Difference between revisions of "Openssl s client -showcerts"

From wikieduonline
Jump to navigation Jump to search
 
(5 intermediate revisions by the same user not shown)
Line 4: Line 4:
  
 
  [[openssl s_client]] -showcerts  
 
  [[openssl s_client]] -showcerts  
 +
 +
== [[Zscaler]] and [[unable to get local issuer certificate]] ==
 +
openssl s_client -showcerts -connect google.com:443
 +
CONNECTED(00000003)
 +
depth=2 C = US, ST = California, O = Zscaler Inc., OU = Zscaler Inc., CN = Zscaler Intermediate Root CA (zscaler.net), emailAddress =
 +
 +
[[verify error:num=20:unable to get local issuer certificate]]
 +
verify return:1
 +
depth=1 C = US, ST = California, O = Zscaler Inc., OU = Zscaler Inc., CN = "Zscaler Intermediate Root CA (zscaler.net) (t) "
 +
verify return:1
 +
depth=0 CN = *.google.com
 +
verify return:1
 +
---
 +
Certificate chain
 +
  0 s:CN = *.google.com
 +
    i:C = US, ST = California, O = Zscaler Inc., OU = Zscaler Inc., CN = "Zscaler Intermediate Root CA (zscaler.net) (t) "
 +
    a:PKEY: rsaEncryption, 2048 (bit); sigalg: RSA-SHA256
 +
    v:NotBefore: Feb  3 02:44:27 2024 GMT; NotAfter: Feb 17 02:44:27 2024 GMT
 +
-----BEGIN CERTIFICATE-----
 +
MIINsDCCDJigAwIBAgIQd7/6+Y
 +
 +
== self signed certificate ==
 +
openssl s_client -showcerts -connect google.com:443
 +
CONNECTED(00000006)
 +
depth=0 OU = "No SNI provided; please fix your client.", CN = invalid2.invalid
 +
[[verify error:num=18:self signed certificate]]
 +
verify return:1
 +
depth=0 OU = "No SNI provided; please fix your client.", CN = invalid2.invalid
 +
verify return:1
 +
write W BLOCK
 +
---
 +
Certificate chain
 +
  0 s:/OU=No SNI provided; please fix your client./CN=invalid2.invalid
 +
    i:/OU=No SNI provided; please fix your client./CN=invalid2.invalid
 +
-----BEGIN CERTIFICATE-----
 +
MIIDfDCCAmSgAwIBAgIJAJB2iRjpM5OgMA0GCSqGSIb3DQEBCwUAME4xMTAvBgNV
 +
.../...
  
 
== Errors ==
 
== Errors ==

Latest revision as of 10:37, 9 February 2024

openssl s_client -showcerts -connect YOUR_DOMAIN.COM:443
openssl s_client -showcerts -connect google.coom:443
openssl s_client -showcerts 

Zscaler and unable to get local issuer certificate[edit]

openssl s_client -showcerts -connect google.com:443
CONNECTED(00000003)
depth=2 C = US, ST = California, O = Zscaler Inc., OU = Zscaler Inc., CN = Zscaler Intermediate Root CA (zscaler.net), emailAddress = 
[email protected]
verify error:num=20:unable to get local issuer certificate
verify return:1
depth=1 C = US, ST = California, O = Zscaler Inc., OU = Zscaler Inc., CN = "Zscaler Intermediate Root CA (zscaler.net) (t) "
verify return:1
depth=0 CN = *.google.com
verify return:1
---
Certificate chain
 0 s:CN = *.google.com
   i:C = US, ST = California, O = Zscaler Inc., OU = Zscaler Inc., CN = "Zscaler Intermediate Root CA (zscaler.net) (t) "
   a:PKEY: rsaEncryption, 2048 (bit); sigalg: RSA-SHA256
   v:NotBefore: Feb  3 02:44:27 2024 GMT; NotAfter: Feb 17 02:44:27 2024 GMT
-----BEGIN CERTIFICATE-----
MIINsDCCDJigAwIBAgIQd7/6+Y

self signed certificate[edit]

openssl s_client -showcerts -connect google.com:443 
CONNECTED(00000006)
depth=0 OU = "No SNI provided; please fix your client.", CN = invalid2.invalid
verify error:num=18:self signed certificate
verify return:1 
depth=0 OU = "No SNI provided; please fix your client.", CN = invalid2.invalid
verify return:1 
write W BLOCK
--- 
Certificate chain
 0 s:/OU=No SNI provided; please fix your client./CN=invalid2.invalid
   i:/OU=No SNI provided; please fix your client./CN=invalid2.invalid
-----BEGIN CERTIFICATE-----
MIIDfDCCAmSgAwIBAgIJAJB2iRjpM5OgMA0GCSqGSIb3DQEBCwUAME4xMTAvBgNV
.../...

Errors[edit]

openssl s_client -showcerts -connect google.com
40D741D72F7F0000:error:8000006F:system library:BIO_connect:Connection refused:../crypto/bio/bio_sock2.c:114:calling connect()
40D741D72F7F0000:error:10000067:BIO routines:BIO_connect:connect error:../crypto/bio/bio_sock2.c:116:connect:errno=111
openssl s_client -showcerts  https://google.com
40B78119DD7F0000:error:10080002:BIO routines:BIO_lookup_ex:system lib:../crypto/bio/bio_addr.c:738:Servname not supported for ai_socktype connect:errno=0

See also[edit]

Advertising: