Stargate Logo

Question ? Is there a way to easily check a valid ssl connection ?  

 The easyest way would be to go on it with a web-browser.
However - openssl provides a very nice tool for handling exactly this. Check out the options of:
openssl s_client -connect [IP Address]:PORT

$ openssl s_client -connect www.microsoft.com:443
CONNECTED(00000003)
depth=2 /CN=Microsoft Internet Authority
verify error:num=20:unable to get local issuer certificate
verify return:0
---
Certificate chain
 0 s:/C=US/ST=washington/L=Redmond/O=Microsoft/OU=mscom/CN=www.microsoft.com
   i:/DC=com/DC=microsoft/DC=corp/DC=redmond/CN=Microsoft Secure Server Authority
 1 s:/DC=com/DC=microsoft/DC=corp/DC=redmond/CN=Microsoft Secure Server Authority
   i:/CN=Microsoft Internet Authority
 2 s:/CN=Microsoft Internet Authority
   i:/C=US/O=GTE Corporation/OU=GTE CyberTrust Solutions, Inc./CN=GTE CyberTrust Global Root
---
Server certificate
-----BEGIN CERTIFICATE-----
MIIGJjCCBQ6gAwIBAgIKPuTDHAAEAACvkDANBgkqhkiG9w0BAQUFADCBizETMBEG
CgmSJomT8ixkARkWA2NvbTEZMBcGCgmSJomT8ixkARkWCW1pY3Jvc29mdDEUMBIG
CgmSJomT8ixkARkWBGNvcnAxFzAVBgoJkiaJk/IsZAEZFgdyZWRtb25kMSowKAYD
VQQDEyFNaWNyb3NvZnQgU2VjdXJlIFNlcnZlciBBdXRob3JpdHkwHhcNMDgwMjEy
MTgyNTE4WhcNMDkwMjExMTgyNTE4WjB0MQswCQYDVQQGEwJVUzETMBEGA1UECBMK
d2FzaGluZ3RvbjEQMA4GA1UEBxMHUmVkbW9uZDESMBAGA1UEChMJTWljcm9zb2Z0
MQ4wDAYDVQQLEwVtc2NvbTEaMBgGA1UEAxMRd3d3Lm1pY3Jvc29mdC5jb20wgZ8w
DQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBALbG21smSr8rN+qJ5al2ml5BaPlBnyuK
gN6KOS8TGTde496kil72zBF70sgRhQCERNNAiH0XaNWbDSqXcoxySOQhhW4PJ9P3
OfSNQMBbG+8tVFsyk12cZZSQGK7iE6Wy1mAvsbZ0K1iCvg5DceSDRgc7sggKcVi5
ZyS4wRwIlgI1AgMBAAGjggMkMIIDIDALBgNVHQ8EBAMCBaAwHQYDVR0lBBYwFAYI
KwYBBQUHAwIGCCsGAQUFBwMBMHgGCSqGSIb3DQEJDwRrMGkwDgYIKoZIhvcNAwIC
AgCAMA4GCCqGSIb3DQMEAgIAgDALBglghkgBZQMEASowCwYJYIZIAWUDBAEtMAsG
CWCGSAFlAwQBAjALBglghkgBZQMEAQUwBwYFKw4DAgcwCgYIKoZIhvcNAwcwHQYD
VR0OBBYEFIfqPJz0gndqvXIFZOP8H0+b2XKBMB8GA1UdIwQYMBaAFJmPpfcegW/6
ecLwFj+yVLEIaEdVMIIBCgYDVR0fBIIBATCB/jCB+6CB+KCB9YZYaHR0cDovL21z
Y3JsLm1pY3Jvc29mdC5jb20vcGtpL21zY29ycC9jcmwvTWljcm9zb2Z0JTIwU2Vj
dXJlJTIwU2VydmVyJTIwQXV0aG9yaXR5KDQpLmNybIZWaHR0cDovL2NybC5taWNy
b3NvZnQuY29tL3BraS9tc2NvcnAvY3JsL01pY3Jvc29mdCUyMFNlY3VyZSUyMFNl
