andunix.net

User Tools

Site Tools

You are here: andunix.net » Infos » Cryptography » OpenSSL » Debug Server Certificate from Client
Trace:
info:cryptography:openssl:debug_server_certificate_from_client
Please note, that this is an old archived version of this site. Check out the new version at andunix.net!

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
info:cryptography:openssl:debug_server_certificate_from_client [2013-02-18 14:28]
andunix 		info:cryptography:openssl:debug_server_certificate_from_client [2014-04-28 08:07] (current)
andunix
Line 3: Line 3:
 Credit for this example goes to "[[http://langui.sh/2009/03/14/checking-a-remote-certificate-chain-with-openssl/| Checking A Remote Certificate Chain With OpenSSL]]" from [[http://langui.sh/|langui.sh]]. Credit for this example goes to "[[http://langui.sh/2009/03/14/checking-a-remote-certificate-chain-with-openssl/| Checking A Remote Certificate Chain With OpenSSL]]" from [[http://langui.sh/|langui.sh]].
  
-  openssl s_client -showcerts -connect www.andunix.org:443+  openssl s_client -showcerts -connect www.andunix.net:443
  
 Informations about the used arguments from the OpenSSL man page: Informations about the used arguments from the OpenSSL man page:
Line 9: Line 9:
   * ''[[http://www.openssl.org/docs/apps/s_client.html|s_client]]'': SSL/TLS client program   * ''[[http://www.openssl.org/docs/apps/s_client.html|s_client]]'': SSL/TLS client program
   * ''[[http://www.openssl.org/docs/apps/s_client.html#item__showcerts|-showcerts]]'': display the whole server certificate chain: normally only the server certificate itself is displayed.   * ''[[http://www.openssl.org/docs/apps/s_client.html#item__showcerts|-showcerts]]'': display the whole server certificate chain: normally only the server certificate itself is displayed.
-  * ''[[http://www.openssl.org/docs/apps/s_client.html#item__connect|-connect www.andunix.org:443]]'': This specifies the host and optional port to connect to. If not specified then an attempt is made to connect to the local host on port 4433.+  * ''[[http://www.openssl.org/docs/apps/s_client.html#item__connect|-connect www.andunix.net:443]]'': This specifies the host and optional port to connect to. If not specified then an attempt is made to connect to the local host on port 443.
  
 ===== Example Output ===== ===== Example Output =====
  
 <file> <file>
-$ openssl s_client -showcerts -connect www.andunix.org:443+$ openssl s_client -showcerts -connect www.andunix.net:443
 CONNECTED(00000003) CONNECTED(00000003)
 depth=1 C = GB, ST = Greater Manchester, L = Salford, O = COMODO CA Limited, CN = PositiveSSL CA 2 depth=1 C = GB, ST = Greater Manchester, L = Salford, O = COMODO CA Limited, CN = PositiveSSL CA 2
Line 21: Line 21:
 --- ---
 Certificate chain Certificate chain
- 0 s:/OU=Domain Control Validated/OU=PositiveSSL/CN=www.andunix.org+ 0 s:/OU=Domain Control Validated/OU=PositiveSSL/CN=www.andunix.net
    i:/C=GB/ST=Greater Manchester/L=Salford/O=COMODO CA Limited/CN=PositiveSSL CA 2    i:/C=GB/ST=Greater Manchester/L=Salford/O=COMODO CA Limited/CN=PositiveSSL CA 2
 -----BEGIN CERTIFICATE----- -----BEGIN CERTIFICATE-----
-MIIE8DCCA9igAwIBAgIRAPBMbvSICG85nIWOa0SqUaAwDQYJKoZIhvcNAQEFBQAw+MIIE+jCCA+KgAwIBAgIRAMcY2QMjFj4GndFjFpXVm+0wDQYJKoZIhvcNAQEFBQAw
 czELMAkGA1UEBhMCR0IxGzAZBgNVBAgTEkdyZWF0ZXIgTWFuY2hlc3RlcjEQMA4G czELMAkGA1UEBhMCR0IxGzAZBgNVBAgTEkdyZWF0ZXIgTWFuY2hlc3RlcjEQMA4G
 A1UEBxMHU2FsZm9yZDEaMBgGA1UEChMRQ09NT0RPIENBIExpbWl0ZWQxGTAXBgNV A1UEBxMHU2FsZm9yZDEaMBgGA1UEChMRQ09NT0RPIENBIExpbWl0ZWQxGTAXBgNV
-BAMTEFBvc2l0aXZlU1NMIENBIDIwHhcNMTIwNDEyMDAwMDAwWhcNMTMwNDEyMjM1+BAMTEFBvc2l0aXZlU1NMIENBIDIwHhcNMTMxMDA4MDAwMDAwWhcNMTQxMDA4MjM1
 OTU5WjBTMSEwHwYDVQQLExhEb21haW4gQ29udHJvbCBWYWxpZGF0ZWQxFDASBgNV OTU5WjBTMSEwHwYDVQQLExhEb21haW4gQ29udHJvbCBWYWxpZGF0ZWQxFDASBgNV
-BAsTC1Bvc2l0aXZlU1NMMRgwFgYDVQQDEw93d3cuYW5kdW5peC5vcmcwggEiMA0G +BAsTC1Bvc2l0aXZlU1NMMRgwFgYDVQQDEw93d3cuYW5kdW5peC5uZXQwggEiMA0G 
-CSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCbENEM3SA15NEYlV1O3FObqPmApGWz +CSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDtJusPIYfOy5Y9W/izrGQn3N2hq2NV 
-LTdxC4fclAv6MvS0aoyQHIgDu48V3N1MHEf9NtH+42WGjAk+2LfpVrjZP39T4jU8 +UBSbLfoz779vWYIg7eBaEC7YUlS9kGUxEnTlOm5J5pBNbeuajJxjKmBH47at3G2j 
-EBZFoQ3BW029QanzyuIeEu5dsfYZjrQOR5SGitLNltX22htxLllC7sXmBnyo/qy5 +5Sd2+CHfqAvhbSFMkX0T5OiFiXmqyXLQMxXw6lqYm7ceo4ozr/5SLGishZeOU8Gw 
-e21pssNphJTgY6y+cEjLK9dY2EVWR7YqRsrNPVHW1jdFtmo64EiDgy6QJf1dHWAq +O23231khOMPtR3SUlvk0524VmVV94wr4wJWFQ/C33WGv688cAoZsxtJp5MCs0/av 
-pgCx7DkOUlQYY2Tlqs350uTOSA3F2xl06rxa/ZJf31YmtlzslWeLjE9Wqz86WJqq +1kpiYUwiBrIaKfD38j4X2xU2HZ3ITi7dxO6PDGekkhGakPTWH0VBrzHcbOBEEy3Z 
-JCfLgEYQkKd9E1eE7rF+fzrGLw4mHPI/FXneV+LSeBNdmIWnMniz6MBPAgMBAAGj +louCqoUs8ji6HX3O9QV56xZwLKnL0CEDZ7vZp8joMP1d5Qza5XMD2koDAgMBAAGj 
-ggGdMIIBmTAfBgNVHSMEGDAWgBSZ5EBfaxRePgXZ3dNjVPxiuPcArDAdBgNVHQ4E +ggGnMIIBozAfBgNVHSMEGDAWgBSZ5EBfaxRePgXZ3dNjVPxiuPcArDAdBgNVHQ4E 
-FgQUqxmo78/xO8WVRVV77QGTS5DpRs0wDgYDVR0PAQH/BAQDAgWgMAwGA1UdEwEB +FgQUkpRXtIfUe+4i2AJaUrbBVhR0kVgwDgYDVR0PAQH/BAQDAgWgMAwGA1UdEwEB 
-/wQCMAAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMEYGA1UdIAQ/MD0w+/wQCMAAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMFAGA1UdIARJMEcw
 OwYLKwYBBAGyMQECAgcwLDAqBggrBgEFBQcCARYeaHR0cDovL3d3dy5wb3NpdGl2 OwYLKwYBBAGyMQECAgcwLDAqBggrBgEFBQcCARYeaHR0cDovL3d3dy5wb3NpdGl2
-ZXNzbC5jb20vQ1BTMDsGA1UdHwQ0MDIwMKAuoCyGKmh0dHA6Ly9jcmwuY29tb2Rv +ZXNzbC5jb20vQ1BTMAgGBmeBDAECATA7BgNVHR8ENDAyMDCgLqAshipodHRwOi8v 
-Y2EuY29tL1Bvc2l0aXZlU1NMQ0EyLmNybDBsBggrBgEFBQcBAQRgMF4wNgYIKwYB +Y3JsLmNvbW9kb2NhLmNvbS9Qb3NpdGl2ZVNTTENBMi5jcmwwbAYIKwYBBQUHAQEE 
-BQUHMAKGKmh0dHA6Ly9jcnQuY29tb2RvY2EuY29tL1Bvc2l0aXZlU1NMQ0EyLmNy +YDBeMDYGCCsGAQUFBzAChipodHRwOi8vY3J0LmNvbW9kb2NhLmNvbS9Qb3NpdGl2 
-dDAkBggrBgEFBQcwAYYYaHR0cDovL29jc3AuY29tb2RvY2EuY29tMCcGA1UdEQQg +ZVNTTENBMi5jcnQwJAYIKwYBBQUHMAGGGGh0dHA6Ly9vY3NwLmNvbW9kb2NhLmNv 
-MB6CD3d3dy5hbmR1bml4Lm9yZ4ILYW5kdW5peC5vcmcwDQYJKoZIhvcNAQEFBQAD +bTAnBgNVHREEIDAegg93d3cuYW5kdW5peC5uZXSCC2FuZHVuaXgubmV0MA0GCSqG 
-ggEBADYDC8t6otr/UG0wOEnDHl1d6msZYWPPdvCDSvG66jfNAoUvRWYELRwiG1Ri +SIb3DQEBBQUAA4IBAQDGbm9yfDQSYgq8reAv//2wV5JvGdeNsrKfb4PLDzWQhaEx 
-zPMOcvlYvA98/euRKC2eTwOIlVdVYagfnZliSamB2spEpDGAmF/I6dxjY1Bde6/U +YHBMBnrO9BPZkt+GACDASmeFc6QSJMB7dfYwmp6Be6KoJDQ6bPjA1kZNzQyUejEo 
-3foYFzhuL+bcK+9bkLEZ+ESwhIjufKVk3jE6W5DphSNgrz8ry2DhPX5S/9jcIGLw +FeFuU4X+dAKy/bjvQkKzeXdhc3luFQ0IuqRYITIKYP2q/rPhl72qmBl5IQSOT6iC 
-ES5diR047vTrGOpM3L7ucu/tpCHt0GInbOZL8F3sNpFl4WNWEaz+cbn8Ovl1QO7l +9aBgdPMZRVwOawy9OADrIrqEYfyoEykTk6gi/Z3bq0G3s4FjlZf5vOJ5TGl3sz/x 
-qsbjP9TMdzCxxHfjegYSzN+yCcYc32p34FebI3itg02mMo8kbOJPrVDMvSEG987Y +xJCu3pzT1bWPbn+nS04SwyKAsuKK89YwiwY+XwPB4eII3H7XXllQWvwsyRCM+YVM 
-rywmHqh0/OojR6piV4THiLh5Dkk=+TJuq31OGofW/TongbIlFUbaEpSts2OfQnjE1kxdA
 -----END CERTIFICATE----- -----END CERTIFICATE-----
  1 s:/C=GB/ST=Greater Manchester/L=Salford/O=COMODO CA Limited/CN=PositiveSSL CA 2  1 s:/C=GB/ST=Greater Manchester/L=Salford/O=COMODO CA Limited/CN=PositiveSSL CA 2
Line 85: Line 85:
 --- ---
 Server certificate Server certificate
-subject=/OU=Domain Control Validated/OU=PositiveSSL/CN=www.andunix.org+subject=/OU=Domain Control Validated/OU=PositiveSSL/CN=www.andunix.net
 issuer=/C=GB/ST=Greater Manchester/L=Salford/O=COMODO CA Limited/CN=PositiveSSL CA 2 issuer=/C=GB/ST=Greater Manchester/L=Salford/O=COMODO CA Limited/CN=PositiveSSL CA 2
 --- ---
 No client certificate CA names sent No client certificate CA names sent
 --- ---
-SSL handshake has read 3406 bytes and written 424 bytes+SSL handshake has read 3229 bytes and written 443 bytes
 --- ---
-New, TLSv1/SSLv3, Cipher is DHE-RSA-AES256-SHA+New, TLSv1/SSLv3, Cipher is ECDHE-RSA-AES256-GCM-SHA384
 Server public key is 2048 bit Server public key is 2048 bit
 Secure Renegotiation IS supported Secure Renegotiation IS supported
Line 98: Line 98:
 Expansion: NONE Expansion: NONE
 SSL-Session: SSL-Session:
-    Protocol  : TLSv1 +    Protocol  : TLSv1.2 
-    Cipher    : DHE-RSA-AES256-SHA +    Cipher    : ECDHE-RSA-AES256-GCM-SHA384 
-    Session-ID: ECA71114A5C89F2F592E5090BEE66086FC3E728BC3EB9778E139F76ECF6760F3+    Session-ID: 9B356D595A9E2F7330136DB12E1CE20CCFAC3490563E358B9A5C833B46552A67
     Session-ID-ctx:      Session-ID-ctx: 
