Patrick-Dussault

How to check details of a Server Certificate ?

Blog Post created by Patrick-Dussault Employee on Mar 2, 2016

You'll get all information about a Server Certificate running this command :

 

# openssl s_client -connect ip_of_LDAP:port -crlf -no_ssl2

 

CONNECTED(00000003)

depth=2 CN = NITJU01-VM48583-CA

verify error:num=19:self signed certificate in certificate chain

---

Certificate chain

0 s:/DC=com/DC=ca/DC=nitju01-u137073/CN=pstore

   i:/CN=lab-NITJU01-VM91700-CA

1 s:/CN=lab-NITJU01-VM91700-CA

   i:/CN=NITJU01-VM48583-CA

2 s:/CN=NITJU01-VM48583-CA

   i:/CN=NITJU01-VM48583-CA

---

Server certificate

-----BEGIN CERTIFICATE-----

MIIDpzCCAo+gAwIBAgIKYWgl3QAAAAAABDANBgkqhkiG9w0BAQUFADAhMR8wHQYD

VQQDExZsYWItTklUSlUwMS1WTTkxNzAwLUNBMB4XDTE2MDIyNjE1MTMzMFoXDTE3

MDIyNjEzMTI1MFowWzETMBEGCgmSJomT8ixkARkWA2NvbTESMBAGCgmSJomT8ixk

ARkWAmNhMR8wHQYKCZImiZPyLGQBGRYPbml0anUwMS11MTM3MDczMQ8wDQYDVQQD

EwZwc3RvcmUwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAN3eJPOwrr9xK66K

L3Oe1Dcb/rUKgT4aEBDM9whZ/g9FWSztujkmdSKSt/9DZ1r48Aqp61TnbXu0Kv9T

QS9f16XbEw/yIVspAMLdsGPeENka3PWBTH1VCZTvpIjRFRDHl0gLd5jMPIk9Cq5a

ab1FyrFYjfcvImT38vX+fDEkc0zHAgMBAAGjggEpMIIBJTAdBgNVHQ4EFgQUEZa4

+RANhU8eRAWkzFAxjOQ20zswHwYDVR0jBBgwFoAUnl5h19uKtjljv5wfOtoDB19c

0YIwVwYDVR0fBFAwTjBMoEqgSIZGZmlsZTovL25pdGp1MDEtVk05MTcwMC5sYWIu

bG9jYWwvQ2VydEVucm9sbC9sYWItTklUSlUwMS1WTTkxNzAwLUNBLmNybDB8Bggr

BgEFBQcBAQRwMG4wbAYIKwYBBQUHMAKGYGZpbGU6Ly9uaXRqdTAxLVZNOTE3MDAu

bGFiLmxvY2FsL0NlcnRFbnJvbGwvbml0anUwMS1WTTkxNzAwLmxhYi5sb2NhbF9s

YWItTklUSlUwMS1WTTkxNzAwLUNBLmNydDAMBgNVHRMBAf8EAjAAMA0GCSqGSIb3

DQEBBQUAA4IBAQBELthP/sqPOfCMFcEMRdkKCcXqXDblni/1XvI52gqIzZkVySJ1

o0hfrhjSwCjHztdD7maozHqMHw+pOlFjx4CnsRX7ezOJ8EF3vWR6pNIC1pfKkKC6

QELhYYrOhYmFL2xRxFUPU8ePwZzUiQ2muYMhvQfVfAbxpX2Q5fOCvXuj9q23YYV1

v2xnfHofNcZm5MDCrDF9IlZB3Nx9Ny67IP6VbVRMzUicwN59iWOHHgr1RQ0nXcpc

w3GHuTb7K7gm50Pjs26LDSGMOKdgJPwcTStBf3P9Zho0usUrlHr4tSiDvut5VAG4

4KOMutti+sc/5cTyLna+1MXCumcqOWfsPDbg

-----END CERTIFICATE-----

subject=/DC=com/DC=ca/DC=nitju01-u137073/CN=pstore

issuer=/CN=lab-NITJU01-VM91700-CA

---

No client certificate CA names sent

Client Certificate Types: RSA fixed DH, DSS fixed DH, RSA sign, DSA sign

Server Temp Key: DH, 1024 bits

---

SSL handshake has read 3700 bytes and written 414 bytes

---

New, TLSv1/SSLv3, Cipher is DHE-RSA-AES256-SHA

Server public key is 1024 bit

Secure Renegotiation IS supported

Compression: NONE

Expansion: NONE

No ALPN negotiated

SSL-Session:

