:90:b0:63:1d:
                    76:82:21:93:95:01:2a:ba:7d:76:3e:f1:dc:1d:b8:
                    5c:ec:d2:04:7e:e6:11:a1:76:3f:f3:f1:7d:57:82:
                    77:d5:a8:eb:b0:fb:bb:65:c7:a7:74:ad:36:f5:a8:
                    b5:dc:4a:ba:91:f5:d7:1b:1f:31:4c:d4:e2:b7:35:
                    2b:b8:a5:a8:0a:76:d5:2e:71:dd:66:d4:23:34:87:
                    c5:61:e1:bd:83:df:99:85:42:a0:45:c2:12:90:09:
                    23:f0:f3:4b:f0:19:e4:3a:e5:2b:77:d0:79:5b:02:
                    62:50:03:38:2e:31:d5:c3:56:2b:bc:4a:7f:27:a7:
                    3b:05:80:0f:6f:34:b3:19:60:10:c1:a7:d6:8b:16:
                    ee:41:14:0e:c0:94:4c:9d:79:a0:15:1b:4d:39:fc:
                    f6:14:d9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Basic Constraints: 
                CA:FALSE
            X509v3 Subject Key Identifier: 
                B0:F5:53:93:E6:76:AD:F9:2A:87:38:9B:0F:D9:00:AD:77:2E:F1:5B
            X509v3 Authority Key Identifier: 
                keyid:80:81:95:8B:B9:21:57:07:AE:5E:E2:0A:2C:EE:88:2D:B6:DB:EF:EF

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 Extended Key Usage: critical
                OCSP Signing
    Signature Algorithm: sha256WithRSAEncryption
         08:59:ae:bf:ef:a5:7c:8c:29:5e:0e:d4:ef:ce:84:6f:97:a1:
         0e:a1:5b:1f:00:30:86:93:b3:5d:3c:1c:88:63:09:17:c7:f1:
         a2:d1:40:d4:5d:11:59:36:37:e2:5b:f4:93:69:b9:08:6b:2d:
         dc:b8:55:d4:44:a1:d7:76:7d:e9:21:fa:f2:0d:c5:11:6a:2e:
         33:06:ba:3f:af:72:5b:73:01:d4:1a:1e:df:e8:a6:ac:fb:bc:
         e7:42:c5:c1:5e:96:63:ee:be:23:34:9b:89:12:1b:75:d7:04:
         fb:e0:a0:96:fc:29:54:cd:c2:d3:34:d4:1f:eb:bf:43:68:d3:
         ab:e6:3b:03:73:46:3d:e7:fe:23:63:ec:d7:d7:69:da:d5:67:
         55:b4:ca:20:74:2b:f0:f8:f2:ba:74:48:2f:53:be:7b:a9:e6:
         ce:c8:0a:c9:34:5d:3f:ae:d0:d5:30:87:88:ad:12:56:ee:5a:
         36:f2:96:d0:a4:55:c3:db:c0:1f:3c:3a:b7:e3:a2:d4:ad:91:
         5b:da:f2:51:87:05:46:68:95:97:67:37:02:a0:3c:0c:b2:d4:
         c0:bd:12:c9:c8:04:41:4f:33:32:96:2b:6e:6c:5f:e0:ea:f9:
         ac:ea:b5:58:6e:41:67:19:1f:02:73:20:62:85:6f:35:b5:f2:
         97:1c:33:08:25:d6:f9:eb:2b:aa:aa:cb:91:1c:13:98:cb:9b:
         d6:22:8c:fb:c6:20:ce:18:ce:0d:b8:d5:0b:92:d8:6d:dd:d3:
         a1:95:ad:1b:3e:be:4f:1e:5e:dd:bf:f2:f1:86:60:34:ae:e3:
         19:74:93:b1:42:9b:0e:3f:b8:05:a0:6a:4a:2a:25:63:48:70:
         b0:86:7f:14:90:f9:1c:9a:8a:47:70:29:1d:27:bd:dd:8f:99:
         f7:37:3e:a4:d5:08:83:4d:13:67:29:12:ae:99:25:43:39:9f:
         4c:5f:63:d6:e7:41:f4:d5:d0:68:45:c4:53:c1:25:99:27:00:
         af:4d:86:8e:f1:04:82:9c:b7:dc:6e:df:d5:f9:0c:2a:f4:c2:
         a8:fb:c4:c9:49:fb:c6:dd:0a:1a:be:d4:ef:05:95:1e:0f:d6:
         7b:0a:4e:8d:85:95:46:d7:aa:0c:5f:c4:9c:95:25:47:66:e2:
         d6:5f:43:b5:23:ad:92:bf:f8:8d:6e:3b:d6:37:8f:11:af:0e:
         b3:dd:29:51:34:b5:ae:45:5d:5c:e1:2d:d4:1c:93:fe:f9:da:
         cb:23:82:ad:23:88:3a:82:e6:ed:ab:91:56:58:05:f9:88:a2:
         0c:42:7d:dc:e0:d9:03:e3:51:fa:36:1b:a7:ad:5e:f1:f0:ff:
         53:06:de:c4:3b:6e:76:fd
-----BEGIN CERTIFICATE-----
MIIF5DCCA8ygAwIBAgICEAIwDQYJKoZIhvcNAQELBQAwdDELMAkGA1UEBhMCQ04x
EjAQBgNVBAgMCUd1YW5nZG9uZzENMAsGA1UECgwEWVNXTTEjMCEGA1UECwwaWVNX
TSBDZXJ0aWZpY2F0ZSBBdXRob3JpdHkxHTAbBgNVBAMMFFlTV00gSW50ZXJtZWRp
YXRlIENBMB4XDTIwMDMyMTA2MTcwM1oXDTIxMDMzMTA2MTcwM1owfzELMAkGA1UE
BhMCQ04xEjAQBgNVBAgMCUd1YW5nZG9uZzERMA8GA1UEBwwIU2hlbnpoZW4xDTAL
BgNVBAoMBFlTV00xIzAhBgNVBAsMGllTV00gQ2VydGlmaWNhdGUgQXV0aG9yaXR5
MRUwEwYDVQQDDAxvY3NwLmlvdC5jb20wggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAw
ggIKAoICAQDHaX8qa7qW2VJDiJH7+s47oLaA5R4p1E40tUXJrohqEpDM3tMckVl6
hNNcUzgr4tlHoiH/roxRA3bcCESEd+DqNMpl3iXNGTRwldfPeAEmwXn4ieLAw7Vk
4VVs6mMDrMmBxjPwrWQybF6U3HF2nN1+0KLfdexHayLeDXIdp3n6XgRmaOmLouS8
1ra5bQ18a3s2RDg2UaJyUMJRZiH44Cy5aC3HddrTlc7AMz58uoE7w/p0KTD0x87d
AMwnbFjqj/Ik+An1Av9LLppTR1sndynDNyZPLRzJx75TMAECpkG4dwMUpWnvnf7O
GTsJJaaO61IYm6eIq2MwMWS7UhMEjDTLE3HAlGzd+z2NodllKLzI6NNqAspQi6mX
TY6+wgQ9H3Z2lrbSQ6kKdU7y5Dlnqgh/dRJqWkU25Pl7Tp69uEJFlRYHQky5I0IE
w3EcKEAnp+Etd/q2Viln4uUQ/DjJjOJEGa61kLBjHXaCIZOVASq6fXY+8dwduFzs
0gR+5hGhdj/z8X1XgnfVqOuw+7tlx6d0rTb1qLXcSrqR9dcbHzFM1OK3NSu4pagK
dtUucd1m1CM0h8Vh4b2D35mFQqBFwhKQCSPw80vwGeQ65St30HlbAmJQAzguMdXD
Viu8Sn8npzsFgA9vNLMZYBDBp9aLFu5BFA7AlEydeaAVG005/PYU2QIDAQABo3Uw
czAJBgNVHRMEAjAAMB0GA1UdDgQWBBSw9VOT5nat+SqHOJsP2QCtdy7xWzAfBgNV
HSMEGDAWgBSAgZWLuSFXB65e4gos7ogtttvv7zAOBgNVHQ8BAf8EBAMCB4AwFgYD
VR0lAQH/BAwwCgYIKwYBBQUHAwkwDQYJKoZIhvcNAQELBQADggIBAAhZrr/vpXyM
KV4O1O/OhG+XoQ6hWx8AMIaTs108HIhjCRfH8aLRQNRdEVk2N+Jb9JNpuQhrLdy4
VdREodd2fekh+vINxRFqLjMGuj+vcltzAdQaHt/opqz7vOdCxcFelmPuviM0m4kS
G3XXBPvgoJb8KVTNwtM01B/rv0No06vmOwNzRj3n/iNj7NfXadrVZ1W0yiB0K/D4
8rp0SC9Tvnup5s7ICsk0XT+u0NUwh4itElbuWjbyltCkVcPbwB88OrfjotStkVva
8lGHBUZolZdnNwKgPAyy1MC9EsnIBEFPMzKWK25sX+Dq+azqtVhuQWcZHwJzIGKF
bzW18pccMwgl1vnrK6qqy5EcE5jLm9YijPvGIM4Yzg241QuS2G3d06GVrRs+vk8e
Xt2/8vGGYDSu4xl0k7FCmw4/uAWgakoqJWNIcLCGfxSQ+RyaikdwKR0nvd2Pmfc3
PqTVCINNE2cpEq6ZJUM5n0xfY9bnQfTV0GhFxFPBJZknAK9Nho7xBIKct9xu39X5
DCr0wqj7xMlJ+8bdChq+1O8FlR4P1nsKTo2FlUbXqgxfxJyVJUdm4tZfQ7UjrZK/
+I1uO9Y3jxGvDrPdKVE0ta5FXVzhLdQck/752ssjgq0jiDqC5u2rkVZYBfmIogxC
fdzg2QPjUfo2G6etXvHw/1MG3sQ7bnb9
-----END CERTIFICATE-----
Response verify OK
intermediate/certs/device.cert.pem: good
        This Update: Mar 21 06:42:58 2020 GMT

吊销客户端证书

openssl ca -config intermediate/openssl.cnf \
-revoke intermediate/certs/device.cert.pem

[root@ip-172-31-2-174 ca]# openssl ca -config intermediate/openssl.cnf \
> -revoke intermediate/certs/device.cert.pem
Using configuration from intermediate/openssl.cnf
Enter pass phrase for /root/ca/intermediate/private/intermediate.key.pem:
Revoking Certificate 1001.
Data Base Updated
[root@ip-172-31-2-174 ca]#

查看证书签发列表

[root@ip-172-31-2-174 ca]# cat intermediate/index.txt
V       210321055837Z           1000    unknown /C=CN/ST=Guangdong/L=Shenzhen/O=YSWL/OU=IT/CN=api.iot.com
R       200917060403Z   200321064519Z   1001    unknown /C=CN/ST=Guangdong/L=Shenzhen/O=MENGNIU/OU=IT/CN=IOTHS0000238
V       210331061703Z           1002    unknown /C=CN/ST=Guangdong/L=Shenzhen/O=YSWM/OU=YSWM Certificate Authority/CN=ocsp.iot.com
[root@ip-172-31-2-174 ca]#

再次使用OCSP检查测试客户端证书吊销状态

服务端输出

OCSP Request Data:
    Version: 1 (0x0)
    Requestor List:
        Certificate ID:
          Hash Algorithm: sha1
          Issuer Name Hash: BF07CCE36736D257F8D75DE02D5E65E1CB8068F3
          Issuer Key Hash: 8081958BB9215707AE5EE20A2CEE882DB6DBEFEF
          Serial Number: 1001
    Request Extensions:
        OCSP Nonce: 
            0410DC75A083910B1B7697B71CCAA816DC85
OCSP Response Data:
    OCSP Response Status: successful (0x0)
    Response Type: Basic OCSP Response
    Version: 1 (0x0)
    Responder Id: C = CN, ST = Guangdong, L = Shenzhen, O = YSWM, OU = YSWM Certificate Authority, CN = ocsp.iot.com
    Produced At: Mar 21 06:46:58 2020 GMT
    Responses:
    Certificate ID:
      Hash Algorithm: sha1
      Issuer Name Hash: BF07CCE36736D257F8D75DE02D5E65E1CB8068F3
      Issuer Key Hash: 8081958BB9215707AE5EE20A2CEE882DB6DBEFEF
      Serial Number: 1001
    Cert Status: revoked
    Revocation Time: Mar 21 06:45:19 2020 GMT
    This Update: Mar 21 06:46:58 2020 GMT

    Response Extensions:
        OCSP Nonce: 
            0410DC75A083910B1B7697B71CCAA816DC85
    Signature Algorithm: sha256WithRSAEncryption
         9a:87:82:dc:24:3e:4a:a3:1a:16:16:42:70:c7:6d:98:6a:6c:
         3c:d2:a1:a1:13:49:59:26:65:a9:b7:fe:fa:aa:88:70:7a:cb:
         7a:b5:cf:fb:ad:fb:3d:59:30:34:ae:34:e5:95:38:fa:29:1a:
         ce:aa:5f:94:1a:fe:70:15:ec:ae:7e:4a:01:f5:38:ea:9c:57:
         60:af:d3:b7:d4:e1:29:19:78:08:a1:62:b4:8f:0f:89:2f:9d:
         8a:b4:0e:74:44:ba:81:29:1e:9d:03:25:ba:9d:55:78:32:73:
         46:3b:41:6a:9b:94:35:eb:c2:2d:cd:2c:2d:89:86:86:7d:cd:
         7a:c6:3e:8e:c3:e1:c6:5e:40:69:fe:0f:a6:9b:3a:18:c7:39:
         c9:34:5e:31:cf:9b:b2:cf:fa:04:17:f1:a1:33:0f:7c:87:ae:
         ad:19:da:bf:25:1b:da:b2:ee:e9:f5:df:49:7c:24:02:10:2d:
         c5:51:a8:b7:ac:7d:78:58:76:bd:33:d2:f7:b4:7b:87:27:74:
         0b:d9:78:e1:70:6e:30:b7:4e:d8:1f:45:87:35:89:d7:2a:65:
         41:18:16:82:03:6a:3a:e1:ba:bb:8c:d8:a6:7a:f9:39:f4:ba:
         30:56:90:dd:ac:16:f2:1e:53:b7:40:24:95:95:44:71:a3:56:
         c9:f7:fa:f0:54:bc:99:87:7f:35:37:6f:a4:46:dc:e5:b1:e2:
         a4:d3:e8:2a:10:a2:97:72:c8:f3:1c:6c:58:e5:65:60:a4:2f:
         9a:8d:43:6e:a7:3e:dc:d1:cc:c8:e2:8f:7d:b9:df:17:cf:f8:
         aa:3d:b3:ab:ef:2e:89:e0:b8:28:96:9e:86:2c:d7:25:fb:98:
         b1:a2:5a:b8:94:84:e9:82:72:1c:7a:c6:4d:cc:14:c7:7e:e6:
         57:8b:7a:ad:53:ef:1e:ce:50:0f:f7:60:c7:67:9b:9b:ef:22:
         de:c0:6e:1f:58:13:7d:f0:05:16:f2:0c:c9:58:8c:74:cc:93:
         56:6d:07:e1:be:2f:3e:c5:4a:1c:ed:4e:d5:da:bb:b8:73:09:
         7d:c8:69:9b:e7:0b:4e:37:a9:95:8d:47:a9:8b:3a:eb:ff:de:
         dc:5b:30:ce:51:60:f5:12:b0:dd:22:61:af:40:5d:bb:89:89:
         cc:73:c0:02:a1:da:8b:6b:02:ee:43:6c:33:cc:14:f0:15:a1:
         60:04:71:f7:70:34:ea:c3:d3:6b:0f:fc:90:b3:b0:2b:3d:01:
         ce:26:63:3e:c0:a7:bd:c5:74:9f:b6:47:6b:ac:28:8d:87:b4:
         6d:4c:09:09:4c:66:d2:71:00:f1:be:25:58:30:cc:a5:8e:22:
         5a:00:4b:19:3e:68:15:ea
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 4098 (0x1002)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: C=CN, ST=Guangdong, O=YSWM, OU=YSWM Certificate Authority, CN=YSWM Intermediate CA
        Validity
            Not Before: Mar 21 06:17:03 2020 GMT
            Not After : Mar 31 06:17:03 2021 GMT
        Subject: C=CN, ST=Guangdong, L=Shenzhen, O=YSWM, OU=YSWM Certificate Authority, CN=ocsp.iot.com
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                Public-Key: (4096 bit)
                Modulus:
                    00:c7:69:7f:2a:6b:ba:96:d9:52:43:88:91:fb:fa:
                    ce:3b:a0:b6:80:e5:1e:29:d4:4e:34:b5:45:c9:ae:
                    88:6a:12:90:cc:de:d3:1c:91:59:7a:84:d3:5c:53:
                    38:2b:e2:d9:47:a2:21:ff:ae:8c:51:03:76:dc:08:
                    44:84:77:e0:ea:34:ca:65:de:25:cd:19:34:70:95:
                    d7:cf:78:01:26:c1:79:f8:89:e2:c0:c3:b5:64:e1:
                    55:6c:ea:63:03:ac:c9:81:c6:33:f0:ad:64:32:6c:
                    5e:94:dc:71:76:9c:dd:7e:d0:a2:df:75:ec:47:6b:
                    22:de:0d:72:1d:a7:79:fa:5e:04:66:68:e9:8b:a2:
                    e4:bc:d6:b6:b9:6d:0d:7c:6b:7b:36:44:38:36:51:
                    a2:72:50:c2:51:66:21:f8:e0:2c:b9:68:2d:c7:75:
                    da:d3:95:ce:c0:33:3e:7c:ba:81:3b:c3:fa:74:29:
                    30:f4:c7:ce:dd:00:cc:27:6c:58:ea:8f:f2:24:f8:
                    09:f5:02:ff:4b:2e:9a:53:47:5b:27:77:29:c3:37:
                    26:4f:2d:1c:c9:c7:be:53:30:01:02:a6:41:b8:77:
                    03:14:a5:69:ef:9d:fe:ce:19:3b:09:25:a6:8e:eb:
                    52:18:9b:a7:88:ab:63:30:31:64:bb:52:13:04:8c:
                    34:cb:13:71:c0:94:6c:dd:fb:3d:8d:a1:d9:65:28:
                    bc:c8:e8:d3:6a:02:ca:50:8b:a9:97:4d:8e:be:c2:
                    04:3d:1f:76:76:96:b6:d2:43:a9:0a:75:4e:f2:e4:
                    39:67:aa:08:7f:75:12:6a:5a:45:36:e4:f9:7b:4e:
                    9e:bd:b8:42:45:95:16:07:42:4c:b9:23:42:04:c3:
                    71:1c:28:40:27:a7:e1:2d:77:fa:b6:56:29:67:e2:
                    e5:10:fc:38:c9:8c:e2:44:19:ae:b5:90:b0:63:1d:
                    76:82:21:93:95:01:2a:ba:7d:76:3e:f1:dc:1d:b8:
                    5c:ec:d2:04:7e:e6:11:a1:76:3f:f3:f1:7d:57:82:
                    77:d5:a8:eb:b0:fb:bb:65:c7:a7:74:ad:36:f5:a8:
                    b5:dc:4a:ba:91:f5:d7:1b:1f:31:4c:d4:e2:b7:35:
                    2b:b8:a5:a8:0a:76:d5:2e:71:dd:66:d4:23:34:87:
                    c5:61:e1:bd:83:df:99:85:42:a0:45:c2:12:90:09:
                    23:f0:f3:4b:f0:19:e4:3a:e5:2b:77:d0:79:5b:02:
                    62:50:03:38:2e:31:d5:c3:56:2b:bc:4a:7f:27:a7:
                    3b:05:80:0f:6f:34:b3:19:60:10:c1:a7:d6:8b:16:
                    ee:41:14:0e:c0:94:4c:9d:79:a0:15:1b:4d:39:fc:
                    f6:14:d9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Basic Constraints: 
                CA:FALSE
            X509v3 Subject Key Identifier: 
                B0:F5:53:93:E6:76:AD:F9:2A:87:38:9B:0F:D9:00:AD:77:2E:F1:5B
            X509v3 Authority Key Identifier: 
                keyid:80:81:95:8B:B9:21:57:07:AE:5E:E2:0A:2C:EE:88:2D:B6:DB:EF:EF

