andunix.net

User Tools

Site Tools

You are here: andunix.net » Infos » Cryptography » OpenSSL » Debug Server Certificate from Client
Trace: Debug Server Certificate from Client

Sidebar

andunix Infos

Tags

add-on admin android blogging certificate cli coding config country cryptography css database debian design device documentation drupal howto iso java javascript linux list mac mozilla mysql network opensolaris openssl oracle osx programming project reference script scripting security shell solaris sql ssh standard sysadmin tool topic travian virtualbox web webdesign wlan
info:cryptography:openssl:debug_server_certificate_from_client
Please note, that this is an old archived version of this site. Check out the new version at andunix.net!

This is an old revision of the document!

Debug Server Certificate from Client

Credit for this example goes to “ Checking A Remote Certificate Chain With OpenSSL” from langui.sh. 

openssl s_client -showcerts -connect www.andunix.org:443
  • s_client: SSL/TLS client program
  • -showcerts: display the whole server certificate chain: normally only the server certificate itself is displayed.
  • -connect www.andunix.org:443: This specifies the host and optional port to connect to. If not specified then an attempt is made to connect to the local host on port 4433.

Example Output

$ openssl s_client -showcerts -connect www.andunix.org:443
CONNECTED(00000003)
depth=1 C = GB, ST = Greater Manchester, L = Salford, O = COMODO CA Limited, CN = PositiveSSL CA 2
verify error:num=20:unable to get local issuer certificate
verify return:0
---
Certificate chain
 0 s:/OU=Domain Control Validated/OU=PositiveSSL/CN=www.andunix.org
   i:/C=GB/ST=Greater Manchester/L=Salford/O=COMODO CA Limited/CN=PositiveSSL CA 2
-----BEGIN CERTIFICATE-----
MIIE8DCCA9igAwIBAgIRAPBMbvSICG85nIWOa0SqUaAwDQYJKoZIhvcNAQEFBQAw
czELMAkGA1UEBhMCR0IxGzAZBgNVBAgTEkdyZWF0ZXIgTWFuY2hlc3RlcjEQMA4G
A1UEBxMHU2FsZm9yZDEaMBgGA1UEChMRQ09NT0RPIENBIExpbWl0ZWQxGTAXBgNV
BAMTEFBvc2l0aXZlU1NMIENBIDIwHhcNMTIwNDEyMDAwMDAwWhcNMTMwNDEyMjM1
OTU5WjBTMSEwHwYDVQQLExhEb21haW4gQ29udHJvbCBWYWxpZGF0ZWQxFDASBgNV
BAsTC1Bvc2l0aXZlU1NMMRgwFgYDVQQDEw93d3cuYW5kdW5peC5vcmcwggEiMA0G
CSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCbENEM3SA15NEYlV1O3FObqPmApGWz
LTdxC4fclAv6MvS0aoyQHIgDu48V3N1MHEf9NtH+42WGjAk+2LfpVrjZP39T4jU8
EBZFoQ3BW029QanzyuIeEu5dsfYZjrQOR5SGitLNltX22htxLllC7sXmBnyo/qy5
e21pssNphJTgY6y+cEjLK9dY2EVWR7YqRsrNPVHW1jdFtmo64EiDgy6QJf1dHWAq
pgCx7DkOUlQYY2Tlqs350uTOSA3F2xl06rxa/ZJf31YmtlzslWeLjE9Wqz86WJqq
JCfLgEYQkKd9E1eE7rF+fzrGLw4mHPI/FXneV+LSeBNdmIWnMniz6MBPAgMBAAGj