    Protocol  : TLSv1

    Cipher    : DHE-RSA-AES256-SHA

    Session-ID: 8B533298A81A78E203A9584B93D1FC6AA2048D97521B43A1119A46181208196B

    Session-ID-ctx:

    Master-Key: 4A43728FF50E22F297E2C4947900DCA655075091EB61460044444BB8EAFFC792F199912E9A664AC663E3004FCF566A17

    Key-Arg   : None

    Krb5 Principal: None

    PSK identity: None

    PSK identity hint: None

    SRP username: None

    TLS session ticket:

    0000 - b6 60 27 07 cf c7 91 04-fe 53 3a e1 88 8d 7e ff   .`'......S:...~.

    0010 - 35 39 f6 4e 29 65 10 ca-e5 fa 8e d3 b0 22 2c bf   59.N)e.......",.

    0020 - b6 6a f5 df 66 d1 17 f6-4a 53 a6 41 bc d5 1e dc   .j..f...JS.A....

    0030 - 31 8c 4c 02 f0 6b dc c9-88 b3 1e 9c 60 87 17 c6   1.L..k......`...

    0040 - 4d 9b 25 ea 96 cb 00 1b-e3 de dd 8e 83 c1 f2 c7   M.%.............

    0050 - 0d 56 d4 a2 bd b8 b1 2a-71 a6 23 3b 01 b9 d4 79   .V.....*q.#;...y

    0060 - 45 53 c0 ef 76 fd 68 01-88 a2 da d1 18 f5 17 43   ES..v.h........C

    0070 - ed b3 b4 da 2c 2f bd 96-81 ab e7 ba 0a f9 d4 8e   ....,/..........

    0080 - 3c 06 81 bf a2 96 a7 c1-1e d9 6b bd c6 9a 4b d8   <.........k...K.

    0090 - 75 13 4f 30 20 35 17 eb-9c 28 35 a6 00 a2 84 f6   u.O0 5...(5.....

 

    Start Time: 1456921675

    Timeout   : 300 (sec)

    Verify return code: 19 (self signed certificate in certificate chain)

---

                 

read:errno=0

 

and if you want all the certificates from the certificate chain and other

details :

 

# openssl s_client -connect ip_of_LDAP:port -showcerts

 

CONNECTED(00000003)

depth=2 CN = NITJU01-VM48583-CA

verify error:num=19:self signed certificate in certificate chain

---

Certificate chain

0 s:/DC=com/DC=ca/DC=nitju01-u137073/CN=pstore

   i:/CN=lab-NITJU01-VM91700-CA

-----BEGIN CERTIFICATE-----

MIIDpzCCAo+gAwIBAgIKYWgl3QAAAAAABDANBgkqhkiG9w0BAQUFADAhMR8wHQYD

VQQDExZsYWItTklUSlUwMS1WTTkxNzAwLUNBMB4XDTE2MDIyNjE1MTMzMFoXDTE3

MDIyNjEzMTI1MFowWzETMBEGCgmSJomT8ixkARkWA2NvbTESMBAGCgmSJomT8ixk

ARkWAmNhMR8wHQYKCZImiZPyLGQBGRYPbml0anUwMS11MTM3MDczMQ8wDQYDVQQD

EwZwc3RvcmUwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAN3eJPOwrr9xK66K

