Linux, FreeBSD, Juniper, Cisco / Network security articles and troubleshooting guides

FAQ
It is currently Wed May 24, 2017 1:08 pm


Tutorials applicable on more than one Unix/Linux OS and shell scripts: ssh / openssl / protocols.

Author Message
LaR3
  Post  Post subject: Openssl s_client command line: connect and diagnose an https server  |  Posted: Wed Aug 26, 2009 3:18 am

Joined: Mon Aug 03, 2009 4:55 pm
Posts: 19

Offline
 

Openssl s_client command line: connect and diagnose an https server

OpenSSL's s_client utility allows one to connect to secure servers that are using SSL/TLS encryption protocols.

Connecting and diagnosting an https server by command line using openssl: openssl s_client -connect yourserver.com:443 -ssl3
Code:
# openssl s_client -connect ivorde.ro:443 -ssl3
CONNECTED(00000003)
depth=0 /C=RO/ST=Bucharest/L=Bucharest/O=Ivorde/OU=test/CN=test.ivorde.ro/emailAddress=spam_pool@ivorde.ro
verify error:num=20:unable to get local issuer certificate
verify return:1
depth=0 /C=RO/ST=Bucharest/L=Bucharest/O=Ivorde/OU=test/CN=test.ivorde.ro/emailAddress=spam_pool@ivorde.ro
verify error:num=27:certificate not trusted
verify return:1
depth=0 /C=RO/ST=Bucharest/L=Bucharest/O=Ivorde/OU=test/CN=test.ivorde.ro/emailAddress=spam_pool@ivorde.ro
verify error:num=21:unable to verify the first certificate
verify return:1
---
Certificate chain
0 s:/C=RO/ST=Bucharest/L=Bucharest/O=Ivorde/OU=test/CN=test.ivorde.ro/emailAddress=spam_pool@ivorde.ro
   i:/C=RO/ST=Bucharest/O=Ivorde/OU=test/CN=test.ivorde.ro/emailAddress=spam_pool@ivorde.ro
---
Server certificate
-----BEGIN CERTIFICATE-----
MIIDFTCCAn6gAwIBAgIJAMi0v9PxvYDdMA0GCSqGSIb3DQEBBQUAMIGDMQswCQYD
VQQGEwJSTzESMBAGA1UECBMJQnVjaGFyZXN0MQ8wDQYDVQQKEwZJdm9yZGUxDTAL
BgNVBAsTBE1haWwxFzAVBgNVBAMTDm1haWwuaXZvcmRlLnJvMScwJQYJKoZIhvcN
AQkBFhhhbmRyZWkubWFuZXNjdUBpdm9yZGUucm8wHhcNMDkwNjAxMjAwMTI5WhcN
MTAwNjAxMjAwMTI5WjCBlzELMAkGA1UEBhMCUk8xEjAQBgNVBAgTCUJ1Y2hhcmVz
dDESMBAGA1UEBxMJQnVjaGFyZXN0MQ8wDQYDVQQKEwZJdm9yZGUxDTALBgNVBAsT
BE1haWwxFzAVBgNVBAMTDm1haWwuaXZvcmRlLnJvMScwJQYJKoZIhvcNAQkBFhhh
bmRyZWkubWFuZXNjdUBpdm9yZGUucm8wgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJ
AoGBALg85CF05u7QvedCdb4oy0+J5/hm8B+PFMgoTPq8cjrfah3zDbsnJaNQqKpY
CR8y2j9lHGvj5bpWCp3WA2h+S4xpzuxk9Thu1dA+DOY24MUXYZyVVJJxAg1CUB/D
ejMFA0oI2X4dyBwotPdp7KdTdgimJtvtrGFK8qRw7tNivL/rAgMBAAGjezB5MAkG
A1UdEwQCMAAwLAYJYIZIAYb4QgENBB8WHU9wZW5TU0wgR2VuZXJhdGVkIENlcnRp
ZmljYXRlMB0GA1UdDgQWBBQrnZWcLivne1c6dDhPPkcx4q6amDAfBgNVHSMEGDAW
gBRaCBD20l86o/ix/t3gDarAE36CEDANBgkqhkiG9w0BAQUFAAOBgQB3JEcQ7ugS
C26cVYVcEZiKRcCEoebWlThzOabLW0a+mrv6mHlo+P4fbQILD+bhVET319sXVcQQ
DgcRs7rkPgemrGVuVbkq7KV+kgtKTlJ2K1pgyWLQYgre9Cwi2RspR+NE9WC4n3jR
fNW1eB45wT92ipmmpR8LFfXcB4CSWayc4g==
-----END CERTIFICATE-----
subject=/C=RO/ST=Bucharest/L=Bucharest/O=Ivorde/OU=test/CN=test.ivorde.ro/emailAddress=spam_pool@ivorde.ro
issuer=/C=RO/ST=Bucharest/O=Ivorde/OU=test/CN=test.ivorde.ro/emailAddress=spam_pool@ivorde.ro
---
No client certificate CA names sent
---
SSL handshake has read 1341 bytes and written 314 bytes
---
New, TLSv1/SSLv3, Cipher is DHE-RSA-AES256-SHA
Server public key is 1024 bit
Compression: NONE
Expansion: NONE
SSL-Session:
    Protocol  : SSLv3
    Cipher    : DHE-RSA-AES256-SHA
    Session-ID:
    Session-ID-ctx:
    Master-Key: 672CD285300737D3D5C684ED125684415D7023119E4B2C6EF3A7CE2570F20E1E03CB600E09F66DE5A49A85635BD90849
    Key-Arg   : None
    Start Time: 1251270723
    Timeout   : 7200 (sec)
    Verify return code: 21 (unable to verify the first certificate)
---

