User Tools

Site Tools


indexes:run_a_test_client

If you have a server which accepts SSL connections and would like to verify that server, OpenSSL has a command that implements a generic SSL/TLS client which connects to a remote host. It is a useful diagnostic utility when you don't want to use a full-featured client to test the SSL connection.

When you run the client you will see the response from the server, typically the results of the SSL handshake. Here's a typical openssl command to start a test client and the resulting response from a test server:

        > openssl s_client -connect localhost:9000 -CApath /etc/grid-security/certificates
        CONNECTED(00000003)
        depth=0 /C=US/ST=Illinois/L=Urbana/O=NCSA/CN=www.ncsa.uiuc.edu/emailAddress=webmaster@ncsa.uiuc.edu
        verify error:num=18:self signed certificate
        verify return:1
        depth=0 /C=US/ST=Illinois/L=Urbana/O=NCSA/CN=www.ncsa.uiuc.edu/emailAddress=webmaster@ncsa.uiuc.edu
        verify return:1
        ---
        Certificate chain
         0 s:/C=US/ST=Illinois/L=Urbana/O=NCSA/CN=www.ncsa.uiuc.edu/emailAddress=webmaster@ncsa.uiuc.edu
           i:/C=US/ST=Illinois/L=Urbana/O=NCSA/CN=www.ncsa.uiuc.edu/emailAddress=webmaster@ncsa.uiuc.edu
        ---
        Server certificate
        -----BEGIN CERTIFICATE-----
        MIIDdTCCAt6gAwIBAgIJAI+DwwKU64gxMA0GCSqGSIb3DQEBBQUAMIGEMQswCQYD
        VQQGEwJVUzERMA8GA1UECBMISWxsaW5vaXMxDzANBgNVBAcTBlVyYmFuYTENMAsG
        A1UEChMETkNTQTEaMBgGA1UEAxMRd3d3Lm5jc2EudWl1Yy5lZHUxJjAkBgkqhkiG
        9w0BCQEWF3dlYm1hc3RlckBuY3NhLnVpdWMuZWR1MB4XDTA2MDMwNzE5MTU0NloX
        DTA3MDMwNzE5MTU0NlowgYQxCzAJBgNVBAYTAlVTMREwDwYDVQQIEwhJbGxpbm9p
        czEPMA0GA1UEBxMGVXJiYW5hMQ0wCwYDVQQKEwROQ1NBMRowGAYDVQQDExF3d3cu
        bmNzYS51aXVjLmVkdTEmMCQGCSqGSIb3DQEJARYXd2VibWFzdGVyQG5jc2EudWl1
        Yy5lZHUwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBANXMAH439JNT5EMs6+Jg
        c8wYNMjakffoRqIohYRb2jJpmaFtCBTskK/dzMcuAjc0/O74qcuSbeL1dJknNJQu
        2KoK8teJC0/wnltrt6Wt3mi11Es3REnukn94YvMjPiTcLqyCdybJzIFQIwpUs+2c
        pSCkHPrds+5XDtm6QSeb1qzjAgMBAAGjgewwgekwHQYDVR0OBBYEFJ0f4iq9saQ1
        Br+bbfj/6mO1KGpHMIG5BgNVHSMEgbEwga6AFJ0f4iq9saQ1Br+bbfj/6mO1KGpH
        oYGKpIGHMIGEMQswCQYDVQQGEwJVUzERMA8GA1UECBMISWxsaW5vaXMxDzANBgNV
        BAcTBlVyYmFuYTENMAsGA1UEChMETkNTQTEaMBgGA1UEAxMRd3d3Lm5jc2EudWl1
        Yy5lZHUxJjAkBgkqhkiG9w0BCQEWF3dlYm1hc3RlckBuY3NhLnVpdWMuZWR1ggkA
        j4PDApTriDEwDAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQUFAAOBgQCbdDKNLTJ4
        bJvybjjAqdGzWvu7rX6RExZYm0RuJGK8XSb2CuNhaY/Y7Dp3k2Nb4P9spZlYP9qR
        ZDmx2lUPhL5SEKLSbTk+Grsj4GdxknkT7+8c58mNHTCnxF3XLMk016hYRc+SFiK7
        VaoZ9xdS3g7vKvRO9a+kWD3C3j+ceKaf+g==
        -----END CERTIFICATE-----
        subject=/C=US/ST=Illinois/L=Urbana/O=NCSA/CN=www.ncsa.uiuc.edu/emailAddress=webmaster@ncsa.uiuc.edu
        issuer=/C=US/ST=Illinois/L=Urbana/O=NCSA/CN=www.ncsa.uiuc.edu/emailAddress=webmaster@ncsa.uiuc.edu
        ---
        No client certificate CA names sent
        ---
        SSL handshake has read 1325 bytes and written 276 bytes
        ---
        New, TLSv1/SSLv3, Cipher is DHE-RSA-AES256-SHA
        Server public key is 1024 bit
        Compression: NONE
        Expansion: NONE
        SSL-Session:
            Protocol  : TLSv1
            Cipher    : DHE-RSA-AES256-SHA
            Session-ID: 8B3CE529A77AE42B854B0A4A2083BF5E75DB0BE9B8E2847479441F4F70AEA8E6
            Session-ID-ctx: 
            Master-Key: BBEDB1ABC87B9E0B7D3576FFD8FC24E4E432E809D881189A7159EA5DA12211E9329C7B422078041F67D0847498AF27DB
            Key-Arg   : None
            Start Time: 1141759882
            Timeout   : 300 (sec)
            Verify return code: 18 (self signed certificate)
        ---

You can see here that the server is using a self-signed certificate. Upon successful connection, the SSL channel is typically left open. Anything you type at this point will be sent to the server. To quit the client, you can either type <CTRL>-C or the single character “Q”. There are many other options for the test client, such as using a client certificate, disabling certain SSL or TLS protocols, etc. For a full list of command line options, run man s_client.

Getting the certificate chain run:

tdd@dubex-tdd:~$ openssl s_client -showcerts -connect  www.thawte.com:443
CONNECTED(00000003)
depth=2 /C=US/O=thawte, Inc./OU=Certification Services Division/OU=(c) 2006 thawte, Inc. - For authorized use only/CN=thawte Primary Root CA
verify error:num=20:unable to get local issuer certificate
verify return:0
---
Certificate chain
 0 s:/1.3.6.1.4.1.311.60.2.1.3=US/1.3.6.1.4.1.311.60.2.1.2=Delaware/2.5.4.15=V1.0, Clause 5.(b)/O=Thawte Inc/serialNumber=3898261/C=US/ST=California/L=Mountain View/OU=Production Security Services/CN=www.thawte.com
   i:/C=US/O=thawte, Inc./OU=Terms of use at https://www.thawte.com/cps (c)06/CN=thawte Extended Validation SSL CA
-----BEGIN CERTIFICATE-----
MIIFdzCCBF+gAwIBAgIQQrr6Dr8o8Ly6JILi0YxRdTANBgkqhkiG9w0BAQUFADCB
izELMAkGA1UEBhMCVVMxFTATBgNVBAoTDHRoYXd0ZSwgSW5jLjE5MDcGA1UECxMw
VGVybXMgb2YgdXNlIGF0IGh0dHBzOi8vd3d3LnRoYXd0ZS5jb20vY3BzIChjKTA2
MSowKAYDVQQDEyF0aGF3dGUgRXh0ZW5kZWQgVmFsaWRhdGlvbiBTU0wgQ0EwHhcN
MDkxMTExMDAwMDAwWhcNMTExMTExMjM1OTU5WjCB7jETMBEGCysGAQQBgjc8AgED
EwJVUzEZMBcGCysGAQQBgjc8AgECFAhEZWxhd2FyZTEbMBkGA1UEDxMSVjEuMCwg
Q2xhdXNlIDUuKGIpMRMwEQYDVQQKFApUaGF3dGUgSW5jMRAwDgYDVQQFEwczODk4
MjYxMQswCQYDVQQGEwJVUzETMBEGA1UECBMKQ2FsaWZvcm5pYTEWMBQGA1UEBxQN
TW91bnRhaW4gVmlldzElMCMGA1UECxQcUHJvZHVjdGlvbiBTZWN1cml0eSBTZXJ2
aWNlczEXMBUGA1UEAxQOd3d3LnRoYXd0ZS5jb20wggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQC9Fs2uUqKrVEjFv0y2fTNqOd5P4k1UWCIruSDDB9PTawI9
3SDFr9aXyPJLzzqp8H6F0Mrcr7hT2YaUD8ZzYVUginoZqpiIeDv1y0Bu94KHqm3H
1u4GJ+/5mqAPWe4YYSu3A717bhpeUdH0ssA13f0CNfgvg+EjwYsxTk0zewA6HaPY
jIsYXmBOo5MaXhVmhqfLuHwitNaIReUazInjlqrRpCvx6LCSuT8aCjNmEwPy45Cd
g0/VV7tG9aanggdHd7m3sd3ni2PlRJvpsfJA4H5t8I8dYQpNZLuGvcNUdRGlniGW
b1NIelcOZH5OWESgyx5j7JvDo3q9UJEe21ZjlIOXAgMBAAGjggFwMIIBbDAlBgNV
HREEHjAcggp0aGF3dGUuY29tgg53d3cudGhhd3RlLmNvbTAMBgNVHRMBAf8EAjAA
MDkGA1UdHwQyMDAwLqAsoCqGKGh0dHA6Ly9jcmwudGhhd3RlLmNvbS9UaGF3dGVF
VkNBMjAwNi5jcmwwQgYDVR0gBDswOTA3BgtghkgBhvhFAQcwATAoMCYGCCsGAQUF
BwIBFhpodHRwczovL3d3dy50aGF3dGUuY29tL2NwczAdBgNVHSUEFjAUBggrBgEF
BQcDAQYIKwYBBQUHAwIwHwYDVR0jBBgwFoAUzTLi8l0lRwKqj3lLMu4Dmf0wSdEw
dgYIKwYBBQUHAQEEajBoMCIGCCsGAQUFBzABhhZodHRwOi8vb2NzcC50aGF3dGUu
Y29tMEIGCCsGAQUFBzAChjZodHRwOi8vd3d3LnRoYXd0ZS5jb20vcmVwb3NpdG9y
eS9UaGF3dGVfRVZfQ0FfMjAwNi5jcnQwDQYJKoZIhvcNAQEFBQADggEBALFeAOTD
BhUQbP0mTAPkmgVw3b6YFveeEkCo1wWkXI63Qg2e/Csz7lIdN4odYfCGGGDId0qw
9lXIWEJb+BzHnelM+/jlBvrsRyMb4Rv24apOsXw8IXMoVkxp+9sop4cZhvKK7ygG
gEjy0DmN48Y6hU36ikdSz1RZeXRMPODFjmyBPlBm79eimsAv/u8teh8bZEZ8wvj/
Z7WwefTa6k3wjmBwcA+ZE+zDw6c2hfGNDxuAPGSSybO94nUfX+jIl7AejnPbYxzt
GFM/txx1R/pkQCc5LyavnblUjIJevq8XScX46QRIJ/GzNKobu+E3WJ/5nhxtQBzQ
ZHQGr0/1UrHnIW0=
-----END CERTIFICATE-----
 1 s:/C=US/O=thawte, Inc./OU=Certification Services Division/OU=(c) 2006 thawte, Inc. - For authorized use only/CN=thawte Primary Root CA
   i:/C=ZA/ST=Western Cape/L=Cape Town/O=Thawte Consulting cc/OU=Certification Services Division/CN=Thawte Premium Server CA/emailAddress=premium-server@thawte.com
-----BEGIN CERTIFICATE-----
MIIFUTCCBLqgAwIBAgIQX6a+gLaGxi8B7QyrsZahBTANBgkqhkiG9w0BAQUFADCB
zjELMAkGA1UEBhMCWkExFTATBgNVBAgTDFdlc3Rlcm4gQ2FwZTESMBAGA1UEBxMJ