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 Extended Key Usage: critical
                OCSP Signing
    Signature Algorithm: sha256WithRSAEncryption
         08:59:ae:bf:ef:a5:7c:8c:29:5e:0e:d4:ef:ce:84:6f:97:a1:
         0e:a1:5b:1f:00:30:86:93:b3:5d:3c:1c:88:63:09:17:c7:f1:
         a2:d1:40:d4:5d:11:59:36:37:e2:5b:f4:93:69:b9:08:6b:2d:
         dc:b8:55:d4:44:a1:d7:76:7d:e9:21:fa:f2:0d:c5:11:6a:2e:
         33:06:ba:3f:af:72:5b:73:01:d4:1a:1e:df:e8:a6:ac:fb:bc:
         e7:42:c5:c1:5e:96:63:ee:be:23:34:9b:89:12:1b:75:d7:04:
         fb:e0:a0:96:fc:29:54:cd:c2:d3:34:d4:1f:eb:bf:43:68:d3:
         ab:e6:3b:03:73:46:3d:e7:fe:23:63:ec:d7:d7:69:da:d5:67:
         55:b4:ca:20:74:2b:f0:f8:f2:ba:74:48:2f:53:be:7b:a9:e6:
         ce:c8:0a:c9:34:5d:3f:ae:d0:d5:30:87:88:ad:12:56:ee:5a:
         36:f2:96:d0:a4:55:c3:db:c0:1f:3c:3a:b7:e3:a2:d4:ad:91:
         5b:da:f2:51:87:05:46:68:95:97:67:37:02:a0:3c:0c:b2:d4:
         c0:bd:12:c9:c8:04:41:4f:33:32:96:2b:6e:6c:5f:e0:ea:f9:
         ac:ea:b5:58:6e:41:67:19:1f:02:73:20:62:85:6f:35:b5:f2:
         97:1c:33:08:25:d6:f9:eb:2b:aa:aa:cb:91:1c:13:98:cb:9b:
         d6:22:8c:fb:c6:20:ce:18:ce:0d:b8:d5:0b:92:d8:6d:dd:d3:
         a1:95:ad:1b:3e:be:4f:1e:5e:dd:bf:f2:f1:86:60:34:ae:e3:
         19:74:93:b1:42:9b:0e:3f:b8:05:a0:6a:4a:2a:25:63:48:70:
         b0:86:7f:14:90:f9:1c:9a:8a:47:70:29:1d:27:bd:dd:8f:99:
         f7:37:3e:a4:d5:08:83:4d:13:67:29:12:ae:99:25:43:39:9f:
         4c:5f:63:d6:e7:41:f4:d5:d0:68:45:c4:53:c1:25:99:27:00:
         af:4d:86:8e:f1:04:82:9c:b7:dc:6e:df:d5:f9:0c:2a:f4:c2:
         a8:fb:c4:c9:49:fb:c6:dd:0a:1a:be:d4:ef:05:95:1e:0f:d6:
         7b:0a:4e:8d:85:95:46:d7:aa:0c:5f:c4:9c:95:25:47:66:e2:
         d6:5f:43:b5:23:ad:92:bf:f8:8d:6e:3b:d6:37:8f:11:af:0e:
         b3:dd:29:51:34:b5:ae:45:5d:5c:e1:2d:d4:1c:93:fe:f9:da:
         cb:23:82:ad:23:88:3a:82:e6:ed:ab:91:56:58:05:f9:88:a2:
         0c:42:7d:dc:e0:d9:03:e3:51:fa:36:1b:a7:ad:5e:f1:f0:ff:
         53:06:de:c4:3b:6e:76:fd
-----BEGIN CERTIFICATE-----
MIIF5DCCA8ygAwIBAgICEAIwDQYJKoZIhvcNAQELBQAwdDELMAkGA1UEBhMCQ04x
EjAQBgNVBAgMCUd1YW5nZG9uZzENMAsGA1UECgwEWVNXTTEjMCEGA1UECwwaWVNX
TSBDZXJ0aWZpY2F0ZSBBdXRob3JpdHkxHTAbBgNVBAMMFFlTV00gSW50ZXJtZWRp
YXRlIENBMB4XDTIwMDMyMTA2MTcwM1oXDTIxMDMzMTA2MTcwM1owfzELMAkGA1UE
BhMCQ04xEjAQBgNVBAgMCUd1YW5nZG9uZzERMA8GA1UEBwwIU2hlbnpoZW4xDTAL
BgNVBAoMBFlTV00xIzAhBgNVBAsMGllTV00gQ2VydGlmaWNhdGUgQXV0aG9yaXR5
MRUwEwYDVQQDDAxvY3NwLmlvdC5jb20wggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAw
ggIKAoICAQDHaX8qa7qW2VJDiJH7+s47oLaA5R4p1E40tUXJrohqEpDM3tMckVl6
hNNcUzgr4tlHoiH/roxRA3bcCESEd+DqNMpl3iXNGTRwldfPeAEmwXn4ieLAw7Vk
4VVs6mMDrMmBxjPwrWQybF6U3HF2nN1+0KLfdexHayLeDXIdp3n6XgRmaOmLouS8
1ra5bQ18a3s2RDg2UaJyUMJRZiH44Cy5aC3HddrTlc7AMz58uoE7w/p0KTD0x87d
AMwnbFjqj/Ik+An1Av9LLppTR1sndynDNyZPLRzJx75TMAECpkG4dwMUpWnvnf7O
GTsJJaaO61IYm6eIq2MwMWS7UhMEjDTLE3HAlGzd+z2NodllKLzI6NNqAspQi6mX
TY6+wgQ9H3Z2lrbSQ6kKdU7y5Dlnqgh/dRJqWkU25Pl7Tp69uEJFlRYHQky5I0IE
w3EcKEAnp+Etd/q2Viln4uUQ/DjJjOJEGa61kLBjHXaCIZOVASq6fXY+8dwduFzs
0gR+5hGhdj/z8X1XgnfVqOuw+7tlx6d0rTb1qLXcSrqR9dcbHzFM1OK3NSu4pagK
dtUucd1m1CM0h8Vh4b2D35mFQqBFwhKQCSPw80vwGeQ65St30HlbAmJQAzguMdXD
Viu8Sn8npzsFgA9vNLMZYBDBp9aLFu5BFA7AlEydeaAVG005/PYU2QIDAQABo3Uw
czAJBgNVHRMEAjAAMB0GA1UdDgQWBBSw9VOT5nat+SqHOJsP2QCtdy7xWzAfBgNV
HSMEGDAWgBSAgZWLuSFXB65e4gos7ogtttvv7zAOBgNVHQ8BAf8EBAMCB4AwFgYD
VR0lAQH/BAwwCgYIKwYBBQUHAwkwDQYJKoZIhvcNAQELBQADggIBAAhZrr/vpXyM
KV4O1O/OhG+XoQ6hWx8AMIaTs108HIhjCRfH8aLRQNRdEVk2N+Jb9JNpuQhrLdy4
VdREodd2fekh+vINxRFqLjMGuj+vcltzAdQaHt/opqz7vOdCxcFelmPuviM0m4kS
G3XXBPvgoJb8KVTNwtM01B/rv0No06vmOwNzRj3n/iNj7NfXadrVZ1W0yiB0K/D4
8rp0SC9Tvnup5s7ICsk0XT+u0NUwh4itElbuWjbyltCkVcPbwB88OrfjotStkVva
8lGHBUZolZdnNwKgPAyy1MC9EsnIBEFPMzKWK25sX+Dq+azqtVhuQWcZHwJzIGKF
bzW18pccMwgl1vnrK6qqy5EcE5jLm9YijPvGIM4Yzg241QuS2G3d06GVrRs+vk8e
Xt2/8vGGYDSu4xl0k7FCmw4/uAWgakoqJWNIcLCGfxSQ+RyaikdwKR0nvd2Pmfc3
PqTVCINNE2cpEq6ZJUM5n0xfY9bnQfTV0GhFxFPBJZknAK9Nho7xBIKct9xu39X5
DCr0wqj7xMlJ+8bdChq+1O8FlR4P1nsKTo2FlUbXqgxfxJyVJUdm4tZfQ7UjrZK/
+I1uO9Y3jxGvDrPdKVE0ta5FXVzhLdQck/752ssjgq0jiDqC5u2rkVZYBfmIogxC
fdzg2QPjUfo2G6etXvHw/1MG3sQ7bnb9
-----END CERTIFICATE-----

