Using the OpenSSL command to Test the SSL Certificate by justyy

View this thread on steempeak.com
wherein · @justyy ·
$23.27
Using the OpenSSL command to Test the SSL Certificate
Usually, in the browser, by clicking the Lock icon, you can view the SSL certificate information.

![image.png](https://cdn.steemitimages.com/DQmS2t6tXpGfFWXHXuH1Z6YBiiZmUhcMbBY3xsM8FwRsiim/image.png)

![image.png](https://cdn.steemitimages.com/DQmRsMgkAPyos1nee7PfVnfcnb2ensTXfXfYXsmXN1kywFu/image.png)

And, we can also run the `openssl` command to view the server ceritifcate (e.g. SSL chain) on command line. For example:

```
$ openssl s_client -connect steemyy.com:443
CONNECTED(00000003)
depth=2 C = IE, O = Baltimore, OU = CyberTrust, CN = Baltimore CyberTrust Root
verify return:1
depth=1 C = US, ST = CA, L = San Francisco, O = "CloudFlare, Inc.", CN = CloudFlare Inc ECC CA-2
verify return:1
depth=0 C = US, ST = CA, L = San Francisco, O = "Cloudflare, Inc.", CN = sni.cloudflaressl.com
verify return:1
---
Certificate chain
 0 s:C = US, ST = CA, L = San Francisco, O = "Cloudflare, Inc.", CN = sni.cloudflaressl.com
   i:C = US, ST = CA, L = San Francisco, O = "CloudFlare, Inc.", CN = CloudFlare Inc ECC CA-2
 1 s:C = US, ST = CA, L = San Francisco, O = "CloudFlare, Inc.", CN = CloudFlare Inc ECC CA-2
   i:C = IE, O = Baltimore, OU = CyberTrust, CN = Baltimore CyberTrust Root
---
Server certificate
-----BEGIN CERTIFICATE-----
MIIE4zCCBIqgAwIBAgIQBCfBw9AilNa08J+J3QevBTAKBggqhkjOPQQDAjBvMQsw
CQYDVQQGEwJVUzELMAkGA1UECBMCQ0ExFjAUBgNVBAcTDVNhbiBGcmFuY2lzY28x
GTAXBgNVBAoTEENsb3VkRmxhcmUsIEluYy4xIDAeBgNVBAMTF0Nsb3VkRmxhcmUg
SW5jIEVDQyBDQS0yMB4XDTE5MDgzMTAwMDAwMFoXDTIwMDgzMDEyMDAwMFowbTEL
MAkGA1UEBhMCVVMxCzAJBgNVBAgTAkNBMRYwFAYDVQQHEw1TYW4gRnJhbmNpc2Nv
MRkwFwYDVQQKExBDbG91ZGZsYXJlLCBJbmMuMR4wHAYDVQQDExVzbmkuY2xvdWRm
bGFyZXNzbC5jb20wWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAAQItPIArTdvymcD
ZKhxChknZYgeNR6sJPCmEsRSx9VlM5P4XZ76Z0EciWFP3K4IWqxWTB7UwtWU8v85
9gbU2IB1o4IDCDCCAwQwHwYDVR0jBBgwFoAUPnQtH89FdQR+P8Cihz5MQ4NRE8Yw
HQYDVR0OBBYEFEGkpNBZnq5y8J0RmBtmsrW2ehUTMDwGA1UdEQQ1MDOCFXNuaS5j
bG91ZGZsYXJlc3NsLmNvbYILc3RlZW15eS5jb22CDSouc3RlZW15eS5jb20wDgYD
VR0PAQH/BAQDAgeAMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjB5BgNV
HR8EcjBwMDagNKAyhjBodHRwOi8vY3JsMy5kaWdpY2VydC5jb20vQ2xvdWRGbGFy
ZUluY0VDQ0NBMi5jcmwwNqA0oDKGMGh0dHA6Ly9jcmw0LmRpZ2ljZXJ0LmNvbS9D
bG91ZEZsYXJlSW5jRUNDQ0EyLmNybDBMBgNVHSAERTBDMDcGCWCGSAGG/WwBATAq
MCgGCCsGAQUFBwIBFhxodHRwczovL3d3dy5kaWdpY2VydC5jb20vQ1BTMAgGBmeB
DAECAjB2BggrBgEFBQcBAQRqMGgwJAYIKwYBBQUHMAGGGGh0dHA6Ly9vY3NwLmRp
Z2ljZXJ0LmNvbTBABggrBgEFBQcwAoY0aHR0cDovL2NhY2VydHMuZGlnaWNlcnQu
Y29tL0Nsb3VkRmxhcmVJbmNFQ0NDQS0yLmNydDAMBgNVHRMBAf8EAjAAMIIBBAYK
KwYBBAHWeQIEAgSB9QSB8gDwAHcA7ku9t3XOYLrhQmkfq+GeZqMPfl+wctiDAMR7
iXqo/csAAAFs57zC6gAABAMASDBGAiEAlUlhMpLWk4xOF17OKD0+9jxANQLP6RVT
3p6ay+2WxA4CIQCwlyeq834aUfNM6UOK6qCWpJfpvp/vtIVXFd2rbIUA/AB1AF6n
c/nfVsDntTZIfdBJ4DJ6kZoMhKESEoQYdZaBcUVYAAABbOe8wtsAAAQDAEYwRAIg