Q2FwZSBUb3duMR0wGwYDVQQKExRUaGF3dGUgQ29uc3VsdGluZyBjYzEoMCYGA1UE
CxMfQ2VydGlmaWNhdGlvbiBTZXJ2aWNlcyBEaXZpc2lvbjEhMB8GA1UEAxMYVGhh
d3RlIFByZW1pdW0gU2VydmVyIENBMSgwJgYJKoZIhvcNAQkBFhlwcmVtaXVtLXNl
cnZlckB0aGF3dGUuY29tMB4XDTA2MTExNzAwMDAwMFoXDTIwMTIzMDIzNTk1OVow
gakxCzAJBgNVBAYTAlVTMRUwEwYDVQQKEwx0aGF3dGUsIEluYy4xKDAmBgNVBAsT
H0NlcnRpZmljYXRpb24gU2VydmljZXMgRGl2aXNpb24xODA2BgNVBAsTLyhjKSAy
MDA2IHRoYXd0ZSwgSW5jLiAtIEZvciBhdXRob3JpemVkIHVzZSBvbmx5MR8wHQYD
VQQDExZ0aGF3dGUgUHJpbWFyeSBSb290IENBMIIBIjANBgkqhkiG9w0BAQEFAAOC
AQ8AMIIBCgKCAQEArKDw+4BZ1JzHpM+doVlzCRBFDA0sbmjxbFtIaElZN/wLMxnC
d3/MEC2VNBzm600JpxzSuMmXNgK3idQkXwbAzESUlI0CYm/rWt0RjSiaXISQEHoN
vXRmL2o4oOLVVETrHQefB7pv7un9Tgsp9T6EoAHxnKv4HH6JpOih2HFlDaNRe+68
0iJgDblbnd+6/FFbC6+Ysuku6QToYofeK8jXTsFMZB7dz4dYukpPymgHHRydSsbV
L5HMfHFyHMXAZ+sy/cmSXJTahcCbv1N9Kwn0jJ2RH5dqUsveCTakd9h7h1BE1T5u
KWn7OUkmHgmlgHtALevoJ4XJ/mH9fuZ8lx3VnQIDAQABo4IBzTCCAckwDwYDVR0T
AQH/BAUwAwEB/zA7BgNVHSAENDAyMDAGBFUdIAAwKDAmBggrBgEFBQcCARYaaHR0
cHM6Ly93d3cudGhhd3RlLmNvbS9jcHMwDgYDVR0PAQH/BAQDAgEGMB0GA1UdDgQW
BBR7W0XPr87Lev0xkhpqtvNG61dIUDBABgNVHR8EOTA3MDWgM6Axhi9odHRwOi8v
Y3JsLnRoYXd0ZS5jb20vVGhhd3RlUHJlbWl1bVNlcnZlckNBLmNybDAgBgNVHSUE
GTAXBglghkgBhvhCBAEGCmCGSAGG+EUBCAEwgeUGA1UdIwSB3TCB2qGB1KSB0TCB
zjELMAkGA1UEBhMCWkExFTATBgNVBAgTDFdlc3Rlcm4gQ2FwZTESMBAGA1UEBxMJ
Q2FwZSBUb3duMR0wGwYDVQQKExRUaGF3dGUgQ29uc3VsdGluZyBjYzEoMCYGA1UE
CxMfQ2VydGlmaWNhdGlvbiBTZXJ2aWNlcyBEaXZpc2lvbjEhMB8GA1UEAxMYVGhh
d3RlIFByZW1pdW0gU2VydmVyIENBMSgwJgYJKoZIhvcNAQkBFhlwcmVtaXVtLXNl
cnZlckB0aGF3dGUuY29tggEBMA0GCSqGSIb3DQEBBQUAA4GBACvKEsnd18xjHJsx
NUrd5Lf2ndGk+x74R/muB44NWBL72u21zDPll2hHYULVZqluHke/hdt9WNF3WsyQ
YZiaKfWdsc+43PN7gEdI0X30aIzEQcu06f3wI+Cxm3YqbShWo4zN6ewhAHHwX91Q
pWlCG4MRXYQo0yeu7CqrL2BCxcR4
-----END CERTIFICATE-----
 2 s:/C=US/O=thawte, Inc./OU=Terms of use at https://www.thawte.com/cps (c)06/CN=thawte Extended Validation SSL CA
   i:/C=US/O=thawte, Inc./OU=Certification Services Division/OU=(c) 2006 thawte, Inc. - For authorized use only/CN=thawte Primary Root CA
-----BEGIN CERTIFICATE-----
MIIFCjCCA/KgAwIBAgIQexFV63iakIW1jJL/Qrf+VjANBgkqhkiG9w0BAQUFADCB
qTELMAkGA1UEBhMCVVMxFTATBgNVBAoTDHRoYXd0ZSwgSW5jLjEoMCYGA1UECxMf
Q2VydGlmaWNhdGlvbiBTZXJ2aWNlcyBEaXZpc2lvbjE4MDYGA1UECxMvKGMpIDIw
MDYgdGhhd3RlLCBJbmMuIC0gRm9yIGF1dGhvcml6ZWQgdXNlIG9ubHkxHzAdBgNV
BAMTFnRoYXd0ZSBQcmltYXJ5IFJvb3QgQ0EwHhcNMDYxMTE3MDAwMDAwWhcNMTYx
MTE2MjM1OTU5WjCBizELMAkGA1UEBhMCVVMxFTATBgNVBAoTDHRoYXd0ZSwgSW5j
LjE5MDcGA1UECxMwVGVybXMgb2YgdXNlIGF0IGh0dHBzOi8vd3d3LnRoYXd0ZS5j
