Difference between revisions of "Openssl s client -showcerts"
Jump to navigation
Jump to search
(8 intermediate revisions by the same user not shown) | |||
Line 1: | Line 1: | ||
{{lc}} | {{lc}} | ||
+ | [[openssl s_client]] -showcerts -connect YOUR_DOMAIN.COM:443 | ||
+ | [[openssl s_client]] -showcerts -connect google.coom:443 | ||
+ | |||
[[openssl s_client]] -showcerts | [[openssl s_client]] -showcerts | ||
+ | |||
+ | == [[Zscaler]] and [[unable to get local issuer certificate]] == | ||
+ | openssl s_client -showcerts -connect google.com:443 | ||
+ | CONNECTED(00000003) | ||
+ | depth=2 C = US, ST = California, O = Zscaler Inc., OU = Zscaler Inc., CN = Zscaler Intermediate Root CA (zscaler.net), emailAddress = | ||
+ | |||
+ | [[verify error:num=20:unable to get local issuer certificate]] | ||
+ | verify return:1 | ||
+ | depth=1 C = US, ST = California, O = Zscaler Inc., OU = Zscaler Inc., CN = "Zscaler Intermediate Root CA (zscaler.net) (t) " | ||
+ | verify return:1 | ||
+ | depth=0 CN = *.google.com | ||
+ | verify return:1 | ||
+ | --- | ||
+ | Certificate chain | ||
+ | 0 s:CN = *.google.com | ||
+ | i:C = US, ST = California, O = Zscaler Inc., OU = Zscaler Inc., CN = "Zscaler Intermediate Root CA (zscaler.net) (t) " | ||
+ | a:PKEY: rsaEncryption, 2048 (bit); sigalg: RSA-SHA256 | ||
+ | v:NotBefore: Feb 3 02:44:27 2024 GMT; NotAfter: Feb 17 02:44:27 2024 GMT | ||
+ | -----BEGIN CERTIFICATE----- | ||
+ | MIINsDCCDJigAwIBAgIQd7/6+Y | ||
+ | |||
+ | == self signed certificate == | ||
+ | openssl s_client -showcerts -connect google.com:443 | ||
+ | CONNECTED(00000006) | ||
+ | depth=0 OU = "No SNI provided; please fix your client.", CN = invalid2.invalid | ||
+ | [[verify error:num=18:self signed certificate]] | ||
+ | verify return:1 | ||
+ | depth=0 OU = "No SNI provided; please fix your client.", CN = invalid2.invalid | ||
+ | verify return:1 | ||
+ | write W BLOCK | ||
+ | --- | ||
+ | Certificate chain | ||
+ | 0 s:/OU=No SNI provided; please fix your client./CN=invalid2.invalid | ||
+ | i:/OU=No SNI provided; please fix your client./CN=invalid2.invalid | ||
+ | -----BEGIN CERTIFICATE----- | ||
+ | MIIDfDCCAmSgAwIBAgIJAJB2iRjpM5OgMA0GCSqGSIb3DQEBCwUAME4xMTAvBgNV | ||
+ | .../... | ||
+ | |||
+ | == Errors == | ||
+ | openssl s_client -showcerts -connect google.com | ||
+ | 40D741D72F7F0000:error:8000006F:system library:BIO_connect:Connection refused:../crypto/bio/bio_sock2.c:114:calling connect() | ||
+ | 40D741D72F7F0000:error:10000067:BIO routines:BIO_connect:connect error:../crypto/bio/bio_sock2.c:116:connect:errno=111 | ||
openssl s_client -showcerts https://google.com | openssl s_client -showcerts https://google.com |
Latest revision as of 10:37, 9 February 2024
openssl s_client -showcerts -connect YOUR_DOMAIN.COM:443 openssl s_client -showcerts -connect google.coom:443
openssl s_client -showcerts
Contents
Zscaler and unable to get local issuer certificate[edit]
openssl s_client -showcerts -connect google.com:443 CONNECTED(00000003) depth=2 C = US, ST = California, O = Zscaler Inc., OU = Zscaler Inc., CN = Zscaler Intermediate Root CA (zscaler.net), emailAddress = [email protected] verify error:num=20:unable to get local issuer certificate verify return:1 depth=1 C = US, ST = California, O = Zscaler Inc., OU = Zscaler Inc., CN = "Zscaler Intermediate Root CA (zscaler.net) (t) " verify return:1 depth=0 CN = *.google.com verify return:1 --- Certificate chain 0 s:CN = *.google.com i:C = US, ST = California, O = Zscaler Inc., OU = Zscaler Inc., CN = "Zscaler Intermediate Root CA (zscaler.net) (t) " a:PKEY: rsaEncryption, 2048 (bit); sigalg: RSA-SHA256 v:NotBefore: Feb 3 02:44:27 2024 GMT; NotAfter: Feb 17 02:44:27 2024 GMT -----BEGIN CERTIFICATE----- MIINsDCCDJigAwIBAgIQd7/6+Y
self signed certificate[edit]
openssl s_client -showcerts -connect google.com:443 CONNECTED(00000006) depth=0 OU = "No SNI provided; please fix your client.", CN = invalid2.invalid verify error:num=18:self signed certificate verify return:1 depth=0 OU = "No SNI provided; please fix your client.", CN = invalid2.invalid verify return:1 write W BLOCK --- Certificate chain 0 s:/OU=No SNI provided; please fix your client./CN=invalid2.invalid i:/OU=No SNI provided; please fix your client./CN=invalid2.invalid -----BEGIN CERTIFICATE----- MIIDfDCCAmSgAwIBAgIJAJB2iRjpM5OgMA0GCSqGSIb3DQEBCwUAME4xMTAvBgNV .../...
Errors[edit]
openssl s_client -showcerts -connect google.com 40D741D72F7F0000:error:8000006F:system library:BIO_connect:Connection refused:../crypto/bio/bio_sock2.c:114:calling connect() 40D741D72F7F0000:error:10000067:BIO routines:BIO_connect:connect error:../crypto/bio/bio_sock2.c:116:connect:errno=111
openssl s_client -showcerts https://google.com 40B78119DD7F0000:error:10080002:BIO routines:BIO_lookup_ex:system lib:../crypto/bio/bio_addr.c:738:Servname not supported for ai_socktype connect:errno=0
See also[edit]
Advertising: