andunix.net

User Tools

Site Tools

You are here: andunix.net » Infos » Cryptography » OpenSSL » Debug Server Certificate from Client
Trace:
info:cryptography:openssl:debug_server_certificate_from_client
Please note, that this is an old archived version of this site. Check out the new version at andunix.net!

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Next revision 		Previous revision
info:cryptography:openssl:debug_server_certificate_from_client [2013-02-18 14:03]
andunix created 		info:cryptography:openssl:debug_server_certificate_from_client [2014-04-28 08:07] (current)
andunix
Line 3: Line 3:
 Credit for this example goes to "[[http://langui.sh/2009/03/14/checking-a-remote-certificate-chain-with-openssl/| Checking A Remote Certificate Chain With OpenSSL]]" from [[http://langui.sh/|langui.sh]]. Credit for this example goes to "[[http://langui.sh/2009/03/14/checking-a-remote-certificate-chain-with-openssl/| Checking A Remote Certificate Chain With OpenSSL]]" from [[http://langui.sh/|langui.sh]].
  
-  openssl s_client -showcerts -connect www.andunix.org:443+  openssl s_client -showcerts -connect www.andunix.net:443 
 + 
 +Informations about the used arguments from the OpenSSL man page:
  
   * ''[[http://www.openssl.org/docs/apps/s_client.html|s_client]]'': SSL/TLS client program   * ''[[http://www.openssl.org/docs/apps/s_client.html|s_client]]'': SSL/TLS client program
   * ''[[http://www.openssl.org/docs/apps/s_client.html#item__showcerts|-showcerts]]'': display the whole server certificate chain: normally only the server certificate itself is displayed.   * ''[[http://www.openssl.org/docs/apps/s_client.html#item__showcerts|-showcerts]]'': display the whole server certificate chain: normally only the server certificate itself is displayed.
-  * ''[[http://www.openssl.org/docs/apps/s_client.html#item__connect|-connect www.andunix.org:443]]'': This specifies the host and optional port to connect to. If not specified then an attempt is made to connect to the local host on port 4433.+  * ''[[http://www.openssl.org/docs/apps/s_client.html#item__connect|-connect www.andunix.net:443]]'': This specifies the host and optional port to connect to. If not specified then an attempt is made to connect to the local host on port 443. 
 + 
 +===== Example Output ===== 
 + 
 +<file> 