ggGdMIIBmTAfBgNVHSMEGDAWgBSZ5EBfaxRePgXZ3dNjVPxiuPcArDAdBgNVHQ4E
FgQUqxmo78/xO8WVRVV77QGTS5DpRs0wDgYDVR0PAQH/BAQDAgWgMAwGA1UdEwEB
/wQCMAAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMEYGA1UdIAQ/MD0w
OwYLKwYBBAGyMQECAgcwLDAqBggrBgEFBQcCARYeaHR0cDovL3d3dy5wb3NpdGl2
ZXNzbC5jb20vQ1BTMDsGA1UdHwQ0MDIwMKAuoCyGKmh0dHA6Ly9jcmwuY29tb2Rv
Y2EuY29tL1Bvc2l0aXZlU1NMQ0EyLmNybDBsBggrBgEFBQcBAQRgMF4wNgYIKwYB
BQUHMAKGKmh0dHA6Ly9jcnQuY29tb2RvY2EuY29tL1Bvc2l0aXZlU1NMQ0EyLmNy
dDAkBggrBgEFBQcwAYYYaHR0cDovL29jc3AuY29tb2RvY2EuY29tMCcGA1UdEQQg
MB6CD3d3dy5hbmR1bml4Lm9yZ4ILYW5kdW5peC5vcmcwDQYJKoZIhvcNAQEFBQAD
ggEBADYDC8t6otr/UG0wOEnDHl1d6msZYWPPdvCDSvG66jfNAoUvRWYELRwiG1Ri
zPMOcvlYvA98/euRKC2eTwOIlVdVYagfnZliSamB2spEpDGAmF/I6dxjY1Bde6/U
3foYFzhuL+bcK+9bkLEZ+ESwhIjufKVk3jE6W5DphSNgrz8ry2DhPX5S/9jcIGLw
ES5diR047vTrGOpM3L7ucu/tpCHt0GInbOZL8F3sNpFl4WNWEaz+cbn8Ovl1QO7l
qsbjP9TMdzCxxHfjegYSzN+yCcYc32p34FebI3itg02mMo8kbOJPrVDMvSEG987Y
rywmHqh0/OojR6piV4THiLh5Dkk=
-----END CERTIFICATE-----
 1 s:/C=GB/ST=Greater Manchester/L=Salford/O=COMODO CA Limited/CN=PositiveSSL CA 2
   i:/C=SE/O=AddTrust AB/OU=AddTrust External TTP Network/CN=AddTrust External CA Root
-----BEGIN CERTIFICATE-----
MIIE5TCCA82gAwIBAgIQB28SRoFFnCjVSNaXxA4AGzANBgkqhkiG9w0BAQUFADBv
MQswCQYDVQQGEwJTRTEUMBIGA1UEChMLQWRkVHJ1c3QgQUIxJjAkBgNVBAsTHUFk
ZFRydXN0IEV4dGVybmFsIFRUUCBOZXR3b3JrMSIwIAYDVQQDExlBZGRUcnVzdCBF
eHRlcm5hbCBDQSBSb290MB4XDTEyMDIxNjAwMDAwMFoXDTIwMDUzMDEwNDgzOFow
czELMAkGA1UEBhMCR0IxGzAZBgNVBAgTEkdyZWF0ZXIgTWFuY2hlc3RlcjEQMA4G
A1UEBxMHU2FsZm9yZDEaMBgGA1UEChMRQ09NT0RPIENBIExpbWl0ZWQxGTAXBgNV
BAMTEFBvc2l0aXZlU1NMIENBIDIwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK
AoIBAQDo6jnjIqaqucQA0OeqZztDB71Pkuu8vgGjQK3g70QotdA6voBUF4V6a4Rs
NjbloyTi/igBkLzX3Q+5K05IdwVpr95XMLHo+xoD9jxbUx6hAUlocnPWMytDqTcy
Ug+uJ1YxMGCtyb1zLDnukNh1sCUhYHsqfwL9goUfdE+SNHNcHQCgsMDqmOK+ARRY
FygiinddUCXNmmym5QzlqyjDsiCJ8AckHpXCLsDl6ez2PRIHSD3SwyNWQezT3zVL
yOf2hgVSEEOajBd8i6q8eODwRTusgFX+KJPhChFo9FJXb/5IC1tdGmpnc5mCtJ5D
YD7HWyoSbhruyzmuwzWdqLxdsC/DAgMBAAGjggF3MIIBczAfBgNVHSMEGDAWgBSt
vZh6NLQm9/rEJlTvA73gJMtUGjAdBgNVHQ4EFgQUmeRAX2sUXj4F2d3TY1T8Yrj3
AKwwDgYDVR0PAQH/BAQDAgEGMBIGA1UdEwEB/wQIMAYBAf8CAQAwEQYDVR0gBAow
CDAGBgRVHSAAMEQGA1UdHwQ9MDswOaA3oDWGM2h0dHA6Ly9jcmwudXNlcnRydXN0
LmNvbS9BZGRUcnVzdEV4dGVybmFsQ0FSb290LmNybDCBswYIKwYBBQUHAQEEgaYw
gaMwPwYIKwYBBQUHMAKGM2h0dHA6Ly9jcnQudXNlcnRydXN0LmNvbS9BZGRUcnVz
dEV4dGVybmFsQ0FSb290LnA3YzA5BggrBgEFBQcwAoYtaHR0cDovL2NydC51c2Vy
dHJ1c3QuY29tL0FkZFRydXN0VVROU0dDQ0EuY3J0MCUGCCsGAQUFBzABhhlodHRw
Oi8vb2NzcC51c2VydHJ1c3QuY29tMA0GCSqGSIb3DQEBBQUAA4IBAQCcNuNOrvGK
