andunix.net

User Tools

Site Tools

You are here: andunix.net » Infos » Cryptography » OpenSSL » Debug Server Certificate from Client
Trace: Debug Server Certificate from Client

Sidebar

andunix Infos

Tags

add-on admin android blogging certificate cli coding config country cryptography css database debian design device documentation drupal howto iso java javascript linux list mac mozilla mysql network opensolaris openssl oracle osx programming project reference script scripting security shell solaris sql ssh standard sysadmin tool topic travian virtualbox web webdesign wlan
info:cryptography:openssl:debug_server_certificate_from_client
Please note, that this is an old archived version of this site. Check out the new version at andunix.net!

Debug Server Certificate from Client

Credit for this example goes to “ Checking A Remote Certificate Chain With OpenSSL” from langui.sh. 

openssl s_client -showcerts -connect www.andunix.net:443

Informations about the used arguments from the OpenSSL man page:

  • s_client: SSL/TLS client program
  • -showcerts: display the whole server certificate chain: normally only the server certificate itself is displayed.
  • -connect www.andunix.net:443: This specifies the host and optional port to connect to. If not specified then an attempt is made to connect to the local host on port 443.

Example Output

$ openssl s_client -showcerts -connect www.andunix.net:443
CONNECTED(00000003)
depth=1 C = GB, ST = Greater Manchester, L = Salford, O = COMODO CA Limited, CN = PositiveSSL CA 2
verify error:num=20:unable to get local issuer certificate
verify return:0
---
Certificate chain
 0 s:/OU=Domain Control Validated/OU=PositiveSSL/CN=www.andunix.net
   i:/C=GB/ST=Greater Manchester/L=Salford/O=COMODO CA Limited/CN=PositiveSSL CA 2
-----BEGIN CERTIFICATE-----
MIIE+jCCA+KgAwIBAgIRAMcY2QMjFj4GndFjFpXVm+0wDQYJKoZIhvcNAQEFBQAw
czELMAkGA1UEBhMCR0IxGzAZBgNVBAgTEkdyZWF0ZXIgTWFuY2hlc3RlcjEQMA4G
A1UEBxMHU2FsZm9yZDEaMBgGA1UEChMRQ09NT0RPIENBIExpbWl0ZWQxGTAXBgNV
BAMTEFBvc2l0aXZlU1NMIENBIDIwHhcNMTMxMDA4MDAwMDAwWhcNMTQxMDA4MjM1
OTU5WjBTMSEwHwYDVQQLExhEb21haW4gQ29udHJvbCBWYWxpZGF0ZWQxFDASBgNV
BAsTC1Bvc2l0aXZlU1NMMRgwFgYDVQQDEw93d3cuYW5kdW5peC5uZXQwggEiMA0G
CSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDtJusPIYfOy5Y9W/izrGQn3N2hq2NV
UBSbLfoz779vWYIg7eBaEC7YUlS9kGUxEnTlOm5J5pBNbeuajJxjKmBH47at3G2j
5Sd2+CHfqAvhbSFMkX0T5OiFiXmqyXLQMxXw6lqYm7ceo4ozr/5SLGishZeOU8Gw
O23231khOMPtR3SUlvk0524VmVV94wr4wJWFQ/C33WGv688cAoZsxtJp5MCs0/av
1kpiYUwiBrIaKfD38j4X2xU2HZ3ITi7dxO6PDGekkhGakPTWH0VBrzHcbOBEEy3Z
louCqoUs8ji6HX3O9QV56xZwLKnL0CEDZ7vZp8joMP1d5Qza5XMD2koDAgMBAAGj