 +$ openssl s_client -showcerts -connect www.andunix.net:443 
 +CONNECTED(00000003) 
 +depth=1 C = GB, ST = Greater Manchester, L = Salford, O = COMODO CA Limited, CN = PositiveSSL CA 2 
 +verify error:num=20:unable to get local issuer certificate 
 +verify return:0 
 +--- 
 +Certificate chain 
 + 0 s:/OU=Domain Control Validated/OU=PositiveSSL/CN=www.andunix.net 
 +   i:/C=GB/ST=Greater Manchester/L=Salford/O=COMODO CA Limited/CN=PositiveSSL CA 2 
 +-----BEGIN CERTIFICATE----- 
 +MIIE+jCCA+KgAwIBAgIRAMcY2QMjFj4GndFjFpXVm+0wDQYJKoZIhvcNAQEFBQAw 
 +czELMAkGA1UEBhMCR0IxGzAZBgNVBAgTEkdyZWF0ZXIgTWFuY2hlc3RlcjEQMA4G 
 +A1UEBxMHU2FsZm9yZDEaMBgGA1UEChMRQ09NT0RPIENBIExpbWl0ZWQxGTAXBgNV 
 +BAMTEFBvc2l0aXZlU1NMIENBIDIwHhcNMTMxMDA4MDAwMDAwWhcNMTQxMDA4MjM1 
 +OTU5WjBTMSEwHwYDVQQLExhEb21haW4gQ29udHJvbCBWYWxpZGF0ZWQxFDASBgNV 
 +BAsTC1Bvc2l0aXZlU1NMMRgwFgYDVQQDEw93d3cuYW5kdW5peC5uZXQwggEiMA0G 
 +CSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDtJusPIYfOy5Y9W/izrGQn3N2hq2NV 
 +UBSbLfoz779vWYIg7eBaEC7YUlS9kGUxEnTlOm5J5pBNbeuajJxjKmBH47at3G2j 
 +5Sd2+CHfqAvhbSFMkX0T5OiFiXmqyXLQMxXw6lqYm7ceo4ozr/5SLGishZeOU8Gw 
 +O23231khOMPtR3SUlvk0524VmVV94wr4wJWFQ/C33WGv688cAoZsxtJp5MCs0/av 
 +1kpiYUwiBrIaKfD38j4X2xU2HZ3ITi7dxO6PDGekkhGakPTWH0VBrzHcbOBEEy3Z 
 +louCqoUs8ji6HX3O9QV56xZwLKnL0CEDZ7vZp8joMP1d5Qza5XMD2koDAgMBAAGj 
 +ggGnMIIBozAfBgNVHSMEGDAWgBSZ5EBfaxRePgXZ3dNjVPxiuPcArDAdBgNVHQ4E 
 +FgQUkpRXtIfUe+4i2AJaUrbBVhR0kVgwDgYDVR0PAQH/BAQDAgWgMAwGA1UdEwEB 
 +/wQCMAAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMFAGA1UdIARJMEcw 
 +OwYLKwYBBAGyMQECAgcwLDAqBggrBgEFBQcCARYeaHR0cDovL3d3dy5wb3NpdGl2 
 +ZXNzbC5jb20vQ1BTMAgGBmeBDAECATA7BgNVHR8ENDAyMDCgLqAshipodHRwOi8v 
 +Y3JsLmNvbW9kb2NhLmNvbS9Qb3NpdGl2ZVNTTENBMi5jcmwwbAYIKwYBBQUHAQEE 
 +YDBeMDYGCCsGAQUFBzAChipodHRwOi8vY3J0LmNvbW9kb2NhLmNvbS9Qb3NpdGl2 
 +ZVNTTENBMi5jcnQwJAYIKwYBBQUHMAGGGGh0dHA6Ly9vY3NwLmNvbW9kb2NhLmNv 
 +bTAnBgNVHREEIDAegg93d3cuYW5kdW5peC5uZXSCC2FuZHVuaXgubmV0MA0GCSqG 
 +SIb3DQEBBQUAA4IBAQDGbm9yfDQSYgq8reAv//2wV5JvGdeNsrKfb4PLDzWQhaEx 
 +YHBMBnrO9BPZkt+GACDASmeFc6QSJMB7dfYwmp6Be6KoJDQ6bPjA1kZNzQyUejEo 
 +FeFuU4X+dAKy/bjvQkKzeXdhc3luFQ0IuqRYITIKYP2q/rPhl72qmBl5IQSOT6iC 
 +9aBgdPMZRVwOawy9OADrIrqEYfyoEykTk6gi/Z3bq0G3s4FjlZf5vOJ5TGl3sz/
 +xJCu3pzT1bWPbn+nS04SwyKAsuKK89YwiwY+XwPB4eII3H7XXllQWvwsyRCM+YVM 
 +TJuq31OGofW/TongbIlFUbaEpSts2OfQnjE1kxdA 
