Recent Changes - Search:


Code:


Social:


My journals will take the place of a blog. If you go to the Journal page there is an RSS feed to subscribe with.

(:blogcal group=Journal:)


Sites I take responsibility for

West Volusia, Florida

Documents

Technical

General

Me

Living

Places I frequent

Hobbies

Humor

Items for sale:


Clipboard

edit SideBar

SSL HOWTO's

Include our styles below Infobox - invoke as >>infobox<< ... >><<

Codebox: - invoke as >>codebox<< ... >><<

warnbox: - invoke as >>codebox<< ... >><<

editingbox: - invoke as >>codebox<< ... >><<

noticebox: - invoke as >>codebox<< ... >><<

Page bread crumbs: Main - MyPublicTechnicalNotes - SoftwareAndOperatingSystems - Software - Server - Web - SSL

Pages by tags: (:listtags:)
Subscribe to this wiki: RSS Feed RSS or subscribe to this page for changes: RSS Feed RSS
496 articles have been published so far. Recent changes
(:addThis btn="custom":)

2016-03-22: This site is being moved to my main site at https://kevininscoe.com/wiki as part of a consolidation to one domain.


See also Apache SSL Certificates

Testing a SSL servers certificate:

This is using OpenSSL

Check the default certificate server name:

This was done on a Linux host running

(:code lang=Bash wrap=80:) $ openssl version OpenSSL 1.0.1f 6 Jan 2014 $ nslookup encrypted.google.com Server: 10.88.58.26 Address: 10.88.58.26#53

Non-authoritative answer: encrypted.google.com canonical name = www3.l.google.com. Name: www3.l.google.com Address: 74.125.226.37 Name: www3.l.google.com Address: 74.125.226.38 Name: www3.l.google.com Address: 74.125.226.39 Name: www3.l.google.com Address: 74.125.226.40 Name: www3.l.google.com Address: 74.125.226.41 Name: www3.l.google.com Address: 74.125.226.46 Name: www3.l.google.com Address: 74.125.226.32 Name: www3.l.google.com Address: 74.125.226.33 Name: www3.l.google.com Address: 74.125.226.34 Name: www3.l.google.com Address: 74.125.226.35 Name: www3.l.google.com Address: 74.125.226.36

$ openssl s_client -connect 74.125.226.37:443 -servername encrypted.google.com CONNECTED(00000003) depth=3 C = US, O = Equifax, OU = Equifax Secure Certificate Authority verify return:1 depth=2 C = US, O = GeoTrust Inc., CN = GeoTrust Global CA verify return:1 depth=1 C = US, O = Google Inc, CN = Google Internet Authority G2 verify return:1 depth=0 C = US, ST = California, L = Mountain View, O = Google Inc, CN = *.google.com verify return:1 --- Certificate chain

 0 s:/C=US/ST=California/L=Mountain View/O=Google Inc/CN=*.google.com
   i:/C=US/O=Google Inc/CN=Google Internet Authority G2
 1 s:/C=US/O=Google Inc/CN=Google Internet Authority G2
   i:/C=US/O=GeoTrust Inc./CN=GeoTrust Global CA
 2 s:/C=US/O=GeoTrust Inc./CN=GeoTrust Global CA
   i:/C=US/O=Equifax/OU=Equifax Secure Certificate Authority

