Please note, that this is an old archived version of this site. Check out the new version at andunix.net!

Differences

This shows you the differences between two versions of the page.

--- info:cryptography:openssl:debug_server_certificate_from_client [2013-02-18 14:03]
andunix created
+++ info:cryptography:openssl:debug_server_certificate_from_client [2013-02-18 14:28]
andunix
@@ Line 4: / Line 4: @@
   openssl s_client -showcerts -connect www.andunix.org:443
+Informations about the used arguments from the OpenSSL man page:
   * ''[[http://www.openssl.org/docs/apps/s_client.html|s_client]]'': SSL/TLS client program
@@ Line 9: / Line 11: @@
   * ''[[http://www.openssl.org/docs/apps/s_client.html#item__connect|-connect www.andunix.org:443]]'': This specifies the host and optional port to connect to. If not specified then an attempt is made to connect to the local host on port 4433.
-{{tag>cryptography howto guide openssl security}}
+===== Example Output =====
+<file>
+$ openssl s_client -showcerts -connect www.andunix.org:443
+CONNECTED(00000003)
+depth=1 C = GB, ST = Greater Manchester, L = Salford, O = COMODO CA Limited, CN = PositiveSSL CA 2
+verify error:num=20:unable to get local issuer certificate
+verify return:0
+---
+Certificate chain
+s:/OU=Domain Control Validated/OU=PositiveSSL/CN=www.andunix.org
+   i:/C=GB/ST=Greater Manchester/L=Salford/O=COMODO CA Limited/CN=PositiveSSL CA 2
+-----BEGIN CERTIFICATE-----
+MIIE8DCCA9igAwIBAgIRAPBMbvSICG85nIWOa0SqUaAwDQYJKoZIhvcNAQEFBQAw
+czELMAkGA1UEBhMCR0IxGzAZBgNVBAgTEkdyZWF0ZXIgTWFuY2hlc3RlcjEQMA4G
+A1UEBxMHU2FsZm9yZDEaMBgGA1UEChMRQ09NT0RPIENBIExpbWl0ZWQxGTAXBgNV
+BAMTEFBvc2l0aXZlU1NMIENBIDIwHhcNMTIwNDEyMDAwMDAwWhcNMTMwNDEyMjM1
+OTU5WjBTMSEwHwYDVQQLExhEb21haW4gQ29udHJvbCBWYWxpZGF0ZWQxFDASBgNV
+BAsTC1Bvc2l0aXZlU1NMMRgwFgYDVQQDEw93d3cuYW5kdW5peC5vcmcwggEiMA0G
+CSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCbENEM3SA15NEYlV1O3FObqPmApGWz
+LTdxC4fclAv6MvS0aoyQHIgDu48V3N1MHEf9NtH+42WGjAk+2LfpVrjZP39T4jU8
+EBZFoQ3BW029QanzyuIeEu5dsfYZjrQOR5SGitLNltX22htxLllC7sXmBnyo/qy5
+e21pssNphJTgY6y+cEjLK9dY2EVWR7YqRsrNPVHW1jdFtmo64EiDgy6QJf1dHWAq
+pgCx7DkOUlQYY2Tlqs350uTOSA3F2xl06rxa/ZJf31YmtlzslWeLjE9Wqz86WJqq
+JCfLgEYQkKd9E1eE7rF+fzrGLw4mHPI/FXneV+LSeBNdmIWnMniz6MBPAgMBAAGj
+ggGdMIIBmTAfBgNVHSMEGDAWgBSZ5EBfaxRePgXZ3dNjVPxiuPcArDAdBgNVHQ4E
+FgQUqxmo78/xO8WVRVV77QGTS5DpRs0wDgYDVR0PAQH/BAQDAgWgMAwGA1UdEwEB
