Categories:
Android (13)
Apple Mac (27)
DH Keys (39)
DSA Keys (83)
EC Keys (2463)
Firefox (30)
General (10)
Google Chrome (25)
Intermediate CA (152)
Java VM (29)
JDK Keytool (28)
Microsoft CertUtil (29)
Microsoft Edge (9)
Mozilla CertUtil (21)
OpenSSL (236)
Other (7)
Portecle (38)
Publishers (6622)
Revoked Certificates (16)
Root CA (85)
RSA Keys (5335)
Tools (46)
Tutorial (1)
What Is (22)
Windows (127)
Collections:
Other Resources:
OpenSSL "s_client -connect" - Show Server Certificate Chain
How to show all certificates in the server certificate chain using the OpenSSL "s_client -connect" command? I know the server uses multiple intermediate CA certificates.
✍: FYIcenter.com
You can get all certificates in the server certificate chain if use "s_client -connect" with the "-showcerts" option as shown below:
C:\Users\fyicenter>\local\openssl\openssl.exe s_client \ -connect www.twitter.com:443 -showcerts > twitter_chain.pem C:\Users\fyicenter>type twitter_chain.pem CONNECTED(00000160) --- Certificate chain 0 s:/1.3.6.1.4.1.311.60.2.1.3=US/1.3.6.1.4.1.311.60.2.1.2=Delaware/2.5.4... i:/C=US/O=VeriSign, Inc./OU=VeriSign Trust Network/OU=Terms of use at ... -----BEGIN CERTIFICATE----- MIIGfDCCBWSgAwIBAgIQHiLHN6ORXj+rZcS1pByuRjANBgkqhkiG9w0BAQUFADCB ujELMAkGA1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMR8wHQYDVQQL ExZWZXJpU2lnbiBUcnVzdCBOZXR3b3JrMTswOQYDVQQLEzJUZXJtcyBvZiB1c2Ug ... -----END CERTIFICATE----- 1 s:/C=US/O=VeriSign, Inc./OU=VeriSign Trust Network/OU=Terms of use at ... i:/C=US/O=VeriSign, Inc./OU=VeriSign Trust Network/OU=(c) 2006 VeriSig... -----BEGIN CERTIFICATE----- MIIF5DCCBMygAwIBAgIQW3dZxheE4V7HJ8AylSkoazANBgkqhkiG9w0BAQUFADCB yjELMAkGA1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMR8wHQYDVQQL ExZWZXJpU2lnbiBUcnVzdCBOZXR3b3JrMTowOAYDVQQLEzEoYykgMjAwNiBWZXJp ... -----END CERTIFICATE----- --- Server certificate subject=/1.3.6.1.4.1.311.60.2.1.3=US/1.3.6.1.4.1.311.60.2.1.2=Delaware/2.... issuer=/C=US/O=VeriSign, Inc./OU=VeriSign Trust Network/OU=Terms of use a... --- No client certificate CA names sent --- SSL handshake has read 3329 bytes and written 438 bytes --- New, TLSv1/SSLv3, Cipher is RC4-SHA Server public key is 2048 bit Compression: NONE Expansion: NONE SSL-Session: Protocol : TLSv1 Cipher : RC4-SHA Session-ID: 91750A293C83127D339C31FF8A5089E4B379BD357E45C5FC489EA1421... Session-ID-ctx: Master-Key: 4419CFF3988C6417198A9CCB0F3B85959407C288F792F25D53A6677CC... Key-Arg : None Start Time: 1342620119 Timeout : 300 (sec) Verify return code: 20 (unable to get local issuer certificate) ---
What you are getting from the output:
2012-07-24, 16292🔥, 0💬
Popular Posts:
Certificate summary - Owner: www.1and1.com, Akamai SAN SSL OV, 1&1 Internet AG, L=Montabaur, ST=...
Where to find general information about certificates on Windows? I want to get basic understanding o...
How to import a key pair with Portecle? To import a key pair into a keystore from a PKCS #12 keystor...
Certificate summary - Owner: *.mail.ru, IT, LLC Mail.Ru, L=Moscow, ST=Moscow, RU Issuer: Thawte SSL ...
How to generate a pair of RSA Private Key and Public Key? To help you to generate a pair of RSA Priv...