Using the OpenSSL command to Test the SSL Certificate

justyy (81)in #wherein • 4 years ago

Usually, in the browser, by clicking the Lock icon, you can view the SSL certificate information.

And, we can also run the openssl command to view the server ceritifcate (e.g. SSL chain) on command line. For example:

$ openssl s_client -connect steemyy.com:443
CONNECTED(00000003)
depth=2 C = IE, O = Baltimore, OU = CyberTrust, CN = Baltimore CyberTrust Root
verify return:1
depth=1 C = US, ST = CA, L = San Francisco, O = "CloudFlare, Inc.", CN = CloudFlare Inc ECC CA-2
verify return:1
depth=0 C = US, ST = CA, L = San Francisco, O = "Cloudflare, Inc.", CN = sni.cloudflaressl.com
verify return:1
---
Certificate chain
 0 s:C = US, ST = CA, L = San Francisco, O = "Cloudflare, Inc.", CN = sni.cloudflaressl.com
   i:C = US, ST = CA, L = San Francisco, O = "CloudFlare, Inc.", CN = CloudFlare Inc ECC CA-2
 1 s:C = US, ST = CA, L = San Francisco, O = "CloudFlare, Inc.", CN = CloudFlare Inc ECC CA-2
   i:C = IE, O = Baltimore, OU = CyberTrust, CN = Baltimore CyberTrust Root
---
Server certificate
-----BEGIN CERTIFICATE-----
MIIE4zCCBIqgAwIBAgIQBCfBw9AilNa08J+J3QevBTAKBggqhkjOPQQDAjBvMQsw
CQYDVQQGEwJVUzELMAkGA1UECBMCQ0ExFjAUBgNVBAcTDVNhbiBGcmFuY2lzY28x
GTAXBgNVBAoTEENsb3VkRmxhcmUsIEluYy4xIDAeBgNVBAMTF0Nsb3VkRmxhcmUg
SW5jIEVDQyBDQS0yMB4XDTE5MDgzMTAwMDAwMFoXDTIwMDgzMDEyMDAwMFowbTEL
MAkGA1UEBhMCVVMxCzAJBgNVBAgTAkNBMRYwFAYDVQQHEw1TYW4gRnJhbmNpc2Nv
MRkwFwYDVQQKExBDbG91ZGZsYXJlLCBJbmMuMR4wHAYDVQQDExVzbmkuY2xvdWRm
bGFyZXNzbC5jb20wWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAAQItPIArTdvymcD
ZKhxChknZYgeNR6sJPCmEsRSx9VlM5P4XZ76Z0EciWFP3K4IWqxWTB7UwtWU8v85
9gbU2IB1o4IDCDCCAwQwHwYDVR0jBBgwFoAUPnQtH89FdQR+P8Cihz5MQ4NRE8Yw
HQYDVR0OBBYEFEGkpNBZnq5y8J0RmBtmsrW2ehUTMDwGA1UdEQQ1MDOCFXNuaS5j
bG91ZGZsYXJlc3NsLmNvbYILc3RlZW15eS5jb22CDSouc3RlZW15eS5jb20wDgYD
VR0PAQH/BAQDAgeAMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjB5BgNV
HR8EcjBwMDagNKAyhjBodHRwOi8vY3JsMy5kaWdpY2VydC5jb20vQ2xvdWRGbGFy
ZUluY0VDQ0NBMi5jcmwwNqA0oDKGMGh0dHA6Ly9jcmw0LmRpZ2ljZXJ0LmNvbS9D
bG91ZEZsYXJlSW5jRUNDQ0EyLmNybDBMBgNVHSAERTBDMDcGCWCGSAGG/WwBATAq
MCgGCCsGAQUFBwIBFhxodHRwczovL3d3dy5kaWdpY2VydC5jb20vQ1BTMAgGBmeB
DAECAjB2BggrBgEFBQcBAQRqMGgwJAYIKwYBBQUHMAGGGGh0dHA6Ly9vY3NwLmRp
Z2ljZXJ0LmNvbTBABggrBgEFBQcwAoY0aHR0cDovL2NhY2VydHMuZGlnaWNlcnQu
Y29tL0Nsb3VkRmxhcmVJbmNFQ0NDQS0yLmNydDAMBgNVHRMBAf8EAjAAMIIBBAYK
KwYBBAHWeQIEAgSB9QSB8gDwAHcA7ku9t3XOYLrhQmkfq+GeZqMPfl+wctiDAMR7
iXqo/csAAAFs57zC6gAABAMASDBGAiEAlUlhMpLWk4xOF17OKD0+9jxANQLP6RVT
3p6ay+2WxA4CIQCwlyeq834aUfNM6UOK6qCWpJfpvp/vtIVXFd2rbIUA/AB1AF6n
c/nfVsDntTZIfdBJ4DJ6kZoMhKESEoQYdZaBcUVYAAABbOe8wtsAAAQDAEYwRAIg
Q5K8yHiH8pjY/IIWxbI3rQhN1wTWjRyoDzrOdgxWTUUCIBEaKpx/wfD9Zk1xFu41
Mpxc2SVr0vmFqWxu2FzXT9TrMAoGCCqGSM49BAMCA0cAMEQCIAWkpWQQHu0Q2gdd
3Jc+SWUwQaNNQzEmOizl/t5q0wCOAiBAByk2Iq+jkkNicNJMIwKKz/DUnjoqED2a
ngIPSe4yAA==
-----END CERTIFICATE-----
subject=C = US, ST = CA, L = San Francisco, O = "Cloudflare, Inc.", CN = sni.cloudflaressl.com