L3Oe1Dcb/rUKgT4aEBDM9whZ/g9FWSztujkmdSKSt/9DZ1r48Aqp61TnbXu0Kv9T

QS9f16XbEw/yIVspAMLdsGPeENka3PWBTH1VCZTvpIjRFRDHl0gLd5jMPIk9Cq5a

ab1FyrFYjfcvImT38vX+fDEkc0zHAgMBAAGjggEpMIIBJTAdBgNVHQ4EFgQUEZa4

+RANhU8eRAWkzFAxjOQ20zswHwYDVR0jBBgwFoAUnl5h19uKtjljv5wfOtoDB19c

0YIwVwYDVR0fBFAwTjBMoEqgSIZGZmlsZTovL25pdGp1MDEtVk05MTcwMC5sYWIu

bG9jYWwvQ2VydEVucm9sbC9sYWItTklUSlUwMS1WTTkxNzAwLUNBLmNybDB8Bggr

BgEFBQcBAQRwMG4wbAYIKwYBBQUHMAKGYGZpbGU6Ly9uaXRqdTAxLVZNOTE3MDAu

bGFiLmxvY2FsL0NlcnRFbnJvbGwvbml0anUwMS1WTTkxNzAwLmxhYi5sb2NhbF9s

YWItTklUSlUwMS1WTTkxNzAwLUNBLmNydDAMBgNVHRMBAf8EAjAAMA0GCSqGSIb3

DQEBBQUAA4IBAQBELthP/sqPOfCMFcEMRdkKCcXqXDblni/1XvI52gqIzZkVySJ1

o0hfrhjSwCjHztdD7maozHqMHw+pOlFjx4CnsRX7ezOJ8EF3vWR6pNIC1pfKkKC6

QELhYYrOhYmFL2xRxFUPU8ePwZzUiQ2muYMhvQfVfAbxpX2Q5fOCvXuj9q23YYV1

v2xnfHofNcZm5MDCrDF9IlZB3Nx9Ny67IP6VbVRMzUicwN59iWOHHgr1RQ0nXcpc

w3GHuTb7K7gm50Pjs26LDSGMOKdgJPwcTStBf3P9Zho0usUrlHr4tSiDvut5VAG4

4KOMutti+sc/5cTyLna+1MXCumcqOWfsPDbg

-----END CERTIFICATE-----

1 s:/CN=lab-NITJU01-VM91700-CA

   i:/CN=NITJU01-VM48583-CA

-----BEGIN CERTIFICATE-----

MIIEpjCCA46gAwIBAgIKSoUitAABAAAAJjANBgkqhkiG9w0BAQUFADAdMRswGQYD

VQQDExJOSVRKVTAxLVZNNDg1ODMtQ0EwHhcNMTYwMjI2MTMwMjUwWhcNMTcwMjI2

MTMxMjUwWjAhMR8wHQYDVQQDExZsYWItTklUSlUwMS1WTTkxNzAwLUNBMIIBIjAN

BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApHU85yPENYNVCEyKWV2IppAfZ7GN