 +-----END CERTIFICATE----- 
 + 1 s:/C=GB/ST=Greater Manchester/L=Salford/O=COMODO CA Limited/CN=PositiveSSL CA 2 
 +   i:/C=SE/O=AddTrust AB/OU=AddTrust External TTP Network/CN=AddTrust External CA Root 
 +-----BEGIN CERTIFICATE----- 
 +MIIE5TCCA82gAwIBAgIQB28SRoFFnCjVSNaXxA4AGzANBgkqhkiG9w0BAQUFADBv 
 +MQswCQYDVQQGEwJTRTEUMBIGA1UEChMLQWRkVHJ1c3QgQUIxJjAkBgNVBAsTHUFk 
 +ZFRydXN0IEV4dGVybmFsIFRUUCBOZXR3b3JrMSIwIAYDVQQDExlBZGRUcnVzdCBF 
 +eHRlcm5hbCBDQSBSb290MB4XDTEyMDIxNjAwMDAwMFoXDTIwMDUzMDEwNDgzOFow 
 +czELMAkGA1UEBhMCR0IxGzAZBgNVBAgTEkdyZWF0ZXIgTWFuY2hlc3RlcjEQMA4G 
 +A1UEBxMHU2FsZm9yZDEaMBgGA1UEChMRQ09NT0RPIENBIExpbWl0ZWQxGTAXBgNV 
 +BAMTEFBvc2l0aXZlU1NMIENBIDIwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK 
 +AoIBAQDo6jnjIqaqucQA0OeqZztDB71Pkuu8vgGjQK3g70QotdA6voBUF4V6a4Rs 
 +NjbloyTi/igBkLzX3Q+5K05IdwVpr95XMLHo+xoD9jxbUx6hAUlocnPWMytDqTcy 
 +Ug+uJ1YxMGCtyb1zLDnukNh1sCUhYHsqfwL9goUfdE+SNHNcHQCgsMDqmOK+ARRY 
 +FygiinddUCXNmmym5QzlqyjDsiCJ8AckHpXCLsDl6ez2PRIHSD3SwyNWQezT3zVL 
 +yOf2hgVSEEOajBd8i6q8eODwRTusgFX+KJPhChFo9FJXb/5IC1tdGmpnc5mCtJ5D 
 +YD7HWyoSbhruyzmuwzWdqLxdsC/DAgMBAAGjggF3MIIBczAfBgNVHSMEGDAWgBSt 
 +vZh6NLQm9/rEJlTvA73gJMtUGjAdBgNVHQ4EFgQUmeRAX2sUXj4F2d3TY1T8Yrj3 
 +AKwwDgYDVR0PAQH/BAQDAgEGMBIGA1UdEwEB/wQIMAYBAf8CAQAwEQYDVR0gBAow 
 +CDAGBgRVHSAAMEQGA1UdHwQ9MDswOaA3oDWGM2h0dHA6Ly9jcmwudXNlcnRydXN0 
 +LmNvbS9BZGRUcnVzdEV4dGVybmFsQ0FSb290LmNybDCBswYIKwYBBQUHAQEEgaYw 
 +gaMwPwYIKwYBBQUHMAKGM2h0dHA6Ly9jcnQudXNlcnRydXN0LmNvbS9BZGRUcnVz 
 +dEV4dGVybmFsQ0FSb290LnA3YzA5BggrBgEFBQcwAoYtaHR0cDovL2NydC51c2Vy 
 +dHJ1c3QuY29tL0FkZFRydXN0VVROU0dDQ0EuY3J0MCUGCCsGAQUFBzABhhlodHRw 
 +Oi8vb2NzcC51c2VydHJ1c3QuY29tMA0GCSqGSIb3DQEBBQUAA4IBAQCcNuNOrvGK 
 +u2yXjI9LZ9Cf2ISqnyFfNaFbxCtjDei8d12nxDf9Sy2e6B1pocCEzNFti/OBy59L 
 +dLBJKjHoN0DrH9mXoxoR1Sanbg+61b4s/bSRZNy+OxlQDXqV8wQTqbtHD4tc0azC 
 +e3chUN1bq+70ptjUSlNrTa24yOfmUlhNQ0zCoiNPDsAgOa/fT0JbHtMJ9BgJWSrZ 
 +6EoYvzL7+i1ki4fKWyvouAt+vhcSxwOCKa9Yr4WEXT0K3yNRw82vEL+AaXeRCk/
 +uuGtm87fM04wO+mPZn+C+mv626PAcwDj1hKvTfIPWhRRH224hoFiB85ccsJP81cq 
 +cdnUl4XmGFO3 
 +-----END CERTIFICATE----- 
 +--- 
 +Server certificate 
 +subject=/OU=Domain Control Validated/OU=PositiveSSL/CN=www.andunix.net 
 +issuer=/C=GB/ST=Greater Manchester/L=Salford/O=COMODO CA Limited/CN=PositiveSSL CA 2 
 +--- 
 +No client certificate CA names sent 
 +--- 