issuer=C = US, ST = CA, L = San Francisco, O = "CloudFlare, Inc.", CN = CloudFlare Inc ECC CA-2

---
No client certificate CA names sent
Peer signing digest: SHA256
Peer signature type: ECDSA
Server Temp Key: X25519, 253 bits
---
SSL handshake has read 2505 bytes and written 393 bytes
Verification: OK
---
New, TLSv1.3, Cipher is TLS_AES_256_GCM_SHA384
Server public key is 256 bit
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
Early data was not sent
Verify return code: 0 (ok)
---
---
Post-Handshake New Session Ticket arrived:
SSL-Session:
    Protocol  : TLSv1.3
    Cipher    : TLS_AES_256_GCM_SHA384
    Session-ID: 00E1D8FEFBAE3B932AAAF53F9F718F1F86C0F054DCE4FCBB5FC15C3F468B9023
    Session-ID-ctx: 
    Resumption PSK: CF2880D9CCB03AEEBE0F15AA402EB1AEDE7ADE0E10E0E810B8EE4B6BAB0D131E3A1443A2BAF753804CE9D1570CA939A6
    PSK identity: None
    PSK identity hint: None
    SRP username: None
    TLS session ticket lifetime hint: 64800 (seconds)
    TLS session ticket:
    0000 - 24 29 83 3e 7e 68 72 88-be fe 43 06 e6 91 6b 2e   $).>~hr...C...k.
    0010 - 39 0e 02 49 30 d2 25 94-19 56 15 c2 b9 fc 16 ac   9..I0.%..V......
    0020 - 3b 07 3b 00 55 03 4f 79-15 54 1c 3f 18 01 38 20   ;.;.U.Oy.T.?..8 
    0030 - aa 62 0a 30 92 6b f5 f2-32 90 58 95 19 b6 75 7e   .b.0.k..2.X...u~
    0040 - b8 0f 62 f9 f5 43 d7 e7-07 b2 fe 3a 1c 10 3c af   ..b..C.....:..<.
    0050 - 75 81 96 9b 4c 01 ca 34-38 3c 12 f2 5f 6e 03 1d   u...L..48<.._n..
    0060 - 94 2e d2 cc d0 3c 5e 92-59 64 b0 78 8b 01 d0 8e   .....<^.Yd.x....
    0070 - 43 8d a1 d4 74 9a 34 49-4e de 19 b3 f2 70 a6 a1   C...t.4IN....p..
    0080 - 0c bc 4e 03 f4 71 de fd-a7 44 78 e8 f3 e7 a7 54   ..N..q...Dx....T
    0090 - 56 52 0c 15 15 d4 65 93-3e e6 cc 93 9a dc 0b 54   VR....e.>......T
    00a0 - 4b 05 6d 46 e4 3a 7a 11-44 04 f1 2a d9 93 bc ec   K.mF.:z.D..*....
    00b0 - f3 ee 72 41 fe db 5b b3-02 81 d6 ca 05 59 91 95   ..rA..[......Y..
    00c0 - f1 76 a9 c8 7a e0 ef 97-d8 4f 05 3d 16 3f 3f 0c   .v..z....O.=.??.

