Collections:
Other Resources:
OpenSSL "s_client -connect" - Show Server Certificate Chain
How to show all certificates in the server certificate chain using the OpenSSL "s_client -connect" command? I know the server uses multiple intermediate CA certificates.
✍: FYIcenter.com
You can get all certificates in the server certificate chain if use "s_client -connect" with the "-showcerts" option as shown below:
C:\Users\fyicenter>\local\openssl\openssl.exe s_client \ -connect www.twitter.com:443 -showcerts > twitter_chain.pem C:\Users\fyicenter>type twitter_chain.pem CONNECTED(00000160) --- Certificate chain 0 s:/1.3.6.1.4.1.311.60.2.1.3=US/1.3.6.1.4.1.311.60.2.1.2=Delaware/2.5.4... i:/C=US/O=VeriSign, Inc./OU=VeriSign Trust Network/OU=Terms of use at ... -----BEGIN CERTIFICATE----- MIIGfDCCBWSgAwIBAgIQHiLHN6ORXj+rZcS1pByuRjANBgkqhkiG9w0BAQUFADCB ujELMAkGA1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMR8wHQYDVQQL ExZWZXJpU2lnbiBUcnVzdCBOZXR3b3JrMTswOQYDVQQLEzJUZXJtcyBvZiB1c2Ug ... -----END CERTIFICATE----- 1 s:/C=US/O=VeriSign, Inc./OU=VeriSign Trust Network/OU=Terms of use at ... i:/C=US/O=VeriSign, Inc./OU=VeriSign Trust Network/OU=(c) 2006 VeriSig... -----BEGIN CERTIFICATE----- MIIF5DCCBMygAwIBAgIQW3dZxheE4V7HJ8AylSkoazANBgkqhkiG9w0BAQUFADCB yjELMAkGA1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMR8wHQYDVQQL ExZWZXJpU2lnbiBUcnVzdCBOZXR3b3JrMTowOAYDVQQLEzEoYykgMjAwNiBWZXJp ... -----END CERTIFICATE----- --- Server certificate subject=/1.3.6.1.4.1.311.60.2.1.3=US/1.3.6.1.4.1.311.60.2.1.2=Delaware/2.... issuer=/C=US/O=VeriSign, Inc./OU=VeriSign Trust Network/OU=Terms of use a... --- No client certificate CA names sent --- SSL handshake has read 3329 bytes and written 438 bytes --- New, TLSv1/SSLv3, Cipher is RC4-SHA Server public key is 2048 bit Compression: NONE Expansion: NONE SSL-Session: Protocol : TLSv1 Cipher : RC4-SHA Session-ID: 91750A293C83127D339C31FF8A5089E4B379BD357E45C5FC489EA1421... Session-ID-ctx: Master-Key: 4419CFF3988C6417198A9CCB0F3B85959407C288F792F25D53A6677CC... Key-Arg : None Start Time: 1342620119 Timeout : 300 (sec) Verify return code: 20 (unable to get local issuer certificate) ---
What you are getting from the output:
2012-07-24, 16319🔥, 0💬
Popular Posts:
How to see more security related information on View Page Info in Mozilla Firefox 47? To see more se...
Certificate Summary: Subject: *.google.com Issuer: Google Internet Authority Expiration: 2013-10-31 ...
Certificate summary - Owner: www.capitalone.com, Digital STS, Capital One Financial Corporation, STR...
How to specify DN value defaults when using the "prompt=yes" mode of the OpenSSL "req -new" command?...
Certificate Summary: Subject: thawte Primary Root CA Issuer: thawte Primary Root CA Expiration: 2036...