Now that the HTTPS connection is established with your server, you can issue normal HTTP commands (as if you were in telnet) to diagnose your https server's problems.

_________________
Humble user
http://www.ivorde.ro





Top
Display posts from previous:  Sort by  
E-mail friendPrint view

Topics related to - "Openssl s_client command line: connect and diagnose an https server"
 Topics   Author   Replies   Views   Last post 
There are no new unread posts for this topic. Invalid command 'AddHandler', perhaps misspelled or defined by a module not included in the server..

debuser

0

2192

Thu Jul 22, 2010 2:30 pm

debuser View the latest post

There are no new unread posts for this topic. Invalid command 'Order', perhaps misspelled or defined by a module not included in the server config

debuser

0

1883

Tue Jan 12, 2010 7:25 am

debuser View the latest post

There are no new unread posts for this topic. How to list OpenSSL supported ciphers

mandrei99

0

748

Fri May 04, 2012 6:14 am

mandrei99 View the latest post

There are no new unread posts for this topic. Openssl: Commandline base64 string encoding

debuser

1

2692

Wed Nov 09, 2011 11:07 am

admin View the latest post

There are no new unread posts for this topic. Vi/Vim - Show line numbers in vi or vim

LaR3

0

427

Thu Oct 01, 2009 5:45 am

LaR3 View the latest post

There are no new unread posts for this topic. Converting ^M characters to Unix new line

debuser

0

314

Sun Jul 18, 2010 11:20 am

debuser View the latest post

There are no new unread posts for this topic. Linux - zip command to archive directory recursive

debuser

1

3808

Sat Aug 04, 2012 8:03 am

Harespok View the latest post

There are no new unread posts for this topic. How to check SSL ciphers used in a web server's configuration ciphersuites

mandrei99

1

8714

Fri May 04, 2012 6:28 am

mandrei99 View the latest post

There are no new unread posts for this topic. Using curl to get the HTTP response from an HTTP server

debuser

3

2165

Tue Dec 06, 2011 9:05 am

admin View the latest post

 

Who is online
Users browsing this forum: No registered users and 0 guests
You can post new topics in this forum
You can reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum
Jump to:  
News News Site map Site map SitemapIndex SitemapIndex RSS Feed RSS Feed Channel list Channel list


Delete all board cookies | The team | All times are UTC - 5 hours [ DST ]



phpBB SEO