openssl s_client command

I recently discovered the openssl commandline tool, and it seems to be a veritable swiss-army knife of useful stuff for working with ssl.  I use the -s_client subcommand all the time to verify the ssl cerificate details for a given target server as follows:

>openssl s_client -connect <host>:<port>

The output includes the raw server certificate itself (just the public key), the CA chain, and the subject name(s) as well.  There are many cases where a system might have multiple certs installed but you’re not sure which cert a given system/service is presenting.  The openssl command makes things much clearer.

It’s also nice that the s_client subcommand (and possible everything this tool does?) is completely protocol/service agnostic, so you can see the cert details for any arbitrary ssl-enabled service (https, ldaps…).  Apparently you can run a simple ssl server by specifying a cert file as well.  Cool!


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s