User Tools

Site Tools


howtos:run_a_test_client

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Next revision
Previous revision
howtos:run_a_test_client [d/m/Y H:i]
127.0.0.1 external edit
howtos:run_a_test_client [d/m/Y H:i] (current)
Line 1: Line 1:
-If you have a server which accepts SSL connections and would like to verify that server, OpenSSL has command that implements a generic ​SSL/​TLS ​client which connects to a remote host. It is a useful diagnostic utility when you don't want to use a full-featured client to test the SSL connection.+Here are some simple commands ​you can use to test a SSL/​TLS ​enabled site or service.
  
-When you run the client you will see the response from the server, typically the results of the SSL handshake. Here's a typical openssl command to start a test client and the resulting response from a test server:+=== Simple Connect ===
  
-          ​> openssl s_client -connect ​localhost:​9000 -CApath /​etc/​grid-security/​certificates +<code> 
-          CONNECTED(00000003) +openssl s_client -connect ​dr.dk:443 
-          depth=0 /​C=US/​ST=Illinois/​L=Urbana/​O=NCSA/​CN=www.ncsa.uiuc.edu/​emailAddress=webmaster@ncsa.uiuc.edu +</code>
-          verify error:num=18:self signed certificate +
-          ​verify return:1 +
-          depth=0 ​/C=US/​ST=Illinois/​L=Urbana/​O=NCSA/​CN=www.ncsa.uiuc.edu/​emailAddress=webmaster@ncsa.uiuc.edu +
-          verify return:1 +
-          --- +
-          Certificate chain +
-           0 s:/​C=US/​ST=Illinois/​L=Urbana/​O=NCSA/​CN=www.ncsa.uiuc.edu/​emailAddress=webmaster@ncsa.uiuc.edu +
-             ​i:/​C=US/​ST=Illinois/​L=Urbana/​O=NCSA/​CN=www.ncsa.uiuc.edu/​emailAddress=webmaster@ncsa.uiuc.edu +
-          --- +
-          Server certificate +
-          -----BEGIN CERTIFICATE----- +
-          MIIDdTCCAt6gAwIBAgIJAI+DwwKU64gxMA0GCSqGSIb3DQEBBQUAMIGEMQswCQYD +
-          VQQGEwJVUzERMA8GA1UECBMISWxsaW5vaXMxDzANBgNVBAcTBlVyYmFuYTENMAsG +
-          A1UEChMETkNTQTEaMBgGA1UEAxMRd3d3Lm5jc2EudWl1Yy5lZHUxJjAkBgkqhkiG +
-          9w0BCQEWF3dlYm1hc3RlckBuY3NhLnVpdWMuZWR1MB4XDTA2MDMwNzE5MTU0NloX +
-          DTA3MDMwNzE5MTU0NlowgYQxCzAJBgNVBAYTAlVTMREwDwYDVQQIEwhJbGxpbm9p +
