如何从iOS上的EV证书获取组织
我一直在尝试从iOS上的扩展验证SSL证书(EV证书)获取组织信息 我有一个如何从iOS上的EV证书获取组织,ios,ssl,Ios,Ssl,我一直在尝试从iOS上的扩展验证SSL证书(EV证书)获取组织信息 我有一个UIWebClient加载了一个NSURLRequest,但我无法从中找出我应该获得组织信息的原因 为了澄清,当我在我的UIWebClient上加载页面时,我试图从本网站获取“智利桑坦德银行”,如下图所示: 您必须从SecCertificateRef对象中提取它。请查看此线程: 要添加到reecon的答案中,您还需要一个要查找的OID列表。没有标准的EV OID,因此您必须从链接到发行人的已知OID列表中查找匹配的OID
UIWebClient
加载了一个NSURLRequest
,但我无法从中找出我应该获得组织信息的原因
为了澄清,当我在我的UIWebClient
上加载页面时,我试图从本网站获取“智利桑坦德银行”,如下图所示:
您必须从
SecCertificateRef
对象中提取它。请查看此线程:
要添加到reecon的答案中,您还需要一个要查找的OID列表。没有标准的EV OID,因此您必须从链接到发行人的已知OID列表中查找匹配的OID。表明一个发行人的EV的OID并不意味着它是另一个发行人的EV 您可以在找到Chromium的EV OID元数据列表。维基百科在上有一个列表,但我不确定它有多流行
。。。当我加载页面时,我正在尝试从这个网站获取“智利桑坦德银行” 一旦EV OID与发卡机构匹配,您将显示证书中的组织名称(或其他相关字段)(
/O=Banco Santander Chile
如下):
解析证书。由于发行人是Verisign,因此您要查找的OID是2.16.840.1.113733.1.7.23.6
:
$ openssl x509 -in test.pem -text -noout
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
2d:fb:a1:be:00:e2:96:99:34:a8:b7:5b:90:c9:85:5d
Signature Algorithm: sha1WithRSAEncryption
Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at https://www.verisign.com/rpa (c)06, CN=VeriSign Class 3 Extended Validation SSL SGC CA
Validity
Not Before: Aug 27 00:00:00 2013 GMT
Not After : Nov 26 23:59:59 2014 GMT
Subject: 1.3.6.1.4.1.311.60.2.1.3=CL/businessCategory=Private Organization/serialNumber=97036000-K, C=CL, ST=Santiago, L=Santiago, O=Banco Santander Chile, OU=Comercio Electronico, OU=Terms of use at www.verisign.com/rpa (c)05, CN=www.santander.cl
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (2048 bit)
Modulus:
00:af:25:f4:cd:20:3c:ed:6c:e6:83:3e:13:1b:c0:
98:f8:57:2f:57:01:08:bf:22:df:78:22:5a:37:ea:
16:f9:e4:8f:fa:2a:4b:37:2d:57:37:11:8c:29:db:
e5:06:ba:05:56:f6:0b:3f:ee:55:98:69:41:85:a0:
12:df:5d:9f:09:30:26:7b:70:4b:88:51:05:a5:36:
2e:69:c8:28:14:2e:2d:be:7a:13:07:01:9f:eb:23:
ea:52:11:6b:72:3f:4e:ba:1d:33:b1:8c:f5:d4:e7:
51:f5:f8:5b:86:06:6f:04:02:37:63:b4:6d:e6:a9:
4b:34:c4:05:36:8c:7c:e9:f0:71:84:ef:92:38:72:
b9:8e:b2:a4:9a:ca:a6:95:da:73:ce:bd:c8:f9:0c:
b4:a6:88:c9:e3:b9:a3:34:09:4c:55:3b:ad:ce:5f:
2d:35:47:9c:e9:4d:3b:c4:02:1c:22:6b:16:4a:f3:
50:2a:86:b2:bc:bd:08:fd:cb:f8:f7:80:c5:86:55:
e6:59:e4:c8:79:ba:36:e3:c6:a4:d4:f9:8f:15:20:
89:bc:71:64:ab:b4:7c:9e:28:f1:42:f8:16:46:55:
97:09:de:a9:78:58:27:22:aa:60:a7:88:64:03:fb:
4f:8d:36:01:52:11:47:48:d2:82:2b:de:08:3a:ee:
f0:89
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Alternative Name:
DNS:www.santander.cl
X509v3 Basic Constraints:
CA:FALSE
X509v3 Key Usage: critical
Digital Signature, Key Encipherment
X509v3 Certificate Policies:
Policy: 2.16.840.1.113733.1.7.23.6
CPS: https://www.verisign.com/cps
X509v3 CRL Distribution Points:
Full Name:
URI:http://EVIntl-crl.verisign.com/EVIntl2006.crl
X509v3 Extended Key Usage:
TLS Web Server Authentication, TLS Web Client Authentication, Netscape Server Gated Crypto
X509v3 Authority Key Identifier:
keyid:4E:43:C8:1D:76:EF:37:53:7A:4F:F2:58:6F:94:F3:38:E2:D5:BD:DF
Authority Information Access:
OCSP - URI:http://ocsp.verisign.com
CA Issuers - URI:http://EVIntl-aia.verisign.com/EVIntl2006.cer
Signature Algorithm: sha1WithRSAEncryption
5b:77:fb:a5:82:d8:fa:cc:84:b5:5c:48:86:fc:ea:ad:2b:cb:
0f:9e:6e:3b:e6:e5:4a:52:d7:c6:f1:fd:f9:47:a2:2b:b7:32:
95:4d:bf:74:99:9d:8e:30:3b:71:74:00:3d:59:d5:50:7a:08:
be:de:2b:d1:69:89:9f:fc:28:e8:2d:28:04:1b:33:fe:20:52:
84:bd:7a:ad:5b:30:29:41:d1:a2:cd:53:b0:da:50:df:68:12:
b9:94:6a:5f:32:6f:b5:bb:36:ab:15:81:8d:51:99:bf:4b:5d:
ee:10:7b:24:bf:87:50:97:94:b4:fe:ad:dc:61:8e:a9:49:a2:
04:ad:7f:35:a0:4b:0f:ab:7a:a8:86:33:60:e8:12:09:fe:66:
d5:61:da:a7:69:61:85:26:28:92:39:3a:0c:ec:5c:f8:62:bb:
b5:72:8d:1f:44:ef:64:0a:4b:e9:af:cd:6a:29:5f:ec:f5:82:
45:d9:6f:57:2f:ce:51:a4:f9:2c:0e:02:dd:d5:a1:51:ef:45:
6b:d7:93:55:c6:e0:e1:95:46:b0:7b:fa:cd:05:4b:d9:57:3b:
c6:0b:d7:f4:51:7b:cd:19:cf:6e:a7:22:05:b7:cf:a8:50:c9:
20:6f:be:48:85:40:46:61:0f:40:5b:31:49:af:d6:fb:9a:95:
52:d4:88:1b
$ openssl x509 -in test.pem -text -noout
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
2d:fb:a1:be:00:e2:96:99:34:a8:b7:5b:90:c9:85:5d
Signature Algorithm: sha1WithRSAEncryption
Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at https://www.verisign.com/rpa (c)06, CN=VeriSign Class 3 Extended Validation SSL SGC CA
Validity
Not Before: Aug 27 00:00:00 2013 GMT
Not After : Nov 26 23:59:59 2014 GMT
Subject: 1.3.6.1.4.1.311.60.2.1.3=CL/businessCategory=Private Organization/serialNumber=97036000-K, C=CL, ST=Santiago, L=Santiago, O=Banco Santander Chile, OU=Comercio Electronico, OU=Terms of use at www.verisign.com/rpa (c)05, CN=www.santander.cl
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (2048 bit)
Modulus:
00:af:25:f4:cd:20:3c:ed:6c:e6:83:3e:13:1b:c0:
98:f8:57:2f:57:01:08:bf:22:df:78:22:5a:37:ea:
16:f9:e4:8f:fa:2a:4b:37:2d:57:37:11:8c:29:db:
e5:06:ba:05:56:f6:0b:3f:ee:55:98:69:41:85:a0:
12:df:5d:9f:09:30:26:7b:70:4b:88:51:05:a5:36:
2e:69:c8:28:14:2e:2d:be:7a:13:07:01:9f:eb:23:
ea:52:11:6b:72:3f:4e:ba:1d:33:b1:8c:f5:d4:e7:
51:f5:f8:5b:86:06:6f:04:02:37:63:b4:6d:e6:a9:
4b:34:c4:05:36:8c:7c:e9:f0:71:84:ef:92:38:72:
b9:8e:b2:a4:9a:ca:a6:95:da:73:ce:bd:c8:f9:0c:
b4:a6:88:c9:e3:b9:a3:34:09:4c:55:3b:ad:ce:5f:
2d:35:47:9c:e9:4d:3b:c4:02:1c:22:6b:16:4a:f3:
50:2a:86:b2:bc:bd:08:fd:cb:f8:f7:80:c5:86:55:
e6:59:e4:c8:79:ba:36:e3:c6:a4:d4:f9:8f:15:20:
89:bc:71:64:ab:b4:7c:9e:28:f1:42:f8:16:46:55:
97:09:de:a9:78:58:27:22:aa:60:a7:88:64:03:fb:
4f:8d:36:01:52:11:47:48:d2:82:2b:de:08:3a:ee:
f0:89
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Alternative Name:
DNS:www.santander.cl
X509v3 Basic Constraints:
CA:FALSE
X509v3 Key Usage: critical
Digital Signature, Key Encipherment
X509v3 Certificate Policies:
Policy: 2.16.840.1.113733.1.7.23.6
CPS: https://www.verisign.com/cps
X509v3 CRL Distribution Points:
Full Name:
URI:http://EVIntl-crl.verisign.com/EVIntl2006.crl
X509v3 Extended Key Usage:
TLS Web Server Authentication, TLS Web Client Authentication, Netscape Server Gated Crypto
X509v3 Authority Key Identifier:
keyid:4E:43:C8:1D:76:EF:37:53:7A:4F:F2:58:6F:94:F3:38:E2:D5:BD:DF
Authority Information Access:
OCSP - URI:http://ocsp.verisign.com
CA Issuers - URI:http://EVIntl-aia.verisign.com/EVIntl2006.cer
Signature Algorithm: sha1WithRSAEncryption
5b:77:fb:a5:82:d8:fa:cc:84:b5:5c:48:86:fc:ea:ad:2b:cb:
0f:9e:6e:3b:e6:e5:4a:52:d7:c6:f1:fd:f9:47:a2:2b:b7:32:
95:4d:bf:74:99:9d:8e:30:3b:71:74:00:3d:59:d5:50:7a:08:
be:de:2b:d1:69:89:9f:fc:28:e8:2d:28:04:1b:33:fe:20:52:
84:bd:7a:ad:5b:30:29:41:d1:a2:cd:53:b0:da:50:df:68:12:
b9:94:6a:5f:32:6f:b5:bb:36:ab:15:81:8d:51:99:bf:4b:5d:
ee:10:7b:24:bf:87:50:97:94:b4:fe:ad:dc:61:8e:a9:49:a2:
04:ad:7f:35:a0:4b:0f:ab:7a:a8:86:33:60:e8:12:09:fe:66:
d5:61:da:a7:69:61:85:26:28:92:39:3a:0c:ec:5c:f8:62:bb:
b5:72:8d:1f:44:ef:64:0a:4b:e9:af:cd:6a:29:5f:ec:f5:82:
45:d9:6f:57:2f:ce:51:a4:f9:2c:0e:02:dd:d5:a1:51:ef:45:
6b:d7:93:55:c6:e0:e1:95:46:b0:7b:fa:cd:05:4b:d9:57:3b:
c6:0b:d7:f4:51:7b:cd:19:cf:6e:a7:22:05:b7:cf:a8:50:c9:
20:6f:be:48:85:40:46:61:0f:40:5b:31:49:af:d6:fb:9a:95:
52:d4:88:1b