cnZlciUyMEF1dGhvcml0eSg0KS5jcmyGQWh0dHA6Ly9jb3JwcGtpL2NybC9NaWNy
b3NvZnQlMjBTZWN1cmUlMjBTZXJ2ZXIlMjBBdXRob3JpdHkoNCkuY3JsMIG/Bggr
BgEFBQcBAQSBsjCBrzBeBggrBgEFBQcwAoZSaHR0cDovL3d3dy5taWNyb3NvZnQu
Y29tL3BraS9tc2NvcnAvTWljcm9zb2Z0JTIwU2VjdXJlJTIwU2VydmVyJTIwQXV0
aG9yaXR5KDQpLmNydDBNBggrBgEFBQcwAoZBaHR0cDovL2NvcnBwa2kvYWlhL01p
Y3Jvc29mdCUyMFNlY3VyZSUyMFNlcnZlciUyMEF1dGhvcml0eSg0KS5jcnQwPwYJ
KwYBBAGCNxUHBDIwMAYoKwYBBAGCNxUIg8+JTa3yAoWhnwyC+sp9geH7dIFPg8Lt
hQiOqdKFYwIBZAIBBTAnBgkrBgEEAYI3FQoEGjAYMAoGCCsGAQUFBwMCMAoGCCsG
AQUFBwMBMA0GCSqGSIb3DQEBBQUAA4IBAQAztULGfaAxeoGZbbViAVMtaPkMHaoN
wGzhw4ePcWqSvDKnl9yLpbAsl7T+w4bbeJotXCl89Ri+G4Mbfo3wzcDfStM66qcR
zGnEpiESh7cUZhUrxo+Iu+Ptn3pR/ub3uv8/WwF+KK6UUP+uhVMyxPT2LaGWgBSd
9/8qtngpMAbQVKnm4D8uQrcOa4Yqnjk6F2nNFCqd1Fl6yk5vxcfHD0YEcUNnC9SL
yBRmzNKsCh0d6rFaeLDBvkVjPZ7HQkWoJ/JdBBCLRvpE+1CGKVEmj69wK+n5uZ/Z
O46yGLxJwx62Vxdqno2D57R52VRx2c3ec5t5M2HUy6+K5W73BO0+hGKh
-----END CERTIFICATE-----
subject=/C=US/ST=washington/L=Redmond/O=Microsoft/OU=mscom/CN=www.microsoft.com
issuer=/DC=com/DC=microsoft/DC=corp/DC=redmond/CN=Microsoft Secure Server Authority
---
No client certificate CA names sent
---
SSL handshake has read 4078 bytes and written 316 bytes
---
New, TLSv1/SSLv3, Cipher is AES128-SHA
Server public key is 1024 bit
Compression: NONE
Expansion: NONE
SSL-Session:
    Protocol  : TLSv1
    Cipher    : AES128-SHA
    Session-ID: 860400006196E94CAEE25E39784C3F1BC2906EDEF26C047F91CB4C6FAB7CC313
    Session-ID-ctx:
    Master-Key: FE88DF3710EE1DBE6A69F841178D9612C7FD24F3B693CBED4FAD0B3866E88DE728F90D8228DB2A3A909A80FA5CDE7F54
    Key-Arg   : None
    Start Time: 1206022615
    Timeout   : 300 (sec)
    Verify return code: 20 (unable to get local issuer certificate)
---

After that - you can get the data as wanted, b.e. GET / HTTP/1.0 with 2xENTER.

here are also options like -no_tls1 and -no_ssl2 that let you specify which version of SSL/TLS that you want to connect with. The -showcerts and -debug options are also very nice - especially if some issue exist with the certificate.  

Entered by smurphy on Thursday, 20 March 2008 @ 15:18:12  
Cryptography stuff - Common Linux problems, # Hits: 85651

This page was issued from the Stargate Website:


The URL for this page is:
/mod.php?mod=faq&op=view&faq_id=130


  Close