客户端输出

OCSP Response Data:
    OCSP Response Status: successful (0x0)
    Response Type: Basic OCSP Response
    Version: 1 (0x0)
    Responder Id: C = CN, ST = Guangdong, L = Shenzhen, O = YSWM, OU = YSWM Certificate Authority, CN = ocsp.iot.com
    Produced At: Mar 21 06:46:58 2020 GMT
    Responses:
    Certificate ID:
      Hash Algorithm: sha1
      Issuer Name Hash: BF07CCE36736D257F8D75DE02D5E65E1CB8068F3
      Issuer Key Hash: 8081958BB9215707AE5EE20A2CEE882DB6DBEFEF
      Serial Number: 1001
    Cert Status: revoked
    Revocation Time: Mar 21 06:45:19 2020 GMT
    This Update: Mar 21 06:46:58 2020 GMT

    Response Extensions:
        OCSP Nonce: 
            0410DC75A083910B1B7697B71CCAA816DC85
    Signature Algorithm: sha256WithRSAEncryption
         9a:87:82:dc:24:3e:4a:a3:1a:16:16:42:70:c7:6d:98:6a:6c:
         3c:d2:a1:a1:13:49:59:26:65:a9:b7:fe:fa:aa:88:70:7a:cb:
         7a:b5:cf:fb:ad:fb:3d:59:30:34:ae:34:e5:95:38:fa:29:1a:
         ce:aa:5f:94:1a:fe:70:15:ec:ae:7e:4a:01:f5:38:ea:9c:57:
         60:af:d3:b7:d4:e1:29:19:78:08:a1:62:b4:8f:0f:89:2f:9d:
         8a:b4:0e:74:44:ba:81:29:1e:9d:03:25:ba:9d:55:78:32:73:
         46:3b:41:6a:9b:94:35:eb:c2:2d:cd:2c:2d:89:86:86:7d:cd:
         7a:c6:3e:8e:c3:e1:c6:5e:40:69:fe:0f:a6:9b:3a:18:c7:39:
         c9:34:5e:31:cf:9b:b2:cf:fa:04:17:f1:a1:33:0f:7c:87:ae:
         ad:19:da:bf:25:1b:da:b2:ee:e9:f5:df:49:7c:24:02:10:2d:
         c5:51:a8:b7:ac:7d:78:58:76:bd:33:d2:f7:b4:7b:87:27:74:
         0b:d9:78:e1:70:6e:30:b7:4e:d8:1f:45:87:35:89:d7:2a:65:
         41:18:16:82:03:6a:3a:e1:ba:bb:8c:d8:a6:7a:f9:39:f4:ba:
         30:56:90:dd:ac:16:f2:1e:53:b7:40:24:95:95:44:71:a3:56:
         c9:f7:fa:f0:54:bc:99:87:7f:35:37:6f:a4:46:dc:e5:b1:e2:
         a4:d3:e8:2a:10:a2:97:72:c8:f3:1c:6c:58:e5:65:60:a4:2f:
         9a:8d:43:6e:a7:3e:dc:d1:cc:c8:e2:8f:7d:b9:df:17:cf:f8:
         aa:3d:b3:ab:ef:2e:89:e0:b8:28:96:9e:86:2c:d7:25:fb:98:
         b1:a2:5a:b8:94:84:e9:82:72:1c:7a:c6:4d:cc:14:c7:7e:e6:
         57:8b:7a:ad:53:ef:1e:ce:50:0f:f7:60:c7:67:9b:9b:ef:22:
         de:c0:6e:1f:58:13:7d:f0:05:16:f2:0c:c9:58:8c:74:cc:93:
         56:6d:07:e1:be:2f:3e:c5:4a:1c:ed:4e:d5:da:bb:b8:73:09:
         7d:c8:69:9b:e7:0b:4e:37:a9:95:8d:47:a9:8b:3a:eb:ff:de:
         dc:5b:30:ce:51:60:f5:12:b0:dd:22:61:af:40:5d:bb:89:89:
         cc:73:c0:02:a1:da:8b:6b:02:ee:43:6c:33:cc:14:f0:15:a1:
         60:04:71:f7:70:34:ea:c3:d3:6b:0f:fc:90:b3:b0:2b:3d:01:
         ce:26:63:3e:c0:a7:bd:c5:74:9f:b6:47:6b:ac:28:8d:87:b4:
         6d:4c:09:09:4c:66:d2:71:00:f1:be:25:58:30:cc:a5:8e:22:
         5a:00:4b:19:3e:68:15:ea
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 4098 (0x1002)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: C=CN, ST=Guangdong, O=YSWM, OU=YSWM Certificate Authority, CN=YSWM Intermediate CA
        Validity
            Not Before: Mar 21 06:17:03 2020 GMT