--- Server certificate


BEGIN CERTIFICATE-----

MIIHPzCCBiegAwIBAgIIYPRLWfstowgwDQYJKoZIhvcNAQEFBQAwSTELMAkGA1UE BhMCVVMxEzARBgNVBAoTCkdvb2dsZSBJbmMxJTAjBgNVBAMTHEdvb2dsZSBJbnRl cm5ldCBBdXRob3JpdHkgRzIwHhcNMTQwMjEyMTQ1ODEwWhcNMTQwNjEyMDAwMDAw WjBmMQswCQYDVQQGEwJVUzETMBEGA1UECAwKQ2FsaWZvcm5pYTEWMBQGA1UEBwwN TW91bnRhaW4gVmlldzETMBEGA1UECgwKR29vZ2xlIEluYzEVMBMGA1UEAwwMKi5n b29nbGUuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAm3GrFAAI chwKjqYKFad/RntsVBqu/kmn8tSMytNs4JrHlMCb6rVQhbus3l3OoDyD7+BVOGG2 qH90IDBr+BwuAOAyZ/uOPrkIqjFJalSsr/eD9+UA8JkM1+KtWa+XiceTr/phnqQB Lfaf6Vsl+ENXh8gBLBaA6EWxCPSAGq7tRi67i9VEOEA63sqnJjPqQGuBsqfRqw4s LF0gCo0IRcf7KjWWCj/M9bUZ3LR7aFvaA8fqWon7UQNLbCR0OdouUuV6kMBoA6QX abnbYuwBrs5RdYljyChBBay6yjfJPeU6G4/LnNwHm+RxdQieh1c/IxK3LdkveV19 Xvcd+I2TpwRUAQIDAQABo4IEDDCCBAgwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsG AQUFBwMCMIIC4gYDVR0RBIIC2TCCAtWCDCouZ29vZ2xlLmNvbYINKi5hbmRyb2lk LmNvbYIWKi5hcHBlbmdpbmUuZ29vZ2xlLmNvbYISKi5jbG91ZC5nb29nbGUuY29t ghYqLmdvb2dsZS1hbmFseXRpY3MuY29tggsqLmdvb2dsZS5jYYILKi5nb29nbGUu Y2yCDiouZ29vZ2xlLmNvLmlugg4qLmdvb2dsZS5jby5qcIIOKi5nb29nbGUuY28u dWuCDyouZ29vZ2xlLmNvbS5hcoIPKi5nb29nbGUuY29tLmF1gg8qLmdvb2dsZS5j b20uYnKCDyouZ29vZ2xlLmNvbS5jb4IPKi5nb29nbGUuY29tLm14gg8qLmdvb2ds ZS5jb20udHKCDyouZ29vZ2xlLmNvbS52boILKi5nb29nbGUuZGWCCyouZ29vZ2xl LmVzggsqLmdvb2dsZS5mcoILKi5nb29nbGUuaHWCCyouZ29vZ2xlLml0ggsqLmdv b2dsZS5ubIILKi5nb29nbGUucGyCCyouZ29vZ2xlLnB0gg8qLmdvb2dsZWFwaXMu Y26CFCouZ29vZ2xlY29tbWVyY2UuY29tghEqLmdvb2dsZXZpZGVvLmNvbYINKi5n c3RhdGljLmNvbYIKKi5ndnQxLmNvbYIMKi51cmNoaW4uY29tghAqLnVybC5nb29n bGUuY29tghYqLnlvdXR1YmUtbm9jb29raWUuY29tgg0qLnlvdXR1YmUuY29tghYq LnlvdXR1YmVlZHVjYXRpb24uY29tggsqLnl0aW1nLmNvbYILYW5kcm9pZC5jb22C BGcuY2+CBmdvby5nbIIUZ29vZ2xlLWFuYWx5dGljcy5jb22CCmdvb2dsZS5jb22C Emdvb2dsZWNvbW1lcmNlLmNvbYIKdXJjaGluLmNvbYIIeW91dHUuYmWCC3lvdXR1 YmUuY29tghR5b3V0dWJlZWR1Y2F0aW9uLmNvbTBoBggrBgEFBQcBAQRcMFowKwYI KwYBBQUHMAKGH2h0dHA6Ly9wa2kuZ29vZ2xlLmNvbS9HSUFHMi5jcnQwKwYIKwYB BQUHMAGGH2h0dHA6Ly9jbGllbnRzMS5nb29nbGUuY29tL29jc3AwHQYDVR0OBBYE FAd5xKqu42Xw8Q4AusFa9u0OJirvMAwGA1UdEwEB/wQCMAAwHwYDVR0jBBgwFoAU St0GFhu89mi1dvWBtrtiGrpagS8wFwYDVR0gBBAwDjAMBgorBgEEAdZ5AgUBMDAG A1UdHwQpMCcwJaAjoCGGH2h0dHA6Ly9wa2kuZ29vZ2xlLmNvbS9HSUFHMi5jcmww DQYJKoZIhvcNAQEFBQADggEBABzroFpw20fXMQb1min8q0nVRQdT0hvgPmVSRQkk dZ0eTscsvTuSi3LKteen7P2zvi+a3LLCL0d23OnbFdZJFZ9JHYSgzXHRZWiTde8a ZhBmttbHhyenFGawGd8tPHcLvbW5siU/fbaHm0Y5dbD4Lhs622VPGWgFdCN61W82 9ie/wwpXgUpASGDv7eN1W1dFbS7O/EFqFTxyNdkNwliBtYrPt53m/J590bHgkqOn 4JuHfbqfhwiCKu2EN1rCTVteVAygNYTCC3AIKrbjZXlhpym1+fVPQbXmFUbIpLxX WCk1TIHDCtShQG/qAym1JweulHSeoE8bcxTr7Sqwa8+8Q4A=