-          czEPMA0GA1UEBxMGVXJiYW5hMQ0wCwYDVQQKEwROQ1NBMRowGAYDVQQDExF3d3cu +
-          bmNzYS51aXVjLmVkdTEmMCQGCSqGSIb3DQEJARYXd2VibWFzdGVyQG5jc2EudWl1 +
-          Yy5lZHUwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBANXMAH439JNT5EMs6+Jg +
-          c8wYNMjakffoRqIohYRb2jJpmaFtCBTskK/​dzMcuAjc0/​O74qcuSbeL1dJknNJQu +
-          2KoK8teJC0/​wnltrt6Wt3mi11Es3REnukn94YvMjPiTcLqyCdybJzIFQIwpUs+2c +
-          pSCkHPrds+5XDtm6QSeb1qzjAgMBAAGjgewwgekwHQYDVR0OBBYEFJ0f4iq9saQ1 +
-          Br+bbfj/​6mO1KGpHMIG5BgNVHSMEgbEwga6AFJ0f4iq9saQ1Br+bbfj/​6mO1KGpH +
-          oYGKpIGHMIGEMQswCQYDVQQGEwJVUzERMA8GA1UECBMISWxsaW5vaXMxDzANBgNV +
-          BAcTBlVyYmFuYTENMAsGA1UEChMETkNTQTEaMBgGA1UEAxMRd3d3Lm5jc2EudWl1 +
-          Yy5lZHUxJjAkBgkqhkiG9w0BCQEWF3dlYm1hc3RlckBuY3NhLnVpdWMuZWR1ggkA +
-          j4PDApTriDEwDAYDVR0TBAUwAwEB/​zANBgkqhkiG9w0BAQUFAAOBgQCbdDKNLTJ4 +
-          bJvybjjAqdGzWvu7rX6RExZYm0RuJGK8XSb2CuNhaY/​Y7Dp3k2Nb4P9spZlYP9qR +
-          ZDmx2lUPhL5SEKLSbTk+Grsj4GdxknkT7+8c58mNHTCnxF3XLMk016hYRc+SFiK7 +
-          VaoZ9xdS3g7vKvRO9a+kWD3C3j+ceKaf+g== +
-          -----END CERTIFICATE----- +
-          subject=/​C=US/​ST=Illinois/​L=Urbana/​O=NCSA/​CN=www.ncsa.uiuc.edu/​emailAddress=webmaster@ncsa.uiuc.edu +
-          issuer=/​C=US/​ST=Illinois/​L=Urbana/​O=NCSA/​CN=www.ncsa.uiuc.edu/​emailAddress=webmaster@ncsa.uiuc.edu +
-          --- +
-          No client certificate CA names sent +
-          --- +
-          SSL handshake has read 1325 bytes and written 276 bytes +
-          --- +
-          New, TLSv1/​SSLv3,​ Cipher is DHE-RSA-AES256-SHA +
-          Server public key is 1024 bit +
-          Compression:​ NONE +
-          Expansion: NONE +
-          SSL-Session:​ +
-              Protocol ​ : TLSv1 +
-              Cipher ​   : DHE-RSA-AES256-SHA +
-              Session-ID: 8B3CE529A77AE42B854B0A4A2083BF5E75DB0BE9B8E2847479441F4F70AEA8E6 +
-              Session-ID-ctx:​  +
-              Master-Key: BBEDB1ABC87B9E0B7D3576FFD8FC24E4E432E809D881189A7159EA5DA12211E9329C7B422078041F67D0847498AF27DB +
-              Key-Arg ​  : None +
-              Start Time: 1141759882 +
-              Timeout ​  : 300 (sec) +
-              Verify return ​code: 18 (self signed certificate) +
-          ---+
  