u2yXjI9LZ9Cf2ISqnyFfNaFbxCtjDei8d12nxDf9Sy2e6B1pocCEzNFti/OBy59L
dLBJKjHoN0DrH9mXoxoR1Sanbg+61b4s/bSRZNy+OxlQDXqV8wQTqbtHD4tc0azC
e3chUN1bq+70ptjUSlNrTa24yOfmUlhNQ0zCoiNPDsAgOa/fT0JbHtMJ9BgJWSrZ
6EoYvzL7+i1ki4fKWyvouAt+vhcSxwOCKa9Yr4WEXT0K3yNRw82vEL+AaXeRCk/l
uuGtm87fM04wO+mPZn+C+mv626PAcwDj1hKvTfIPWhRRH224hoFiB85ccsJP81cq
cdnUl4XmGFO3
-----END CERTIFICATE-----
---
Server certificate
subject=/OU=Domain Control Validated/OU=PositiveSSL/CN=www.andunix.org
issuer=/C=GB/ST=Greater Manchester/L=Salford/O=COMODO CA Limited/CN=PositiveSSL CA 2
---
No client certificate CA names sent
---
SSL handshake has read 3406 bytes and written 424 bytes
---
New, TLSv1/SSLv3, Cipher is DHE-RSA-AES256-SHA
Server public key is 2048 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
SSL-Session:
    Protocol  : TLSv1
    Cipher    : DHE-RSA-AES256-SHA
    Session-ID: ECA71114A5C89F2F592E5090BEE66086FC3E728BC3EB9778E139F76ECF6760F3
    Session-ID-ctx: 
    Master-Key: 627C22D26C87648687449536C4888198E6383072C03DE3EB19DDC593D4F297AD1FE1118C1C7230C17C7C4C340CBCA803
    Key-Arg   : None
    PSK identity: None
    PSK identity hint: None
    SRP username: None
    TLS session ticket:
    0000 - 69 f0 2c c3 30 7a 5e a6-0a 06 24 4f 8f 1d e2 46   i.,.0z^...$O...F
    0010 - 7c 6d e6 d6 36 03 73 63-80 26 03 3b d9 77 c3 94   |m..6.sc.&.;.w..
    0020 - bb 5f df 12 a4 3e e5 f9-f1 10 54 20 84 53 36 bb   ._...>....T .S6.
    0030 - 95 2a 9d 26 01 d8 1f dc-98 e0 9b 8a 9f a3 69 57   .*.&..........iW
    0040 - 22 35 0d f0 a0 66 d8 69-44 7c f8 ce fa 30 52 06   "5...f.iD|...0R.
    0050 - 23 2b b9 97 a8 15 f4 3e-b9 e0 ea 50 20 11 4a 09   #+.....>...P .J.
    0060 - b9 4b c6 b8 fd 0f d5 5c-63 ad 29 be 60 78 08 f7   .K.....\c.).`x..
    0070 - 43 b6 4d c0 0e ce d4 3d-ca 2d 8c 9c d3 56 04 26   C.M....=.-...V.&
    0080 - 61 cf 53 b5 0e d9 2c 75-6a 59 bb fd 7e ef b3 c3   a.S...,ujY..~...
    0090 - ed 4f ff 97 08 92 9f 1c-35 9f 14 d0 b6 ec 02 97   .O......5.......
    00a0 - 4f 2f 6d 96 4c 63 97 e0-39 bb a3 23 4f ce 04 bf   O/m.Lc..9..#O...
    00b0 - cc a2 b3 5e 7f 9c d3 24-db de 32 0d 55 5a 00 07   ...^...$..2.UZ..

    Start Time: 1361195274
    Timeout   : 300 (sec)
    Verify return code: 20 (unable to get local issuer certificate)
---
^C
, , , ,
info/cryptography/openssl/debug_server_certificate_from_client.1361196275.txt.gz · Last modified: 2013-02-18 14:04 by andunix

Page Tools

Except where otherwise noted, content on this wiki is licensed under the following license: CC Attribution 4.0 International
CC Attribution 4.0 International Donate Powered by PHP Valid HTML5 Valid CSS Driven by DokuWiki