x4tal4W5zxjgiOcw/da28mAcn/qjKTQuPMSipm2yJ6F+qSP2tR+IUT6pvGCPAlvu

MGCsmtzrf6Jsjb3JfkEeXHZ0qJOFapVeyfhlyw3i4DqquA28JxQU691AHzwVzj1n

njlT9mXm3d/EPlkXTD0KtI+9GCdby6no6DJ9rRVx5KjKoZpv4PZlpKvHUnC0fm8h

aK0Ea7EuHxo2ErP6UtohiO8AL2IG6S4N0ztMM43KOV+NqfDOxnscIL+zWQSZQdGx

1ESJMRz0jSUN2m/7GvCYXg7BF82iU3GcfImgJBdib8Urld+m6l0qllbVHQIDAQAB

o4IB4jCCAd4wEAYJKwYBBAGCNxUBBAMCAQAwHQYDVR0OBBYEFJ5eYdfbirY5Y7+c

HzraAwdfXNGCMBkGCSsGAQQBgjcUAgQMHgoAUwB1AGIAQwBBMAsGA1UdDwQEAwIB

hjAPBgNVHRMBAf8EBTADAQH/MB8GA1UdIwQYMBaAFJeznmeMZLSrzb2jDODc5z+2

D/L9MIGLBgNVHR8EgYMwgYAwfqB8oHqGO2h0dHA6Ly9uaXRqdTAxLXZtNDg1ODMv

Q2VydEVucm9sbC9OSVRKVTAxLVZNNDg1ODMtQ0EoMSkuY3JshjtmaWxlOi8vbml0

anUwMS1WTTQ4NTgzL0NlcnRFbnJvbGwvTklUSlUwMS1WTTQ4NTgzLUNBKDEpLmNy

bDCBwgYIKwYBBQUHAQEEgbUwgbIwVwYIKwYBBQUHMAKGS2h0dHA6Ly9uaXRqdTAx

LXZtNDg1ODMvQ2VydEVucm9sbC9uaXRqdTAxLVZNNDg1ODNfTklUSlUwMS1WTTQ4

NTgzLUNBKDEpLmNydDBXBggrBgEFBQcwAoZLZmlsZTovL25pdGp1MDEtVk00ODU4

My9DZXJ0RW5yb2xsL25pdGp1MDEtVk00ODU4M19OSVRKVTAxLVZNNDg1ODMtQ0Eo

MSkuY3J0MA0GCSqGSIb3DQEBBQUAA4IBAQBeb8MLesYEHb+eUrNOTXCFOBrXDh/q

HtTyXOtYL1bAx3de+4OVkb5ga1BSHeWXP1VdLPrNuiFWghzCpC3zxam2pzXmYsgo

rLv4G7SKSjftrlK7vqPQQOkPKoUiw7XSHRnBV/9XVD5SKYzuC4+nvm5QuyvlAmF+

u+nlWMHCrqKf1HN9XvRQSRHgHMixJmlhKk0VmUhv3mgAPdtjR1ws6pYLni6SO62j

5cYtMrPU5Ib4iNimkv2Gc5vP8nA8vx04RhyNhQ9JTcGZgKnVMgzjq2uhBxoXQf9g

qBHcVLqCxMkSjuDvMEjbr6z8S6YzgfZgiT+C6P8qrGlEIkgh47f9CdaT

 

-----END CERTIFICATE-----

2 s:/CN=NITJU01-VM48583-CA

   i:/CN=NITJU01-VM48583-CA

-----BEGIN CERTIFICATE-----

MIIDPDCCAiSgAwIBAgIQFV1McGun8odFmCeslN4cYzANBgkqhkiG9w0BAQUFADAd

MRswGQYDVQQDExJOSVRKVTAxLVZNNDg1ODMtQ0EwHhcNMTQwNDE3MTQ1MjQ2WhcN

MTkwNDE3MTUwMjQ0WjAdMRswGQYDVQQDExJOSVRKVTAxLVZNNDg1ODMtQ0EwggEi

MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCz3yDQo1N5faZupklLu54Z3QeJ

Qjvl7MuHQ8qDz1WSYt1xGAu6ErLXhUvQ1N4hHlAeEwPD474HIFNCccG6z7fSSt4b

V0BGfuZrShrvJcUbZKtCvDzYtp81fPFafzyCo7QZRPQBOBAQOGNHAktCJCSfFzbB

Iq5lIaZyzydWb4CZQWg8YifxkOtloB2LzSeT1GAHb+pyjVBR8oYeIVaXwfETIPbP

8Ae1LGABk+pEGDC7WQb1RiXc+mejm7n+qzYNLIlsidL0hUWYV0Fo7Dsh3/YhvhBs

ypHDibqMV0Ar+PaCOPffb0psDWAI3hTxkxgKlFk3CWWcx2NZsHFPxrtG9yMDAgMB

AAGjeDB2MAsGA1UdDwQEAwIBhjAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBSX

s55njGS0q829owzg3Oc/tg/y/TASBgkrBgEEAYI3FQEEBQIDAQABMCMGCSsGAQQB

gjcVAgQWBBRnD2ZnhRS9rmG7CZG4luwqxznF9DANBgkqhkiG9w0BAQUFAAOCAQEA

kfYG7f8LaTmVR5lis9qL7ryeO1oOoFoen96btyEbdNYiHjbKdcnOIZ4bw3kb+ixc

CX/ZLKRB95EgUqP1C0mZTqKnI7lKZyogkId//bbLtZ/D1x7EhqSnPZ7W37OTCCac

O4ngC4pg6bMBzV2rxT3qR297nJoDkWa4Uee3QLsFNjiYGT4FtS1n6zqdS03iVliD

Sylyh9xBOZnr82Ve0vhOtTB2TLBc3+UL1X5Aqe9pmqC+99msGvLWrUqERHLoU9cD

7dYeTQuXP6e8OLUhxhOsmcv8wwSy1moV4c1VDrtp513ovm2S1Lr7+N9pNpjaLANU

NK3XxiAW0u0bp1YrZsgcyQ==

-----END CERTIFICATE-----

---

Server certificate

subject=/DC=com/DC=ca/DC=nitju01-u137073/CN=pstore

issuer=/CN=lab-NITJU01-VM91700-CA

---

No client certificate CA names sent

Client Certificate Types: RSA fixed DH, DSS fixed DH, RSA sign, DSA sign

Server Temp Key: DH, 1024 bits

---

SSL handshake has read 3700 bytes and written 414 bytes

---

New, TLSv1/SSLv3, Cipher is DHE-RSA-AES256-SHA

Server public key is 1024 bit

Secure Renegotiation IS supported

Compression: NONE

Expansion: NONE

No ALPN negotiated

SSL-Session:

    Protocol  : TLSv1

    Cipher    : DHE-RSA-AES256-SHA

    Session-ID: 981817B10DD7D4522AB0B0641B6774EED6D2588CF0E679C9C043E9DBF4A5711B

    Session-ID-ctx:

    Master-Key: 653B6E2CD410BFBD9C24EBC2C1151F995657A4E8B165D6DF0D29445A89D7BD74F532EAB1A042F5C616BFB8F9BADAE47C

    Key-Arg   : None

    Krb5 Principal: None

    PSK identity: None

    PSK identity hint: None

    SRP username: None

    TLS session ticket:

    0000 - b6 60 27 07 cf c7 91 04-fe 53 3a e1 88 8d 7e ff   .`'......S:...~.

    0010 - 47 c0 2e 1e 3f 2c 5d 8a-66 99 ab 34 74 5c 21 45   G...?,].f..4t\!E

    0020 - 5b fd 8c 55 92 e6 67 97-a5 4d 85 f4 89 a5 0c e3   [..U..g..M......

    0030 - ee 81 c1 9a aa 9a 85 13-53 29 e9 88 9b 77 2c 4e   ........S)...w,N

    0040 - 6c 47 86 08 6f 9f ff 5d-8a 4e 7a 34 8d 7f 17 4a   lG..o..].Nz4...J

    0050 - c1 d5 26 01 b7 46 a6 39-cb b7 79 9d 10 fa b5 95   ..&..F.9..y.....

    0060 - 96 d0 f4 c5 22 4b 66 b2-69 08 6a 6c ac b8 d0 b4   ...."Kf.i.jl....

    0070 - 9f 96 05 dd e0 23 54 48-1f 23 d2 0e f9 a4 1d cf   .....#TH.#......

    0080 - 20 08 35 84 ef 1e be f1-af 2d 6d 95 c5 d7 ef 04    .5......-m.....

    0090 - 1b 5b 96 1e 70 51 0c fd-cc b3 96 c3 d1 a5 d3 4b   .[..pQ.........K

 

    Start Time: 1456922485

    Timeout   : 300 (sec)

    Verify return code: 19 (self signed certificate in certificate chain)

---

 

read:errno=0

Outcomes