END CERTIFICATE-----

subject=/C=US/ST=California/L=Mountain View/O=Google Inc/CN=*.google.com issuer=/C=US/O=Google Inc/CN=Google Internet Authority G2 --- No client certificate CA names sent --- SSL handshake has read 4477 bytes and written 475 bytes --- New, TLSv1/SSLv3, Cipher is ECDHE-RSA-AES128-GCM-SHA256 Server public key is 2048 bit Secure Renegotiation IS supported Compression: NONE Expansion: NONE SSL-Session:

    Protocol  : TLSv1.2
    Cipher    : ECDHE-RSA-AES128-GCM-SHA256
    Session-ID: 62B47A4AABF8EE6CD47A1B745584EC1B0E38E9621D19646EB16219DEFA440AA3
    Session-ID-ctx: 
    Master-Key: 98EC19CB3063798F08F548DD4F3D939FC6823F344B31C093541B0CBCDA1FA3676D3B34E8AF9E5602C1148FD211177475
    Key-Arg   : None
    PSK identity: None
    PSK identity hint: None
    SRP username: None
    TLS session ticket lifetime hint: 100800 (seconds)
    TLS session ticket:
    0000 - 97 85 f0 5f ed 87 4d a4-5f 22 e7 4c b6 d5 22 be   ..._..M._".L..".
    0010 - 81 b5 bd 27 9b c4 7c 75-84 e0 5e ff 4c c1 db 7f   ...'..|u..^.L...
    0020 - 61 8e 42 b8 9e ef 7a 9f-3f c0 7a 55 5d d1 20 69   a.B...z.?.zU]. i
    0030 - 81 8d 8d 30 fe bf 01 d5-08 fc 87 c3 69 5e 2a ce   ...0........i^*.
    0040 - 12 be 81 59 9b a8 aa 0a-45 0f b6 1c 55 b4 95 77   ...Y....E...U..w
    0050 - 54 4f c3 af 94 72 1d c5-b7 6b 9b b9 75 3a f5 f5   TO...r...k..u:..
    0060 - 33 f9 9a 27 39 bb a5 45-a1 32 98 cf 76 e5 2c d1   3..'9..E.2..v.,.
    0070 - c6 81 9d 84 21 45 db d0-98 01 fe 87 1b 5d e5 9c   ....!E.......]..
    0080 - 06 bb 95 ff ff f0 93 90-f7 b6 b2 2d e9 6f 56 24   ...........-.oV$
    0090 - 01 6c b7 e4 e1 e4 cf cf-a2 47 c4 6f 34 f6 b6 eb   .l.......G.o4...
    00a0 - 81 d4 a4 2b 34 ae 31 14-12 fa 52 a9 1f c5 f5 c5   ...+4.1...R.....
    00b0 - a5 76 c4 a7                                       .v..

    Start Time: 1393262327
    Timeout   : 300 (sec)
    Verify return code: 0 (ok)

--- ^C (:codeend:)


Kevin's Public Wiki maintained and created by Kevin P. Inscoe is licensed under a
Creative Commons Attribution 3.0 United States License.

Back to my web site - http://kevininscoe.com

Edit - History - Print - Recent Changes - Search
Page last modified on February 24, 2014, at 03:26 PM EST