Collections:
Other Resources:
OpenSSL "s_client -connect" - Show Server Certificate Chain
How to show all certificates in the server certificate chain using the OpenSSL "s_client -connect" command? I know the server uses multiple intermediate CA certificates.
✍: FYIcenter.com
You can get all certificates in the server certificate chain if use "s_client -connect" with the "-showcerts" option as shown below:
C:\Users\fyicenter>\local\openssl\openssl.exe s_client \ -connect www.twitter.com:443 -showcerts > twitter_chain.pem C:\Users\fyicenter>type twitter_chain.pem CONNECTED(00000160) --- Certificate chain 0 s:/1.3.6.1.4.1.311.60.2.1.3=US/1.3.6.1.4.1.311.60.2.1.2=Delaware/2.5.4... i:/C=US/O=VeriSign, Inc./OU=VeriSign Trust Network/OU=Terms of use at ... -----BEGIN CERTIFICATE----- MIIGfDCCBWSgAwIBAgIQHiLHN6ORXj+rZcS1pByuRjANBgkqhkiG9w0BAQUFADCB ujELMAkGA1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMR8wHQYDVQQL ExZWZXJpU2lnbiBUcnVzdCBOZXR3b3JrMTswOQYDVQQLEzJUZXJtcyBvZiB1c2Ug ... -----END CERTIFICATE----- 1 s:/C=US/O=VeriSign, Inc./OU=VeriSign Trust Network/OU=Terms of use at ... i:/C=US/O=VeriSign, Inc./OU=VeriSign Trust Network/OU=(c) 2006 VeriSig... -----BEGIN CERTIFICATE----- MIIF5DCCBMygAwIBAgIQW3dZxheE4V7HJ8AylSkoazANBgkqhkiG9w0BAQUFADCB yjELMAkGA1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMR8wHQYDVQQL ExZWZXJpU2lnbiBUcnVzdCBOZXR3b3JrMTowOAYDVQQLEzEoYykgMjAwNiBWZXJp ... -----END CERTIFICATE----- --- Server certificate subject=/1.3.6.1.4.1.311.60.2.1.3=US/1.3.6.1.4.1.311.60.2.1.2=Delaware/2.... issuer=/C=US/O=VeriSign, Inc./OU=VeriSign Trust Network/OU=Terms of use a... --- No client certificate CA names sent --- SSL handshake has read 3329 bytes and written 438 bytes --- New, TLSv1/SSLv3, Cipher is RC4-SHA Server public key is 2048 bit Compression: NONE Expansion: NONE SSL-Session: Protocol : TLSv1 Cipher : RC4-SHA Session-ID: 91750A293C83127D339C31FF8A5089E4B379BD357E45C5FC489EA1421... Session-ID-ctx: Master-Key: 4419CFF3988C6417198A9CCB0F3B85959407C288F792F25D53A6677CC... Key-Arg : None Start Time: 1342620119 Timeout : 300 (sec) Verify return code: 20 (unable to get local issuer certificate) ---
What you are getting from the output:
2012-07-24, 16🔥, 0💬
Popular Posts:
What certificates are included in the OpenJDK 11 default trusted certificate keystore file: "cacerts...
Certificate Summary: Subject: Encryption Everywhere DV TLS CA - G1 Issuer: DigiCert Global Root CA E...
Certificate summary - Owner: www.xuite.net, ??????????, TW Issuer: Public Certification Authority, "...
What is Wormly SSL Web Server Tester? Wormly SSL Web Server Tester is an online tool that checks a s...
Certificate summary - Owner: *.canalblog.com, WEBEDIA, L=Paris, ST=Gers, FR Issuer: DigiCert Secure ...