-You can see here that the server is using a self-signed certificate. Upon successful connection, the SSL channel is typically left open. Anything you type at this point will be sent to the server. To quit the client, you can either type <​CTRL>​-C or the single character "​Q"​. There are many other options for the test client, such as using a client certificate,​ disabling certain SSL or TLS protocols, etc. For a full list of command line options, run man s_client.+=== Test with CA Validation ===
  
 +<​code>​
 +openssl s_client -connect localhost:​9000 -CApath /​etc/​grid-security/​certificates
 +</​code>​
  
-Getting the certificate chain run:+=== Test a SMTP server ===
  
 <​code>​ <​code>​
-tdd@dubex-tdd:​~$ ​openssl s_client ​-showcerts ​-connect ​ www.thawte.com:443 +openssl s_client -connect ​mail.example.com:25 -starttls smtp 
-CONNECTED(00000003) +</code>
-depth=2 /​C=US/​O=thawte,​ Inc./​OU=Certification Services Division/​OU=(c) 2006 thawte, Inc. For authorized use only/​CN=thawte Primary Root CA +
-verify error:​num=20:​unable to get local issuer certificate +
-verify return:0 +
---- +
-Certificate chain +
- 0 s:/1.3.6.1.4.1.311.60.2.1.3=US/​1.3.6.1.4.1.311.60.2.1.2=Delaware/​2.5.4.15=V1.0,​ Clause 5.(b)/​O=Thawte Inc/​serialNumber=3898261/​C=US/​ST=California/​L=Mountain View/​OU=Production Security Services/​CN=www.thawte.com +
-   ​i:/​C=US/​O=thawte,​ Inc./​OU=Terms of use at https://​www.thawte.com/​cps (c)06/​CN=thawte Extended Validation SSL CA +
------BEGIN CERTIFICATE----- +
-MIIFdzCCBF+gAwIBAgIQQrr6Dr8o8Ly6JILi0YxRdTANBgkqhkiG9w0BAQUFADCB +
-izELMAkGA1UEBhMCVVMxFTATBgNVBAoTDHRoYXd0ZSwgSW5jLjE5MDcGA1UECxMw +
-VGVybXMgb2YgdXNlIGF0IGh0dHBzOi8vd3d3LnRoYXd0ZS5jb20vY3BzIChjKTA2 +
-MSowKAYDVQQDEyF0aGF3dGUgRXh0ZW5kZWQgVmFsaWRhdGlvbiBTU0wgQ0EwHhcN +
-MDkxMTExMDAwMDAwWhcNMTExMTExMjM1OTU5WjCB7jETMBEGCysGAQQBgjc8AgED +
-EwJVUzEZMBcGCysGAQQBgjc8AgECFAhEZWxhd2FyZTEbMBkGA1UEDxMSVjEuMCwg +
-Q2xhdXNlIDUuKGIpMRMwEQYDVQQKFApUaGF3dGUgSW5jMRAwDgYDVQQFEwczODk4 +
-MjYxMQswCQYDVQQGEwJVUzETMBEGA1UECBMKQ2FsaWZvcm5pYTEWMBQGA1UEBxQN +
-TW91bnRhaW4gVmlldzElMCMGA1UECxQcUHJvZHVjdGlvbiBTZWN1cml0eSBTZXJ2 +
-aWNlczEXMBUGA1UEAxQOd3d3LnRoYXd0ZS5jb20wggEiMA0GCSqGSIb3DQEBAQUA +
-A4IBDwAwggEKAoIBAQC9Fs2uUqKrVEjFv0y2fTNqOd5P4k1UWCIruSDDB9PTawI9 +
-3SDFr9aXyPJLzzqp8H6F0Mrcr7hT2YaUD8ZzYVUginoZqpiIeDv1y0Bu94KHqm3H +