ggGnMIIBozAfBgNVHSMEGDAWgBSZ5EBfaxRePgXZ3dNjVPxiuPcArDAdBgNVHQ4E
FgQUkpRXtIfUe+4i2AJaUrbBVhR0kVgwDgYDVR0PAQH/BAQDAgWgMAwGA1UdEwEB
/wQCMAAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMFAGA1UdIARJMEcw
OwYLKwYBBAGyMQECAgcwLDAqBggrBgEFBQcCARYeaHR0cDovL3d3dy5wb3NpdGl2
ZXNzbC5jb20vQ1BTMAgGBmeBDAECATA7BgNVHR8ENDAyMDCgLqAshipodHRwOi8v
Y3JsLmNvbW9kb2NhLmNvbS9Qb3NpdGl2ZVNTTENBMi5jcmwwbAYIKwYBBQUHAQEE
YDBeMDYGCCsGAQUFBzAChipodHRwOi8vY3J0LmNvbW9kb2NhLmNvbS9Qb3NpdGl2
ZVNTTENBMi5jcnQwJAYIKwYBBQUHMAGGGGh0dHA6Ly9vY3NwLmNvbW9kb2NhLmNv
bTAnBgNVHREEIDAegg93d3cuYW5kdW5peC5uZXSCC2FuZHVuaXgubmV0MA0GCSqG
SIb3DQEBBQUAA4IBAQDGbm9yfDQSYgq8reAv//2wV5JvGdeNsrKfb4PLDzWQhaEx
YHBMBnrO9BPZkt+GACDASmeFc6QSJMB7dfYwmp6Be6KoJDQ6bPjA1kZNzQyUejEo
FeFuU4X+dAKy/bjvQkKzeXdhc3luFQ0IuqRYITIKYP2q/rPhl72qmBl5IQSOT6iC
9aBgdPMZRVwOawy9OADrIrqEYfyoEykTk6gi/Z3bq0G3s4FjlZf5vOJ5TGl3sz/x
xJCu3pzT1bWPbn+nS04SwyKAsuKK89YwiwY+XwPB4eII3H7XXllQWvwsyRCM+YVM
TJuq31OGofW/TongbIlFUbaEpSts2OfQnjE1kxdA
-----END CERTIFICATE-----
 1 s:/C=GB/ST=Greater Manchester/L=Salford/O=COMODO CA Limited/CN=PositiveSSL CA 2
   i:/C=SE/O=AddTrust AB/OU=AddTrust External TTP Network/CN=AddTrust External CA Root
-----BEGIN CERTIFICATE-----
MIIE5TCCA82gAwIBAgIQB28SRoFFnCjVSNaXxA4AGzANBgkqhkiG9w0BAQUFADBv
MQswCQYDVQQGEwJTRTEUMBIGA1UEChMLQWRkVHJ1c3QgQUIxJjAkBgNVBAsTHUFk
ZFRydXN0IEV4dGVybmFsIFRUUCBOZXR3b3JrMSIwIAYDVQQDExlBZGRUcnVzdCBF
eHRlcm5hbCBDQSBSb290MB4XDTEyMDIxNjAwMDAwMFoXDTIwMDUzMDEwNDgzOFow
czELMAkGA1UEBhMCR0IxGzAZBgNVBAgTEkdyZWF0ZXIgTWFuY2hlc3RlcjEQMA4G
A1UEBxMHU2FsZm9yZDEaMBgGA1UEChMRQ09NT0RPIENBIExpbWl0ZWQxGTAXBgNV
BAMTEFBvc2l0aXZlU1NMIENBIDIwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK
AoIBAQDo6jnjIqaqucQA0OeqZztDB71Pkuu8vgGjQK3g70QotdA6voBUF4V6a4Rs
NjbloyTi/igBkLzX3Q+5K05IdwVpr95XMLHo+xoD9jxbUx6hAUlocnPWMytDqTcy
Ug+uJ1YxMGCtyb1zLDnukNh1sCUhYHsqfwL9goUfdE+SNHNcHQCgsMDqmOK+ARRY
FygiinddUCXNmmym5QzlqyjDsiCJ8AckHpXCLsDl6ez2PRIHSD3SwyNWQezT3zVL
yOf2hgVSEEOajBd8i6q8eODwRTusgFX+KJPhChFo9FJXb/5IC1tdGmpnc5mCtJ5D
YD7HWyoSbhruyzmuwzWdqLxdsC/DAgMBAAGjggF3MIIBczAfBgNVHSMEGDAWgBSt
vZh6NLQm9/rEJlTvA73gJMtUGjAdBgNVHQ4EFgQUmeRAX2sUXj4F2d3TY1T8Yrj3
AKwwDgYDVR0PAQH/BAQDAgEGMBIGA1UdEwEB/wQIMAYBAf8CAQAwEQYDVR0gBAow
CDAGBgRVHSAAMEQGA1UdHwQ9MDswOaA3oDWGM2h0dHA6Ly9jcmwudXNlcnRydXN0
LmNvbS9BZGRUcnVzdEV4dGVybmFsQ0FSb290LmNybDCBswYIKwYBBQUHAQEEgaYw
gaMwPwYIKwYBBQUHMAKGM2h0dHA6Ly9jcnQudXNlcnRydXN0LmNvbS9BZGRUcnVz
dEV4dGVybmFsQ0FSb290LnA3YzA5BggrBgEFBQcwAoYtaHR0cDovL2NydC51c2Vy
dHJ1c3QuY29tL0FkZFRydXN0VVROU0dDQ0EuY3J0MCUGCCsGAQUFBzABhhlodHRw
Oi8vb2NzcC51c2VydHJ1c3QuY29tMA0GCSqGSIb3DQEBBQUAA4IBAQCcNuNOrvGK
u2yXjI9LZ9Cf2ISqnyFfNaFbxCtjDei8d12nxDf9Sy2e6B1pocCEzNFti/OBy59L