-    Master-Key: 627C22D26C87648687449536C4888198E6383072C03DE3EB19DDC593D4F297AD1FE1118C1C7230C17C7C4C340CBCA803+    Master-Key: C9BFCE43302AD337656D867BC6D253BFD034B59E942F7A53012E4CEC5EE3615C34B75571C934E58D96C10DEC47A071B3
     Key-Arg   : None     Key-Arg   : None
     PSK identity: None     PSK identity: None
     PSK identity hint: None     PSK identity hint: None
     SRP username: None     SRP username: None
 +    TLS session ticket lifetime hint: 300 (seconds)
     TLS session ticket:     TLS session ticket:
-    0000 - 69 f0 2c c3 30 7a 5e a6-0a 06 24 4f 8f 1d e2 46   i.,.0z^...$O...F +    0000 - a0 74 cd da 9f 5c f5 b1-ca ea 52 c0 55 5c a0 6c   .t...\....R.U\.l 
-    0010 - 7c 6d e6 d6 36 03 73 63-80 26 03 3b d9 77 c3 94   |m..6.sc.&.;.w.. +    0010 - 48 02 bc aa bf 50 52 7b-ab 40 9b 02 d1 da 54 44   H....PR{.@....TD 
-    0020 - bb 5f df 12 a4 3e e5 f9-f1 10 54 20 84 53 36 bb   ._...>.....S6+    0020 - 3d 5c aa 8d ff 00 41 ce-32 84 ee ca 51 15 c7 38   =\....A.2...Q..8 
-    0030 - 95 2a 9d 26 01 d8 1f dc-98 e0 9b 8a 9f a3 69 57   .*.&..........iW +    0030 - 72 b8 84 14 b9 be 9e 08-54 30 30 ff 3a ec b6 fa   r.......T00.:... 
-    0040 - 22 35 0d f0 a0 66 d8 69-44 7c f8 ce fa 30 52 06   "5...f.iD|...0R+    0040 - 23 45 d5 5b 05 14 45 8c-ab 96 bd d9 ab 84 80 65   #E.[..E........e 
-    0050 - 23 2b b9 97 a8 15 f4 3e-b9 e0 ea 50 20 11 4a 09   #+.....>...P .J+    0050 - b5 91 cc 25 ca 7a c9 89-64 7e 87 5e 47 e6 42 b8   ...%.z..d~.^G.B
-    0060 - b9 4b c6 b8 fd 0f d5 5c-63 ad 29 be 60 78 08 f7   .K.....\c.).`x.. +    0060 - f8 33 9f d0 da b7 92 bf-62 ff 3b 40 a7 e4 fe 61   .3......b.;@...a 
-    0070 - 43 b6 4d c0 0e ce d4 3d-ca 2d 8c 9c d3 56 04 26   C.M....=.-...V.& +    0070 - 7f 72 7c 82 19 32 d0 95-aa d0 60 1d 40 ac e2 55   .r|..2....`.@..U 
-    0080 - 61 cf 53 b5 0e d9 2c 75-6a 59 bb fd 7e ef b3 c3   a.S...,ujY..~... +    0080 - f4 66 a5 01 8b 66 09 ee-9c 10 6f be 7f cd 37 c2   .f...f....o...7
-    0090 - ed 4f ff 97 08 92 9f 1c-35 9f 14 d0 b6 ec 02 97   .O......5....... +    0090 - 41 c7 fa 7b f9 55 ea e3-4c 8d 33 58 1e 30 90 bc   A..{.U..L.3X.0.. 
-    00a0 - 4f 2f 6d 96 4c 63 97 e0-39 bb a3 23 4f ce 04 bf   O/m.Lc..9..#O... +    00a0 - 9b 60 8a be 7b 86 e3 13-ee de 77 fb c3 9e 7a 3c   .`..{.....w...z< 
-    00b0 - cc a2 b3 5e 7f 9c d3 24-db de 32 0d 55 5a 00 07   ...^...$..2.UZ..+    00b0 - d9 cb 46 94 a3 92 76 8a-b8 b4 de 18 c6 d0 8b 82   ..F...v.........
  
-    Start Time: 1361195274+    Start Time: 1398672406
     Timeout   : 300 (sec)     Timeout   : 300 (sec)
     Verify return code: 20 (unable to get local issuer certificate)     Verify return code: 20 (unable to get local issuer certificate)
info/cryptography/openssl/debug_server_certificate_from_client.1361197733.txt.gz · Last modified: 2013-02-18 14:28 by andunix

Page Tools

Except where otherwise noted, content on this wiki is licensed under the following license: CC Attribution 4.0 International
CC Attribution 4.0 International Donate Powered by PHP Valid HTML5 Valid CSS Driven by DokuWiki