            Not After : Mar 31 06:17:03 2021 GMT
        Subject: C=CN, ST=Guangdong, L=Shenzhen, O=YSWM, OU=YSWM Certificate Authority, CN=ocsp.iot.com
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                Public-Key: (4096 bit)
                Modulus:
                    00:c7:69:7f:2a:6b:ba:96:d9:52:43:88:91:fb:fa:
                    ce:3b:a0:b6:80:e5:1e:29:d4:4e:34:b5:45:c9:ae:
                    88:6a:12:90:cc:de:d3:1c:91:59:7a:84:d3:5c:53:
                    38:2b:e2:d9:47:a2:21:ff:ae:8c:51:03:76:dc:08:
                    44:84:77:e0:ea:34:ca:65:de:25:cd:19:34:70:95:
                    d7:cf:78:01:26:c1:79:f8:89:e2:c0:c3:b5:64:e1:
                    55:6c:ea:63:03:ac:c9:81:c6:33:f0:ad:64:32:6c:
                    5e:94:dc:71:76:9c:dd:7e:d0:a2:df:75:ec:47:6b:
                    22:de:0d:72:1d:a7:79:fa:5e:04:66:68:e9:8b:a2:
                    e4:bc:d6:b6:b9:6d:0d:7c:6b:7b:36:44:38:36:51:
                    a2:72:50:c2:51:66:21:f8:e0:2c:b9:68:2d:c7:75:
                    da:d3:95:ce:c0:33:3e:7c:ba:81:3b:c3:fa:74:29:
                    30:f4:c7:ce:dd:00:cc:27:6c:58:ea:8f:f2:24:f8:
                    09:f5:02:ff:4b:2e:9a:53:47:5b:27:77:29:c3:37:
                    26:4f:2d:1c:c9:c7:be:53:30:01:02:a6:41:b8:77:
                    03:14:a5:69:ef:9d:fe:ce:19:3b:09:25:a6:8e:eb:
                    52:18:9b:a7:88:ab:63:30:31:64:bb:52:13:04:8c:
                    34:cb:13:71:c0:94:6c:dd:fb:3d:8d:a1:d9:65:28:
                    bc:c8:e8:d3:6a:02:ca:50:8b:a9:97:4d:8e:be:c2:
                    04:3d:1f:76:76:96:b6:d2:43:a9:0a:75:4e:f2:e4:
                    39:67:aa:08:7f:75:12:6a:5a:45:36:e4:f9:7b:4e:
                    9e:bd:b8:42:45:95:16:07:42:4c:b9:23:42:04:c3:
                    71:1c:28:40:27:a7:e1:2d:77:fa:b6:56:29:67:e2:
                    e5:10:fc:38:c9:8c:e2:44:19:ae:b5:90:b0:63:1d:
                    76:82:21:93:95:01:2a:ba:7d:76:3e:f1:dc:1d:b8:
                    5c:ec:d2:04:7e:e6:11:a1:76:3f:f3:f1:7d:57:82:
                    77:d5:a8:eb:b0:fb:bb:65:c7:a7:74:ad:36:f5:a8:
                    b5:dc:4a:ba:91:f5:d7:1b:1f:31:4c:d4:e2:b7:35:
                    2b:b8:a5:a8:0a:76:d5:2e:71:dd:66:d4:23:34:87:
                    c5:61:e1:bd:83:df:99:85:42:a0:45:c2:12:90:09:
                    23:f0:f3:4b:f0:19:e4:3a:e5:2b:77:d0:79:5b:02:
                    62:50:03:38:2e:31:d5:c3:56:2b:bc:4a:7f:27:a7:
                    3b:05:80:0f:6f:34:b3:19:60:10:c1:a7:d6:8b:16:
                    ee:41:14:0e:c0:94:4c:9d:79:a0:15:1b:4d:39:fc:
                    f6:14:d9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Basic Constraints: 
                CA:FALSE
            X509v3 Subject Key Identifier: 
                B0:F5:53:93:E6:76:AD:F9:2A:87:38:9B:0F:D9:00:AD:77:2E:F1:5B
            X509v3 Authority Key Identifier: 
                keyid:80:81:95:8B:B9:21:57:07:AE:5E:E2:0A:2C:EE:88:2D:B6:DB:EF:EF

