Collections:
Other Resources:
OpenSSL "s_client -connect" - Show Server Certificate Chain
How to show all certificates in the server certificate chain using the OpenSSL "s_client -connect" command? I know the server uses multiple intermediate CA certificates.
✍: FYIcenter.com
You can get all certificates in the server certificate chain if use "s_client -connect" with the "-showcerts" option as shown below:
C:\Users\fyicenter>\local\openssl\openssl.exe s_client \ -connect www.twitter.com:443 -showcerts > twitter_chain.pem C:\Users\fyicenter>type twitter_chain.pem CONNECTED(00000160) --- Certificate chain 0 s:/1.3.6.1.4.1.311.60.2.1.3=US/1.3.6.1.4.1.311.60.2.1.2=Delaware/2.5.4... i:/C=US/O=VeriSign, Inc./OU=VeriSign Trust Network/OU=Terms of use at ... -----BEGIN CERTIFICATE----- MIIGfDCCBWSgAwIBAgIQHiLHN6ORXj+rZcS1pByuRjANBgkqhkiG9w0BAQUFADCB ujELMAkGA1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMR8wHQYDVQQL ExZWZXJpU2lnbiBUcnVzdCBOZXR3b3JrMTswOQYDVQQLEzJUZXJtcyBvZiB1c2Ug ... -----END CERTIFICATE----- 1 s:/C=US/O=VeriSign, Inc./OU=VeriSign Trust Network/OU=Terms of use at ... i:/C=US/O=VeriSign, Inc./OU=VeriSign Trust Network/OU=(c) 2006 VeriSig... -----BEGIN CERTIFICATE----- MIIF5DCCBMygAwIBAgIQW3dZxheE4V7HJ8AylSkoazANBgkqhkiG9w0BAQUFADCB yjELMAkGA1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMR8wHQYDVQQL ExZWZXJpU2lnbiBUcnVzdCBOZXR3b3JrMTowOAYDVQQLEzEoYykgMjAwNiBWZXJp ... -----END CERTIFICATE----- --- Server certificate subject=/1.3.6.1.4.1.311.60.2.1.3=US/1.3.6.1.4.1.311.60.2.1.2=Delaware/2.... issuer=/C=US/O=VeriSign, Inc./OU=VeriSign Trust Network/OU=Terms of use a... --- No client certificate CA names sent --- SSL handshake has read 3329 bytes and written 438 bytes --- New, TLSv1/SSLv3, Cipher is RC4-SHA Server public key is 2048 bit Compression: NONE Expansion: NONE SSL-Session: Protocol : TLSv1 Cipher : RC4-SHA Session-ID: 91750A293C83127D339C31FF8A5089E4B379BD357E45C5FC489EA1421... Session-ID-ctx: Master-Key: 4419CFF3988C6417198A9CCB0F3B85959407C288F792F25D53A6677CC... Key-Arg : None Start Time: 1342620119 Timeout : 300 (sec) Verify return code: 20 (unable to get local issuer certificate) ---
What you are getting from the output:
2012-07-24, 16672🔥, 0💬
Popular Posts:
How to manage certificates in Mozilla Firefox 47 browser? Where is the Certificate Manager in Mozill...
Certificate summary - Owner: www.samsung.com, COMODO SSL Unified Communications, Domain Control Vali...
Certificate summary - Owner: GlobalSign Extended Validation CA - G2, GlobalSign nv-sa, BE Issuer: Gl...
How to import a certificate from a certificate file into a new certificate store with Microsoft "cer...
Certificate summary - Owner: support2.cdnetworks.net, CDNetworks Inc., L=San Jose, ST=California, US...