+/wQCMAAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMEYGA1UdIAQ/MD0w
+OwYLKwYBBAGyMQECAgcwLDAqBggrBgEFBQcCARYeaHR0cDovL3d3dy5wb3NpdGl2
+ZXNzbC5jb20vQ1BTMDsGA1UdHwQ0MDIwMKAuoCyGKmh0dHA6Ly9jcmwuY29tb2Rv
+Y2EuY29tL1Bvc2l0aXZlU1NMQ0EyLmNybDBsBggrBgEFBQcBAQRgMF4wNgYIKwYB
+BQUHMAKGKmh0dHA6Ly9jcnQuY29tb2RvY2EuY29tL1Bvc2l0aXZlU1NMQ0EyLmNy
+dDAkBggrBgEFBQcwAYYYaHR0cDovL29jc3AuY29tb2RvY2EuY29tMCcGA1UdEQQg
+MB6CD3d3dy5hbmR1bml4Lm9yZ4ILYW5kdW5peC5vcmcwDQYJKoZIhvcNAQEFBQAD
+ggEBADYDC8t6otr/UG0wOEnDHl1d6msZYWPPdvCDSvG66jfNAoUvRWYELRwiG1Ri
+zPMOcvlYvA98/euRKC2eTwOIlVdVYagfnZliSamB2spEpDGAmF/I6dxjY1Bde6/U
+foYFzhuL+bcK+9bkLEZ+ESwhIjufKVk3jE6W5DphSNgrz8ry2DhPX5S/9jcIGLw
+ES5diR047vTrGOpM3L7ucu/tpCHt0GInbOZL8F3sNpFl4WNWEaz+cbn8Ovl1QO7l
+qsbjP9TMdzCxxHfjegYSzN+yCcYc32p34FebI3itg02mMo8kbOJPrVDMvSEG987Y
+rywmHqh0/OojR6piV4THiLh5Dkk=
+-----END CERTIFICATE-----
+s:/C=GB/ST=Greater Manchester/L=Salford/O=COMODO CA Limited/CN=PositiveSSL CA 2
+   i:/C=SE/O=AddTrust AB/OU=AddTrust External TTP Network/CN=AddTrust External CA Root
+-----BEGIN CERTIFICATE-----
+MIIE5TCCA82gAwIBAgIQB28SRoFFnCjVSNaXxA4AGzANBgkqhkiG9w0BAQUFADBv
+MQswCQYDVQQGEwJTRTEUMBIGA1UEChMLQWRkVHJ1c3QgQUIxJjAkBgNVBAsTHUFk
+ZFRydXN0IEV4dGVybmFsIFRUUCBOZXR3b3JrMSIwIAYDVQQDExlBZGRUcnVzdCBF
+eHRlcm5hbCBDQSBSb290MB4XDTEyMDIxNjAwMDAwMFoXDTIwMDUzMDEwNDgzOFow
+czELMAkGA1UEBhMCR0IxGzAZBgNVBAgTEkdyZWF0ZXIgTWFuY2hlc3RlcjEQMA4G
+A1UEBxMHU2FsZm9yZDEaMBgGA1UEChMRQ09NT0RPIENBIExpbWl0ZWQxGTAXBgNV
+BAMTEFBvc2l0aXZlU1NMIENBIDIwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK
+AoIBAQDo6jnjIqaqucQA0OeqZztDB71Pkuu8vgGjQK3g70QotdA6voBUF4V6a4Rs
+NjbloyTi/igBkLzX3Q+5K05IdwVpr95XMLHo+xoD9jxbUx6hAUlocnPWMytDqTcy
+Ug+uJ1YxMGCtyb1zLDnukNh1sCUhYHsqfwL9goUfdE+SNHNcHQCgsMDqmOK+ARRY
+FygiinddUCXNmmym5QzlqyjDsiCJ8AckHpXCLsDl6ez2PRIHSD3SwyNWQezT3zVL
+yOf2hgVSEEOajBd8i6q8eODwRTusgFX+KJPhChFo9FJXb/5IC1tdGmpnc5mCtJ5D
+YD7HWyoSbhruyzmuwzWdqLxdsC/DAgMBAAGjggF3MIIBczAfBgNVHSMEGDAWgBSt
+vZh6NLQm9/rEJlTvA73gJMtUGjAdBgNVHQ4EFgQUmeRAX2sUXj4F2d3TY1T8Yrj3
+AKwwDgYDVR0PAQH/BAQDAgEGMBIGA1UdEwEB/wQIMAYBAf8CAQAwEQYDVR0gBAow
+CDAGBgRVHSAAMEQGA1UdHwQ9MDswOaA3oDWGM2h0dHA6Ly9jcmwudXNlcnRydXN0
+LmNvbS9BZGRUcnVzdEV4dGVybmFsQ0FSb290LmNybDCBswYIKwYBBQUHAQEEgaYw
+gaMwPwYIKwYBBQUHMAKGM2h0dHA6Ly9jcnQudXNlcnRydXN0LmNvbS9BZGRUcnVz
+dEV4dGVybmFsQ0FSb290LnA3YzA5BggrBgEFBQcwAoYtaHR0cDovL2NydC51c2Vy
+dHJ1c3QuY29tL0FkZFRydXN0VVROU0dDQ0EuY3J0MCUGCCsGAQUFBzABhhlodHRw