    Start Time: 1595760096
    Timeout   : 7200 (sec)
    Verify return code: 0 (ok)
    Extended master secret: no
    Max Early Data: 14336
---
read R BLOCK
---
Post-Handshake New Session Ticket arrived:
SSL-Session:
    Protocol  : TLSv1.3
    Cipher    : TLS_AES_256_GCM_SHA384
    Session-ID: C4855EC8C5E523EC6C57147A4862E1379A7F12D90287993393E3B1CBFB47A6A2
    Session-ID-ctx: 
    Resumption PSK: A02A21B1EC2A62EB33CD7517A88038EF26D11E5467EAE1EBBA218F3AE70088D422CD6917148AF26C6EA475735C1A263F
    PSK identity: None
    PSK identity hint: None
    SRP username: None
    TLS session ticket lifetime hint: 64800 (seconds)
    TLS session ticket:
    0000 - 24 29 83 3e 7e 68 72 88-be fe 43 06 e6 91 6b 2e   $).>~hr...C...k.
    0010 - da 18 c1 ca ff 47 24 95-d8 8a 19 af 0f f5 ca f1   .....G$.........
    0020 - 60 1a bd b5 6a 28 f8 2a-78 d6 37 04 d1 3b cc 9c   `...j(.*x.7..;..
    0030 - 75 1a e7 c1 43 bf 71 79-8c 58 89 0b 75 34 5d aa   u...C.qy.X..u4].
    0040 - 91 a1 51 68 a6 aa 05 17-53 ce c2 7c 56 fb bc 26   ..Qh....S..|V..&
    0050 - b1 2f ff 2c ff 7e 35 13-8e 7a f8 4a bc 85 a2 0b   ./.,.~5..z.J....
    0060 - f2 8b 01 65 4e 71 1e 5e-db 8d 94 4a a8 86 cc e4   ...eNq.^...J....
    0070 - c3 fe 5c ed a3 74 23 82-67 07 a3 5b 8b 3b 08 97   ..\..t#.g..[.;..
    0080 - fc 52 81 c1 7c 6d 46 a6-9f fb c4 33 53 12 21 fc   .R..|mF....3S.!.
    0090 - 34 79 72 8d 40 d1 94 9b-1b 72 b1 37 ee bb 65 dc   [email protected].
    00a0 - 0d 88 1b e2 35 4e 6e 89-07 b4 53 be 43 6d 7e d2   ....5Nn...S.Cm~.
    00b0 - fa 21 a2 fd ae bb 55 6d-62 c7 38 99 50 31 fd 09   .!....Umb.8.P1..
    00c0 - de 3f 8b cd 1f f6 ec 4a-fa 3b 7f 43 cb b7 c6 1d   .?.....J.;.C....

    Start Time: 1595760096
    Timeout   : 7200 (sec)
    Verify return code: 0 (ok)
    Extended master secret: no
    Max Early Data: 14336
---
read R BLOCK
closed

Every little helps! I hope this helps!

Steem On!~

Reposted to Computing & Technology

If you like my work, please consider voting for me, thanks!
https://steemit.com/~witnesses type in justyy and click VOTE

Alternatively, you could proxy to me if you are too lazy to vote!

Also: you can vote me at the tool I made: https://steemyy.com/witness-voting/?witness=justyy

#wherein-daka #whaleplower #zzan #upfundme #palnet #marlians

4 years ago in #wherein by justyy (81)

$23.27

STEEM 0.28

TRX 0.13

JST 0.032

BTC 63041.44

ETH 2985.81

USDT 1.00

SBD 3.61

Using the OpenSSL command to Test the SSL Certificate

Steem On!~

Coin Marketplace