Categories:
Android (13)
Apple Mac (29)
DH Keys (39)
DSA Keys (69)
EC Keys (563)
Firefox (31)
General (12)
Google Chrome (25)
Intermediate CA (152)
Java VM (33)
JDK Keytool (28)
Microsoft CertUtil (29)
Microsoft Edge (9)
Mozilla CertUtil (22)
OpenSSL (237)
Other (7)
Portecle (38)
Publishers (2687)
Revoked Certificates (30)
Root CA (89)
RSA Keys (2222)
Tools (46)
Tutorial (3)
What Is (22)
Windows (129)
Collections:
Other Resources:
OpenSSL "s_client -connect" - Show Server Certificate Chain
How to show all certificates in the server certificate chain using the OpenSSL "s_client -connect" command? I know the server uses multiple intermediate CA certificates.
✍: FYIcenter.com
You can get all certificates in the server certificate chain
if use "s_client -connect" with the "-showcerts" option
as shown below:
C:\Users\fyicenter>\local\openssl\openssl.exe s_client \ -connect www.twitter.com:443 -showcerts > twitter_chain.pem C:\Users\fyicenter>type twitter_chain.pem CONNECTED(00000160) --- Certificate chain 0 s:/1.3.6.1.4.1.311.60.2.1.3=US/1.3.6.1.4.1.311.60.2.1.2=Delaware/2.5.4... i:/C=US/O=VeriSign, Inc./OU=VeriSign Trust Network/OU=Terms of use at ... -----BEGIN CERTIFICATE----- MIIGfDCCBWSgAwIBAgIQHiLHN6ORXj+rZcS1pByuRjANBgkqhkiG9w0BAQUFADCB ujELMAkGA1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMR8wHQYDVQQL ExZWZXJpU2lnbiBUcnVzdCBOZXR3b3JrMTswOQYDVQQLEzJUZXJtcyBvZiB1c2Ug ... -----END CERTIFICATE----- 1 s:/C=US/O=VeriSign, Inc./OU=VeriSign Trust Network/OU=Terms of use at ... i:/C=US/O=VeriSign, Inc./OU=VeriSign Trust Network/OU=(c) 2006 VeriSig... -----BEGIN CERTIFICATE----- MIIF5DCCBMygAwIBAgIQW3dZxheE4V7HJ8AylSkoazANBgkqhkiG9w0BAQUFADCB yjELMAkGA1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMR8wHQYDVQQL ExZWZXJpU2lnbiBUcnVzdCBOZXR3b3JrMTowOAYDVQQLEzEoYykgMjAwNiBWZXJp ... -----END CERTIFICATE----- --- Server certificate subject=/1.3.6.1.4.1.311.60.2.1.3=US/1.3.6.1.4.1.311.60.2.1.2=Delaware/2.... issuer=/C=US/O=VeriSign, Inc./OU=VeriSign Trust Network/OU=Terms of use a... --- No client certificate CA names sent --- SSL handshake has read 3329 bytes and written 438 bytes --- New, TLSv1/SSLv3, Cipher is RC4-SHA Server public key is 2048 bit Compression: NONE Expansion: NONE SSL-Session: Protocol : TLSv1 Cipher : RC4-SHA Session-ID: 91750A293C83127D339C31FF8A5089E4B379BD357E45C5FC489EA1421... Session-ID-ctx: Master-Key: 4419CFF3988C6417198A9CCB0F3B85959407C288F792F25D53A6677CC... Key-Arg : None Start Time: 1342620119 Timeout : 300 (sec) Verify return code: 20 (unable to get local issuer certificate) ---
What you are getting from the output:
2012-07-24, 14044👍, 0💬
Popular Posts:
Why I am getting the "variable lookup failed for ca::policy" error when running OpenSSL "ca" command...
How does the OpenSSL verify operation work? What are the steps used by OpenSSL to verify a certifica...
What is the DER (Distinguished Encoding Rules) encoding used in the OpenSSL "asn1parse" command? DER...
Hi to all! Please help somebody I have certificate signed by CA(it should root for me), also generat...
Certificate summary - Owner: *.xhamster.com, PositiveSSL Wildcard, Domain Control Validated Issuer: ...