-1u4GJ+/​5mqAPWe4YYSu3A717bhpeUdH0ssA13f0CNfgvg+EjwYsxTk0zewA6HaPY +
-jIsYXmBOo5MaXhVmhqfLuHwitNaIReUazInjlqrRpCvx6LCSuT8aCjNmEwPy45Cd +
-g0/​VV7tG9aanggdHd7m3sd3ni2PlRJvpsfJA4H5t8I8dYQpNZLuGvcNUdRGlniGW +
-b1NIelcOZH5OWESgyx5j7JvDo3q9UJEe21ZjlIOXAgMBAAGjggFwMIIBbDAlBgNV +
-HREEHjAcggp0aGF3dGUuY29tgg53d3cudGhhd3RlLmNvbTAMBgNVHRMBAf8EAjAA +
-MDkGA1UdHwQyMDAwLqAsoCqGKGh0dHA6Ly9jcmwudGhhd3RlLmNvbS9UaGF3dGVF +
-VkNBMjAwNi5jcmwwQgYDVR0gBDswOTA3BgtghkgBhvhFAQcwATAoMCYGCCsGAQUF +
-BwIBFhpodHRwczovL3d3dy50aGF3dGUuY29tL2NwczAdBgNVHSUEFjAUBggrBgEF +
-BQcDAQYIKwYBBQUHAwIwHwYDVR0jBBgwFoAUzTLi8l0lRwKqj3lLMu4Dmf0wSdEw +
-dgYIKwYBBQUHAQEEajBoMCIGCCsGAQUFBzABhhZodHRwOi8vb2NzcC50aGF3dGUu +
-Y29tMEIGCCsGAQUFBzAChjZodHRwOi8vd3d3LnRoYXd0ZS5jb20vcmVwb3NpdG9y +
-eS9UaGF3dGVfRVZfQ0FfMjAwNi5jcnQwDQYJKoZIhvcNAQEFBQADggEBALFeAOTD +
-BhUQbP0mTAPkmgVw3b6YFveeEkCo1wWkXI63Qg2e/​Csz7lIdN4odYfCGGGDId0qw +
-9lXIWEJb+BzHnelM+/​jlBvrsRyMb4Rv24apOsXw8IXMoVkxp+9sop4cZhvKK7ygG +
-gEjy0DmN48Y6hU36ikdSz1RZeXRMPODFjmyBPlBm79eimsAv/​u8teh8bZEZ8wvj/​ +
-Z7WwefTa6k3wjmBwcA+ZE+zDw6c2hfGNDxuAPGSSybO94nUfX+jIl7AejnPbYxzt +
-GFM/​txx1R/​pkQCc5LyavnblUjIJevq8XScX46QRIJ/​GzNKobu+E3WJ/​5nhxtQBzQ +
-ZHQGr0/​1UrHnIW0= +
------END CERTIFICATE----- +
- 1 s:/​C=US/​O=thawte,​ Inc./​OU=Certification Services Division/​OU=(c) 2006 thawte, Inc. - For authorized use only/​CN=thawte Primary Root CA +
-   ​i:/​C=ZA/​ST=Western Cape/L=Cape Town/​O=Thawte Consulting cc/​OU=Certification Services Division/​CN=Thawte Premium Server CA/​emailAddress=premium-server@thawte.com +
------BEGIN CERTIFICATE----- +
-MIIFUTCCBLqgAwIBAgIQX6a+gLaGxi8B7QyrsZahBTANBgkqhkiG9w0BAQUFADCB +
-zjELMAkGA1UEBhMCWkExFTATBgNVBAgTDFdlc3Rlcm4gQ2FwZTESMBAGA1UEBxMJ +
-Q2FwZSBUb3duMR0wGwYDVQQKExRUaGF3dGUgQ29uc3VsdGluZyBjYzEoMCYGA1UE +
-CxMfQ2VydGlmaWNhdGlvbiBTZXJ2aWNlcyBEaXZpc2lvbjEhMB8GA1UEAxMYVGhh +
-d3RlIFByZW1pdW0gU2VydmVyIENBMSgwJgYJKoZIhvcNAQkBFhlwcmVtaXVtLXNl +
-cnZlckB0aGF3dGUuY29tMB4XDTA2MTExNzAwMDAwMFoXDTIwMTIzMDIzNTk1OVow +
-gakxCzAJBgNVBAYTAlVTMRUwEwYDVQQKEwx0aGF3dGUsIEluYy4xKDAmBgNVBAsT +
-H0NlcnRpZmljYXRpb24gU2VydmljZXMgRGl2aXNpb24xODA2BgNVBAsTLyhjKSAy +
-MDA2IHRoYXd0ZSwgSW5jLiAtIEZvciBhdXRob3JpemVkIHVzZSBvbmx5MR8wHQYD +
-VQQDExZ0aGF3dGUgUHJpbWFyeSBSb290IENBMIIBIjANBgkqhkiG9w0BAQEFAAOC +
-AQ8AMIIBCgKCAQEArKDw+4BZ1JzHpM+doVlzCRBFDA0sbmjxbFtIaElZN/​wLMxnC +
-d3/​MEC2VNBzm600JpxzSuMmXNgK3idQkXwbAzESUlI0CYm/​rWt0RjSiaXISQEHoN +