b20vY3BzIChjKTA2MSowKAYDVQQDEyF0aGF3dGUgRXh0ZW5kZWQgVmFsaWRhdGlv
biBTU0wgQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC1jUf3sEh2
m737qcu/BDGiPZp+MCnTKLj+aM7P6TBqU5UOUGWAJsmYv/IU/wZ8anvcUAfimPrf
zzBdyqi5ipstLX5Zixr3s8nDaYAPiRkId7JSVa14g51ruYfkUyQ3LPwZDot5FE2+
gJ60m3N0MfI47IqvKjaOZM4xJhQDVFOO+4QIwX5HMj1x4Lq6jIJYlk1oQ1Ya80Za
MpmVsGBv6UGKSMwWDURosYrd3Rc9pJt4fy4pBvDc1dITP8A2Bf3HtbmAG4pGdC/x
q3mel274pRNa8/y118iWGTfuBrzGJxSBBRQzOBafS+IP2zi78wHvNS7er/Hkb2/3
lgBWXo9glB0vAgMBAAGjggFIMIIBRDA7BggrBgEFBQcBAQQvMC0wKwYIKwYBBQUH
MAGGH2h0dHA6Ly9FVlNlY3VyZS1vY3NwLnRoYXd0ZS5jb20wEgYDVR0TAQH/BAgw
BgEB/wIBADA7BgNVHSAENDAyMDAGBFUdIAAwKDAmBggrBgEFBQcCARYaaHR0cHM6
Ly93d3cudGhhd3RlLmNvbS9jcHMwNAYDVR0fBC0wKzApoCegJYYjaHR0cDovL2Ny
bC50aGF3dGUuY29tL1RoYXd0ZVBDQS5jcmwwDgYDVR0PAQH/BAQDAgEGMC4GA1Ud
EQQnMCWkIzAhMR8wHQYDVQQDExZQcml2YXRlTGFiZWwzLTIwNDgtMjM0MB0GA1Ud
DgQWBBTNMuLyXSVHAqqPeUsy7gOZ/TBJ0TAfBgNVHSMEGDAWgBR7W0XPr87Lev0x
khpqtvNG61dIUDANBgkqhkiG9w0BAQUFAAOCAQEAC7SWzgMM0Z2vy+M5Vg3GIqDJ
cX3qZZUx8dy2HvKNMV1hs1SEE8wrPwJcxx8VAYKQHjElBuMyDIfww76axABB9saR
5Ww+kl2j5D0fMi0xHlDBAiG0I+MHdZpSRVH60x39AW9gbSXZv0Oxp0NsrYy7vPeZ
QevWlc8gXH5vxCraS00bW8KfsJTUv0eX/Z1JeWCOrpYZobDr6N9CxyJ0YQwlo3+P
RdJ+50puHU9Iu8LaGn5KWYH6HOP7FHNBA6F3+psG/HwzvUY9DAYXhXsqe+M26IPf
+qrLMgx5qoZ0bERU9tgHns2Y9CMFCS+iU7XbCoHMXyPLeRHFEVuFaycBifMOuw==
-----END CERTIFICATE-----
---
Server certificate
subject=/1.3.6.1.4.1.311.60.2.1.3=US/1.3.6.1.4.1.311.60.2.1.2=Delaware/2.5.4.15=V1.0, Clause 5.(b)/O=Thawte Inc/serialNumber=3898261/C=US/ST=California/L=Mountain View/OU=Production Security Services/CN=www.thawte.com
issuer=/C=US/O=thawte, Inc./OU=Terms of use at https://www.thawte.com/cps (c)06/CN=thawte Extended Validation SSL CA
---
No client certificate CA names sent
---
SSL handshake has read 4767 bytes and written 319 bytes
---
New, TLSv1/SSLv3, Cipher is DHE-RSA-AES256-SHA
Server public key is 2048 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
SSL-Session:
    Protocol  : TLSv1
    Cipher    : DHE-RSA-AES256-SHA
    Session-ID: 6274CB4BED481258C9380422F7DEF7BBA84A450C09FFC5B07DA46054B7E932B7
    Session-ID-ctx: 
    Master-Key: 6EA318E95767665AA3D479F2EFD9ADC81E3D9A8D4757885C4E7E3A4133BABDBED74CF4D633B4F962CF86D7A35D63A442
    Key-Arg   : None
    Start Time: 1284117752
    Timeout   : 300 (sec)
    Verify return code: 20 (unable to get local issuer certificate)
---
indexes/run_a_test_client.txt · Last modified: d/m/Y H:i by domingo