 +SSL handshake has read 3229 bytes and written 443 bytes 
 +--- 
 +New, TLSv1/SSLv3, Cipher is ECDHE-RSA-AES256-GCM-SHA384 
 +Server public key is 2048 bit 
 +Secure Renegotiation IS supported 
 +Compression: NONE 
 +Expansion: NONE 
 +SSL-Session: 
 +    Protocol  : TLSv1.2 
 +    Cipher    : ECDHE-RSA-AES256-GCM-SHA384 
 +    Session-ID: 9B356D595A9E2F7330136DB12E1CE20CCFAC3490563E358B9A5C833B46552A67 
 +    Session-ID-ctx:  
 +    Master-Key: C9BFCE43302AD337656D867BC6D253BFD034B59E942F7A53012E4CEC5EE3615C34B75571C934E58D96C10DEC47A071B3 
 +    Key-Arg   : None 
 +    PSK identity: None 
 +    PSK identity hint: None 
 +    SRP username: None 
 +    TLS session ticket lifetime hint: 300 (seconds) 
 +    TLS session ticket: 
 +    0000 - a0 74 cd da 9f 5c f5 b1-ca ea 52 c0 55 5c a0 6c   .t...\....R.U\.l 
 +    0010 - 48 02 bc aa bf 50 52 7b-ab 40 9b 02 d1 da 54 44   H....PR{.@....TD 
 +    0020 - 3d 5c aa 8d ff 00 41 ce-32 84 ee ca 51 15 c7 38   =\....A.2...Q..8 
 +    0030 - 72 b8 84 14 b9 be 9e 08-54 30 30 ff 3a ec b6 fa   r.......T00.:... 
 +    0040 - 23 45 d5 5b 05 14 45 8c-ab 96 bd d9 ab 84 80 65   #E.[..E........e 
 +    0050 - b5 91 cc 25 ca 7a c9 89-64 7e 87 5e 47 e6 42 b8   ...%.z..d~.^G.B. 
 +    0060 - f8 33 9f d0 da b7 92 bf-62 ff 3b 40 a7 e4 fe 61   .3......b.;@...a 
 +    0070 - 7f 72 7c 82 19 32 d0 95-aa d0 60 1d 40 ac e2 55   .r|..2....`.@..U 
 +    0080 - f4 66 a5 01 8b 66 09 ee-9c 10 6f be 7f cd 37 c2   .f...f....o...7. 
 +    0090 - 41 c7 fa 7b f9 55 ea e3-4c 8d 33 58 1e 30 90 bc   A..{.U..L.3X.0.. 
 +    00a0 - 9b 60 8a be 7b 86 e3 13-ee de 77 fb c3 9e 7a 3c   .`..{.....w...z< 
 +    00b0 - d9 cb 46 94 a3 92 76 8a-b8 b4 de 18 c6 d0 8b 82   ..F...v......... 
 + 
 +    Start Time: 1398672406 
 +    Timeout   : 300 (sec) 
 +    Verify return code: 20 (unable to get local issuer certificate) 
 +--- 
 +^C 
 +</file>
  
-{{tag>cryptography howto guide openssl security}}+{{tag>cryptography howto openssl security}}
info/cryptography/openssl/debug_server_certificate_from_client.1361196190.txt.gz · Last modified: 2013-02-18 14:03 by andunix

Page Tools

Except where otherwise noted, content on this wiki is licensed under the following license: CC Attribution 4.0 International
CC Attribution 4.0 International Donate Powered by PHP Valid HTML5 Valid CSS Driven by DokuWiki