-vXRmL2o4oOLVVETrHQefB7pv7un9Tgsp9T6EoAHxnKv4HH6JpOih2HFlDaNRe+68 +
-0iJgDblbnd+6/​FFbC6+Ysuku6QToYofeK8jXTsFMZB7dz4dYukpPymgHHRydSsbV +
-L5HMfHFyHMXAZ+sy/​cmSXJTahcCbv1N9Kwn0jJ2RH5dqUsveCTakd9h7h1BE1T5u +
-KWn7OUkmHgmlgHtALevoJ4XJ/​mH9fuZ8lx3VnQIDAQABo4IBzTCCAckwDwYDVR0T +
-AQH/​BAUwAwEB/​zA7BgNVHSAENDAyMDAGBFUdIAAwKDAmBggrBgEFBQcCARYaaHR0 +
-cHM6Ly93d3cudGhhd3RlLmNvbS9jcHMwDgYDVR0PAQH/​BAQDAgEGMB0GA1UdDgQW +
-BBR7W0XPr87Lev0xkhpqtvNG61dIUDBABgNVHR8EOTA3MDWgM6Axhi9odHRwOi8v +
-Y3JsLnRoYXd0ZS5jb20vVGhhd3RlUHJlbWl1bVNlcnZlckNBLmNybDAgBgNVHSUE +
-GTAXBglghkgBhvhCBAEGCmCGSAGG+EUBCAEwgeUGA1UdIwSB3TCB2qGB1KSB0TCB +
-zjELMAkGA1UEBhMCWkExFTATBgNVBAgTDFdlc3Rlcm4gQ2FwZTESMBAGA1UEBxMJ +
-Q2FwZSBUb3duMR0wGwYDVQQKExRUaGF3dGUgQ29uc3VsdGluZyBjYzEoMCYGA1UE +
-CxMfQ2VydGlmaWNhdGlvbiBTZXJ2aWNlcyBEaXZpc2lvbjEhMB8GA1UEAxMYVGhh +
-d3RlIFByZW1pdW0gU2VydmVyIENBMSgwJgYJKoZIhvcNAQkBFhlwcmVtaXVtLXNl +
-cnZlckB0aGF3dGUuY29tggEBMA0GCSqGSIb3DQEBBQUAA4GBACvKEsnd18xjHJsx +
-NUrd5Lf2ndGk+x74R/​muB44NWBL72u21zDPll2hHYULVZqluHke/​hdt9WNF3WsyQ +
-YZiaKfWdsc+43PN7gEdI0X30aIzEQcu06f3wI+Cxm3YqbShWo4zN6ewhAHHwX91Q +
-pWlCG4MRXYQo0yeu7CqrL2BCxcR4 +
------END CERTIFICATE----- +
- 2 s:/​C=US/​O=thawte,​ Inc./​OU=Terms of use at https://​www.thawte.com/​cps (c)06/​CN=thawte Extended Validation SSL CA +
-   ​i:/​C=US/​O=thawte,​ Inc./​OU=Certification Services Division/​OU=(c) 2006 thawte, Inc. - For authorized use only/​CN=thawte Primary Root CA +
------BEGIN CERTIFICATE----- +
-MIIFCjCCA/​KgAwIBAgIQexFV63iakIW1jJL/​Qrf+VjANBgkqhkiG9w0BAQUFADCB +
-qTELMAkGA1UEBhMCVVMxFTATBgNVBAoTDHRoYXd0ZSwgSW5jLjEoMCYGA1UECxMf +
-Q2VydGlmaWNhdGlvbiBTZXJ2aWNlcyBEaXZpc2lvbjE4MDYGA1UECxMvKGMpIDIw +
-MDYgdGhhd3RlLCBJbmMuIC0gRm9yIGF1dGhvcml6ZWQgdXNlIG9ubHkxHzAdBgNV +
-BAMTFnRoYXd0ZSBQcmltYXJ5IFJvb3QgQ0EwHhcNMDYxMTE3MDAwMDAwWhcNMTYx +
-MTE2MjM1OTU5WjCBizELMAkGA1UEBhMCVVMxFTATBgNVBAoTDHRoYXd0ZSwgSW5j +
-LjE5MDcGA1UECxMwVGVybXMgb2YgdXNlIGF0IGh0dHBzOi8vd3d3LnRoYXd0ZS5j +
-b20vY3BzIChjKTA2MSowKAYDVQQDEyF0aGF3dGUgRXh0ZW5kZWQgVmFsaWRhdGlv +
-biBTU0wgQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC1jUf3sEh2 +
-m737qcu/​BDGiPZp+MCnTKLj+aM7P6TBqU5UOUGWAJsmYv/​IU/​wZ8anvcUAfimPrf +
-zzBdyqi5ipstLX5Zixr3s8nDaYAPiRkId7JSVa14g51ruYfkUyQ3LPwZDot5FE2+ +
-gJ60m3N0MfI47IqvKjaOZM4xJhQDVFOO+4QIwX5HMj1x4Lq6jIJYlk1oQ1Ya80Za +
-MpmVsGBv6UGKSMwWDURosYrd3Rc9pJt4fy4pBvDc1dITP8A2Bf3HtbmAG4pGdC/​x +