dLBJKjHoN0DrH9mXoxoR1Sanbg+61b4s/bSRZNy+OxlQDXqV8wQTqbtHD4tc0azC
e3chUN1bq+70ptjUSlNrTa24yOfmUlhNQ0zCoiNPDsAgOa/fT0JbHtMJ9BgJWSrZ
6EoYvzL7+i1ki4fKWyvouAt+vhcSxwOCKa9Yr4WEXT0K3yNRw82vEL+AaXeRCk/l
uuGtm87fM04wO+mPZn+C+mv626PAcwDj1hKvTfIPWhRRH224hoFiB85ccsJP81cq
cdnUl4XmGFO3
-----END CERTIFICATE-----
---
Server certificate
subject=/OU=Domain Control Validated/OU=PositiveSSL/CN=www.andunix.net
issuer=/C=GB/ST=Greater Manchester/L=Salford/O=COMODO CA Limited/CN=PositiveSSL CA 2
---
No client certificate CA names sent
---
SSL handshake has read 3229 bytes and written 443 bytes
---
New, TLSv1/SSLv3, Cipher is ECDHE-RSA-AES256-GCM-SHA384
Server public key is 2048 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
SSL-Session:
    Protocol  : TLSv1.2
    Cipher    : ECDHE-RSA-AES256-GCM-SHA384
    Session-ID: 9B356D595A9E2F7330136DB12E1CE20CCFAC3490563E358B9A5C833B46552A67
    Session-ID-ctx: 
    Master-Key: C9BFCE43302AD337656D867BC6D253BFD034B59E942F7A53012E4CEC5EE3615C34B75571C934E58D96C10DEC47A071B3
    Key-Arg   : None
    PSK identity: None
    PSK identity hint: None
    SRP username: None
    TLS session ticket lifetime hint: 300 (seconds)
    TLS session ticket:
    0000 - a0 74 cd da 9f 5c f5 b1-ca ea 52 c0 55 5c a0 6c   .t...\....R.U\.l
    0010 - 48 02 bc aa bf 50 52 7b-ab 40 9b 02 d1 da 54 44   H....PR{.@....TD
    0020 - 3d 5c aa 8d ff 00 41 ce-32 84 ee ca 51 15 c7 38   =\....A.2...Q..8
    0030 - 72 b8 84 14 b9 be 9e 08-54 30 30 ff 3a ec b6 fa   r.......T00.:...
    0040 - 23 45 d5 5b 05 14 45 8c-ab 96 bd d9 ab 84 80 65   #E.[..E........e
    0050 - b5 91 cc 25 ca 7a c9 89-64 7e 87 5e 47 e6 42 b8   ...%.z..d~.^G.B.
    0060 - f8 33 9f d0 da b7 92 bf-62 ff 3b 40 a7 e4 fe 61   .3......b.;@...a
    0070 - 7f 72 7c 82 19 32 d0 95-aa d0 60 1d 40 ac e2 55   .r|..2....`.@..U
    0080 - f4 66 a5 01 8b 66 09 ee-9c 10 6f be 7f cd 37 c2   .f...f....o...7.
    0090 - 41 c7 fa 7b f9 55 ea e3-4c 8d 33 58 1e 30 90 bc   A..{.U..L.3X.0..
    00a0 - 9b 60 8a be 7b 86 e3 13-ee de 77 fb c3 9e 7a 3c   .`..{.....w...z<
    00b0 - d9 cb 46 94 a3 92 76 8a-b8 b4 de 18 c6 d0 8b 82   ..F...v.........

    Start Time: 1398672406
    Timeout   : 300 (sec)
    Verify return code: 20 (unable to get local issuer certificate)
---
^C
, , ,
info/cryptography/openssl/debug_server_certificate_from_client.txt · Last modified: 2014-04-28 08:07 by andunix

Page Tools

Except where otherwise noted, content on this wiki is licensed under the following license: CC Attribution 4.0 International
CC Attribution 4.0 International Donate Powered by PHP Valid HTML5 Valid CSS Driven by DokuWiki