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 Extended Key Usage: critical
                OCSP Signing
    Signature Algorithm: sha256WithRSAEncryption
         08:59:ae:bf:ef:a5:7c:8c:29:5e:0e:d4:ef:ce:84:6f:97:a1:
         0e:a1:5b:1f:00:30:86:93:b3:5d:3c:1c:88:63:09:17:c7:f1:
         a2:d1:40:d4:5d:11:59:36:37:e2:5b:f4:93:69:b9:08:6b:2d:
         dc:b8:55:d4:44:a1:d7:76:7d:e9:21:fa:f2:0d:c5:11:6a:2e:
         33:06:ba:3f:af:72:5b:73:01:d4:1a:1e:df:e8:a6:ac:fb:bc:
         e7:42:c5:c1:5e:96:63:ee:be:23:34:9b:89:12:1b:75:d7:04:
         fb:e0:a0:96:fc:29:54:cd:c2:d3:34:d4:1f:eb:bf:43:68:d3:
         ab:e6:3b:03:73:46:3d:e7:fe:23:63:ec:d7:d7:69:da:d5:67:
         55:b4:ca:20:74:2b:f0:f8:f2:ba:74:48:2f:53:be:7b:a9:e6:
         ce:c8:0a:c9:34:5d:3f:ae:d0:d5:30:87:88:ad:12:56:ee:5a:
         36:f2:96:d0:a4:55:c3:db:c0:1f:3c:3a:b7:e3:a2:d4:ad:91:
         5b:da:f2:51:87:05:46:68:95:97:67:37:02:a0:3c:0c:b2:d4:
         c0:bd:12:c9:c8:04:41:4f:33:32:96:2b:6e:6c:5f:e0:ea:f9:
         ac:ea:b5:58:6e:41:67:19:1f:02:73:20:62:85:6f:35:b5:f2:
         97:1c:33:08:25:d6:f9:eb:2b:aa:aa:cb:91:1c:13:98:cb:9b:
         d6:22:8c:fb:c6:20:ce:18:ce:0d:b8:d5:0b:92:d8:6d:dd:d3:
         a1:95:ad:1b:3e:be:4f:1e:5e:dd:bf:f2:f1:86:60:34:ae:e3:
         19:74:93:b1:42:9b:0e:3f:b8:05:a0:6a:4a:2a:25:63:48:70:
         b0:86:7f:14:90:f9:1c:9a:8a:47:70:29:1d:27:bd:dd:8f:99:
         f7:37:3e:a4:d5:08:83:4d:13:67:29:12:ae:99:25:43:39:9f:
         4c:5f:63:d6:e7:41:f4:d5:d0:68:45:c4:53:c1:25:99:27:00:
         af:4d:86:8e:f1:04:82:9c:b7:dc:6e:df:d5:f9:0c:2a:f4:c2:
         a8:fb:c4:c9:49:fb:c6:dd:0a:1a:be:d4:ef:05:95:1e:0f:d6:
         7b:0a:4e:8d:85:95:46:d7:aa:0c:5f:c4:9c:95:25:47:66:e2:
         d6:5f:43:b5:23:ad:92:bf:f8:8d:6e:3b:d6:37:8f:11:af:0e:
         b3:dd:29:51:34:b5:ae:45:5d:5c:e1:2d:d4:1c:93:fe:f9:da:
         cb:23:82:ad:23:88:3a:82:e6:ed:ab:91:56:58:05:f9:88:a2:
         0c:42:7d:dc:e0:d9:03:e3:51:fa:36:1b:a7:ad:5e:f1:f0:ff:
         53:06:de:c4:3b:6e:76:fd
-----BEGIN CERTIFICATE-----
MIIF5DCCA8ygAwIBAgICEAIwDQYJKoZIhvcNAQELBQAwdDELMAkGA1UEBhMCQ04x
EjAQBgNVBAgMCUd1YW5nZG9uZzENMAsGA1UECgwEWVNXTTEjMCEGA1UECwwaWVNX
TSBDZXJ0aWZpY2F0ZSBBdXRob3JpdHkxHTAbBgNVBAMMFFlTV00gSW50ZXJtZWRp
YXRlIENBMB4XDTIwMDMyMTA2MTcwM1oXDTIxMDMzMTA2MTcwM1owfzELMAkGA1UE
BhMCQ04xEjAQBgNVBAgMCUd1YW5nZG9uZzERMA8GA1UEBwwIU2hlbnpoZW4xDTAL
BgNVBAoMBFlTV00xIzAhBgNVBAsMGllTV00gQ2VydGlmaWNhdGUgQXV0aG9yaXR5
MRUwEwYDVQQDDAxvY3NwLmlvdC5jb20wggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAw
ggIKAoICAQDHaX8qa7qW2VJDiJH7+s47oLaA5R4p1E40tUXJrohqEpDM3tMckVl6
hNNcUzgr4tlHoiH/roxRA3bcCESEd+DqNMpl3iXNGTRwldfPeAEmwXn4ieLAw7Vk
4VVs6mMDrMmBxjPwrWQybF6U3HF2nN1+0KLfdexHayLeDXIdp3n6XgRmaOmLouS8
1ra5bQ18a3s2RDg2UaJyUMJRZiH44Cy5aC3HddrTlc7AMz58uoE7w/p0KTD0x87d
AMwnbFjqj/Ik+An1Av9LLppTR1sndynDNyZPLRzJx75TMAECpkG4dwMUpWnvnf7O
GTsJJaaO61IYm6eIq2MwMWS7UhMEjDTLE3HAlGzd+z2NodllKLzI6NNqAspQi6mX
TY6+wgQ9H3Z2lrbSQ6kKdU7y5Dlnqgh/dRJqWkU25Pl7Tp69uEJFlRYHQky5I0IE
w3EcKEAnp+Etd/q2Viln4uUQ/DjJjOJEGa61kLBjHXaCIZOVASq6fXY+8dwduFzs
0gR+5hGhdj/z8X1XgnfVqOuw+7tlx6d0rTb1qLXcSrqR9dcbHzFM1OK3NSu4pagK
dtUucd1m1CM0h8Vh4b2D35mFQqBFwhKQCSPw80vwGeQ65St30HlbAmJQAzguMdXD
Viu8Sn8npzsFgA9vNLMZYBDBp9aLFu5BFA7AlEydeaAVG005/PYU2QIDAQABo3Uw
czAJBgNVHRMEAjAAMB0GA1UdDgQWBBSw9VOT5nat+SqHOJsP2QCtdy7xWzAfBgNV
HSMEGDAWgBSAgZWLuSFXB65e4gos7ogtttvv7zAOBgNVHQ8BAf8EBAMCB4AwFgYD
VR0lAQH/BAwwCgYIKwYBBQUHAwkwDQYJKoZIhvcNAQELBQADggIBAAhZrr/vpXyM
KV4O1O/OhG+XoQ6hWx8AMIaTs108HIhjCRfH8aLRQNRdEVk2N+Jb9JNpuQhrLdy4
VdREodd2fekh+vINxRFqLjMGuj+vcltzAdQaHt/opqz7vOdCxcFelmPuviM0m4kS
G3XXBPvgoJb8KVTNwtM01B/rv0No06vmOwNzRj3n/iNj7NfXadrVZ1W0yiB0K/D4
8rp0SC9Tvnup5s7ICsk0XT+u0NUwh4itElbuWjbyltCkVcPbwB88OrfjotStkVva
8lGHBUZolZdnNwKgPAyy1MC9EsnIBEFPMzKWK25sX+Dq+azqtVhuQWcZHwJzIGKF
bzW18pccMwgl1vnrK6qqy5EcE5jLm9YijPvGIM4Yzg241QuS2G3d06GVrRs+vk8e
Xt2/8vGGYDSu4xl0k7FCmw4/uAWgakoqJWNIcLCGfxSQ+RyaikdwKR0nvd2Pmfc3
PqTVCINNE2cpEq6ZJUM5n0xfY9bnQfTV0GhFxFPBJZknAK9Nho7xBIKct9xu39X5
DCr0wqj7xMlJ+8bdChq+1O8FlR4P1nsKTo2FlUbXqgxfxJyVJUdm4tZfQ7UjrZK/
+I1uO9Y3jxGvDrPdKVE0ta5FXVzhLdQck/752ssjgq0jiDqC5u2rkVZYBfmIogxC
fdzg2QPjUfo2G6etXvHw/1MG3sQ7bnb9
-----END CERTIFICATE-----
Response verify OK
intermediate/certs/device.cert.pem: revoked
        This Update: Mar 21 06:46:58 2020 GMT
        Revocation Time: Mar 21 06:45:19 2020 GMT

 Leave a Reply

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>

(required)

(required)

此站点使用Akismet来减少垃圾评论。了解我们如何处理您的评论数据