-q3mel274pRNa8/​y118iWGTfuBrzGJxSBBRQzOBafS+IP2zi78wHvNS7er/​Hkb2/​3 +
-lgBWXo9glB0vAgMBAAGjggFIMIIBRDA7BggrBgEFBQcBAQQvMC0wKwYIKwYBBQUH +
-MAGGH2h0dHA6Ly9FVlNlY3VyZS1vY3NwLnRoYXd0ZS5jb20wEgYDVR0TAQH/​BAgw +
-BgEB/​wIBADA7BgNVHSAENDAyMDAGBFUdIAAwKDAmBggrBgEFBQcCARYaaHR0cHM6 +
-Ly93d3cudGhhd3RlLmNvbS9jcHMwNAYDVR0fBC0wKzApoCegJYYjaHR0cDovL2Ny +
-bC50aGF3dGUuY29tL1RoYXd0ZVBDQS5jcmwwDgYDVR0PAQH/​BAQDAgEGMC4GA1Ud +
-EQQnMCWkIzAhMR8wHQYDVQQDExZQcml2YXRlTGFiZWwzLTIwNDgtMjM0MB0GA1Ud +
-DgQWBBTNMuLyXSVHAqqPeUsy7gOZ/​TBJ0TAfBgNVHSMEGDAWgBR7W0XPr87Lev0x +
-khpqtvNG61dIUDANBgkqhkiG9w0BAQUFAAOCAQEAC7SWzgMM0Z2vy+M5Vg3GIqDJ +
-cX3qZZUx8dy2HvKNMV1hs1SEE8wrPwJcxx8VAYKQHjElBuMyDIfww76axABB9saR +
-5Ww+kl2j5D0fMi0xHlDBAiG0I+MHdZpSRVH60x39AW9gbSXZv0Oxp0NsrYy7vPeZ +
-QevWlc8gXH5vxCraS00bW8KfsJTUv0eX/​Z1JeWCOrpYZobDr6N9CxyJ0YQwlo3+P +
-RdJ+50puHU9Iu8LaGn5KWYH6HOP7FHNBA6F3+psG/​HwzvUY9DAYXhXsqe+M26IPf +
-+qrLMgx5qoZ0bERU9tgHns2Y9CMFCS+iU7XbCoHMXyPLeRHFEVuFaycBifMOuw== +
------END CERTIFICATE----- +
---- +
-Server certificate +
-subject=/​1.3.6.1.4.1.311.60.2.1.3=US/​1.3.6.1.4.1.311.60.2.1.2=Delaware/​2.5.4.15=V1.0,​ Clause 5.(b)/​O=Thawte Inc/​serialNumber=3898261/​C=US/​ST=California/​L=Mountain View/​OU=Production Security Services/​CN=www.thawte.com +
-issuer=/​C=US/​O=thawte,​ Inc./​OU=Terms of use at https://​www.thawte.com/​cps (c)06/​CN=thawte Extended Validation SSL CA +
---- +
-No client certificate CA names sent +
---- +
-SSL handshake has read 4767 bytes and written 319 bytes +
---- +
-New, TLSv1/​SSLv3,​ Cipher is DHE-RSA-AES256-SHA +
-Server public key is 2048 bit +
-Secure Renegotiation IS supported +
-Compression:​ NONE +
-Expansion: NONE +
-SSL-Session:​ +
-    Protocol ​ : TLSv1 +
-    Cipher ​   : DHE-RSA-AES256-SHA +
-    Session-ID: 6274CB4BED481258C9380422F7DEF7BBA84A450C09FFC5B07DA46054B7E932B7 +
-    Session-ID-ctx:​  +
-    Master-Key: 6EA318E95767665AA3D479F2EFD9ADC81E3D9A8D4757885C4E7E3A4133BABDBED74CF4D633B4F962CF86D7A35D63A442 +
-    Key-Arg ​  : None +
-    Start Time: 1284117752 +
-    Timeout ​  : 300 (sec) +
-    Verify return ​code: 20 (unable to get local issuer certificate) +
----+
  
 +=== Test with Displayed Certificates ====
 +
 +<​code>​
 +openssl s_client -showcerts -connect ​ www.thawte.com:​443
 </​code>​ </​code>​
  
  
howtos/run_a_test_client.1503675960.txt.gz · Last modified: d/m/Y H:i (external edit)