+Oi8vb2NzcC51c2VydHJ1c3QuY29tMA0GCSqGSIb3DQEBBQUAA4IBAQCcNuNOrvGK
+u2yXjI9LZ9Cf2ISqnyFfNaFbxCtjDei8d12nxDf9Sy2e6B1pocCEzNFti/OBy59L
+dLBJKjHoN0DrH9mXoxoR1Sanbg+61b4s/bSRZNy+OxlQDXqV8wQTqbtHD4tc0azC
+e3chUN1bq+70ptjUSlNrTa24yOfmUlhNQ0zCoiNPDsAgOa/fT0JbHtMJ9BgJWSrZ
+EoYvzL7+i1ki4fKWyvouAt+vhcSxwOCKa9Yr4WEXT0K3yNRw82vEL+AaXeRCk/l
+uuGtm87fM04wO+mPZn+C+mv626PAcwDj1hKvTfIPWhRRH224hoFiB85ccsJP81cq
+cdnUl4XmGFO3
+-----END CERTIFICATE-----
+---
+Server certificate
+subject=/OU=Domain Control Validated/OU=PositiveSSL/CN=www.andunix.org
+issuer=/C=GB/ST=Greater Manchester/L=Salford/O=COMODO CA Limited/CN=PositiveSSL CA 2
+---
+No client certificate CA names sent
+---
+SSL handshake has read 3406 bytes and written 424 bytes
+---
+New, TLSv1/SSLv3, Cipher is DHE-RSA-AES256-SHA
+Server public key is 2048 bit
+Secure Renegotiation IS supported
+Compression: NONE
+Expansion: NONE
+SSL-Session:
+    Protocol  : TLSv1
+    Cipher    : DHE-RSA-AES256-SHA
+    Session-ID: ECA71114A5C89F2F592E5090BEE66086FC3E728BC3EB9778E139F76ECF6760F3
+    Session-ID-ctx:
+    Master-Key: 627C22D26C87648687449536C4888198E6383072C03DE3EB19DDC593D4F297AD1FE1118C1C7230C17C7C4C340CBCA803
+    Key-Arg   : None
+    PSK identity: None
+    PSK identity hint: None
+    SRP username: None
+    TLS session ticket:
+- 69 f0 2c c3 30 7a 5e a6-0a 06 24 4f 8f 1d e2 46   i.,.0z^...$O...F
+- 7c 6d e6 d6 36 03 73 63-80 26 03 3b d9 77 c3 94   |m..6.sc.&.;.w..
+- bb 5f df 12 a4 3e e5 f9-f1 10 54 20 84 53 36 bb   ._...>....T .S6.
+- 95 2a 9d 26 01 d8 1f dc-98 e0 9b 8a 9f a3 69 57   .*.&..........iW
+- 22 35 0d f0 a0 66 d8 69-44 7c f8 ce fa 30 52 06   "5...f.iD|...0R.
+- 23 2b b9 97 a8 15 f4 3e-b9 e0 ea 50 20 11 4a 09   #+.....>...P .J.
+- b9 4b c6 b8 fd 0f d5 5c-63 ad 29 be 60 78 08 f7   .K.....\c.).`x..
+- 43 b6 4d c0 0e ce d4 3d-ca 2d 8c 9c d3 56 04 26   C.M....=.-...V.&
+- 61 cf 53 b5 0e d9 2c 75-6a 59 bb fd 7e ef b3 c3   a.S...,ujY..~...
+- ed 4f ff 97 08 92 9f 1c-35 9f 14 d0 b6 ec 02 97   .O......5.......
+a0 - 4f 2f 6d 96 4c 63 97 e0-39 bb a3 23 4f ce 04 bf   O/m.Lc..9..#O...
+b0 - cc a2 b3 5e 7f 9c d3 24-db de 32 0d 55 5a 00 07   ...^...$..2.UZ..
+    Start Time: 1361195274
+    Timeout   : 300 (sec)
+    Verify return code: 20 (unable to get local issuer certificate)
+---
+^C
+</file>
+{{tag>cryptography howto openssl security}}

andunix.net

User Tools

Site Tools

Differences

Page Tools