TWiki>
CF Web>CertMaintenanceCollapsed>CertOpensslCommand>IncludeCertTestOpenssl (2013-11-01, AdrianPepper)
EditAttach
CF Web>CertMaintenanceCollapsed>CertOpensslCommand>IncludeCertTestOpenssl (2013-11-01, AdrianPepper) EditAttachUse the openssl Command to Test Certificate Installations
To see how this inclusion page fits in with similar ones, perhaps see one of| IncludeCertTestOpenssl |
openssl command has an s_client sub-command which can
be a simple client for SSL smtp, imap, pop or ftp.
arpepper@cscfpc20:~$ echo quit | openssl s_client -crlf -connect mail.cs.uwaterloo.ca:465
arpepper@cscfpc20:~$ echo quit | openssl s_client -starttls smtp -crlf -connect mail.cs.uwaterloo.ca:25
arpepper@cscfpc20:~$ echo 0 logout | openssl s_client -starttls imap -crlf -connect mail.cs.uwaterloo.ca:imap
arpepper@cscfpc20:~$ echo 0 logout | openssl s_client -crlf -connect mail.cs.uwaterloo.ca:imaps
arpepper@cscfpc20:~$ echo quit | openssl s_client -starttls pop3 -crlf -connect plg2.cs.uwaterloo.ca:110
arpepper@cscfpc20:~$ echo quit | openssl s_client -crlf -connect plg2.cs.uwaterloo.ca:995
I had to hunt around for a pop3 example, because that is being shut down.
The output from the above is lengthy, and includes the main server
certificate.
You can use the openssl command to view its details.
Other options can be given to the above. Most useful might be -showcerts
which will show the entire certificate chain. Also -CAfile <file> or -CApath <dir>.
arpepper@cscfpc20:~$ echo 0 logout | openssl s_client -showcerts -CApath /etc/ssl/certs -starttls imap -crlf -connect mail.cs.uwaterloo.ca:imap
-starttls http is not supported, since there is no such concept. But since https is a standard SSL protocol port, the following does work to view the certificate used by https:
arpepper@cscfpc20:~$ cat /dev/null | openssl s_client -crlf -connect cs.uwaterloo.ca:443Since
openssl x509 -text does ignore information outside the recognized
CERTIFICATE area, the above commands can all be piped directly into it.
arpepper@cscfpc20:~$ echo 0 logout | openssl s_client -starttls imap -crlf -connect mail.cs.uwaterloo.ca:imap | openssl x509 -text
There might be a little untidy stderr output at the beginning, so...
arpepper@cscfpc20:~$ echo 0 logout | 2>/dev/null openssl s_client -starttls imap -crlf -connect mail.cs.uwaterloo.ca:imap | openssl x509 -text
| IncludeAdrianReferers |
Referers
This topic IncludeCertTestOpenssl is referred to by... -- AdrianPepper - 2013-07-08 Edit | Attach | Topic revision: r2 - 2013-11-01 - AdrianPepper
Information in this area is meant for use by CSCF staff and is not official documentation, but anybody who is interested is welcome to use it if they find it useful.
- CF Web
- CF Web Home
- Changes
- Index
- Search
- Administration
- Communication
- Hardware
- HelpDeskGuide
- Infrastructure
- InternalProjects
- Linux
- MachineNotes
- Macintosh
- Management
- Networking
- Printing
- Research
- Security
- Software
- Solaris
- StaffStuff
- TaskGroups
- TermGoals
- Teaching
- UserSupport
- Vendors
- Windows
- XHier
- Other Webs
- My links
 |
|
Copyright © 2008-2024 by the contributing authors. All material on this collaboration platform is the property of the contributing authors. Ideas, requests, problems regarding TWiki? Send feedback