Q5K8yHiH8pjY/IIWxbI3rQhN1wTWjRyoDzrOdgxWTUUCIBEaKpx/wfD9Zk1xFu41
Mpxc2SVr0vmFqWxu2FzXT9TrMAoGCCqGSM49BAMCA0cAMEQCIAWkpWQQHu0Q2gdd
3Jc+SWUwQaNNQzEmOizl/t5q0wCOAiBAByk2Iq+jkkNicNJMIwKKz/DUnjoqED2a
ngIPSe4yAA==
-----END CERTIFICATE-----
subject=C = US, ST = CA, L = San Francisco, O = "Cloudflare, Inc.", CN = sni.cloudflaressl.com

issuer=C = US, ST = CA, L = San Francisco, O = "CloudFlare, Inc.", CN = CloudFlare Inc ECC CA-2

---
No client certificate CA names sent
Peer signing digest: SHA256
Peer signature type: ECDSA
Server Temp Key: X25519, 253 bits
---
SSL handshake has read 2505 bytes and written 393 bytes
Verification: OK
---
New, TLSv1.3, Cipher is TLS_AES_256_GCM_SHA384
Server public key is 256 bit
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
Early data was not sent
Verify return code: 0 (ok)
---
---
Post-Handshake New Session Ticket arrived:
SSL-Session:
    Protocol  : TLSv1.3
    Cipher    : TLS_AES_256_GCM_SHA384
    Session-ID: 00E1D8FEFBAE3B932AAAF53F9F718F1F86C0F054DCE4FCBB5FC15C3F468B9023
    Session-ID-ctx: 
    Resumption PSK: CF2880D9CCB03AEEBE0F15AA402EB1AEDE7ADE0E10E0E810B8EE4B6BAB0D131E3A1443A2BAF753804CE9D1570CA939A6
    PSK identity: None
    PSK identity hint: None
    SRP username: None
    TLS session ticket lifetime hint: 64800 (seconds)
    TLS session ticket:
    0000 - 24 29 83 3e 7e 68 72 88-be fe 43 06 e6 91 6b 2e   $).>~hr...C...k.
    0010 - 39 0e 02 49 30 d2 25 94-19 56 15 c2 b9 fc 16 ac   9..I0.%..V......
    0020 - 3b 07 3b 00 55 03 4f 79-15 54 1c 3f 18 01 38 20   ;.;.U.Oy.T.?..8 
    0030 - aa 62 0a 30 92 6b f5 f2-32 90 58 95 19 b6 75 7e   .b.0.k..2.X...u~
    0040 - b8 0f 62 f9 f5 43 d7 e7-07 b2 fe 3a 1c 10 3c af   ..b..C.....:..<.
    0050 - 75 81 96 9b 4c 01 ca 34-38 3c 12 f2 5f 6e 03 1d   u...L..48<.._n..
    0060 - 94 2e d2 cc d0 3c 5e 92-59 64 b0 78 8b 01 d0 8e   .....<^.Yd.x....
    0070 - 43 8d a1 d4 74 9a 34 49-4e de 19 b3 f2 70 a6 a1   C...t.4IN....p..
    0080 - 0c bc 4e 03 f4 71 de fd-a7 44 78 e8 f3 e7 a7 54   ..N..q...Dx....T
    0090 - 56 52 0c 15 15 d4 65 93-3e e6 cc 93 9a dc 0b 54   VR....e.>......T
    00a0 - 4b 05 6d 46 e4 3a 7a 11-44 04 f1 2a d9 93 bc ec   K.mF.:z.D..*....
    00b0 - f3 ee 72 41 fe db 5b b3-02 81 d6 ca 05 59 91 95   ..rA..[......Y..
    00c0 - f1 76 a9 c8 7a e0 ef 97-d8 4f 05 3d 16 3f 3f 0c   .v..z....O.=.??.

    Start Time: 1595760096
    Timeout   : 7200 (sec)
    Verify return code: 0 (ok)
    Extended master secret: no
    Max Early Data: 14336
---
read R BLOCK
---
Post-Handshake New Session Ticket arrived:
SSL-Session:
    Protocol  : TLSv1.3
    Cipher    : TLS_AES_256_GCM_SHA384
    Session-ID: C4855EC8C5E523EC6C57147A4862E1379A7F12D90287993393E3B1CBFB47A6A2
    Session-ID-ctx: 
    Resumption PSK: A02A21B1EC2A62EB33CD7517A88038EF26D11E5467EAE1EBBA218F3AE70088D422CD6917148AF26C6EA475735C1A263F
    PSK identity: None
    PSK identity hint: None
    SRP username: None
    TLS session ticket lifetime hint: 64800 (seconds)
    TLS session ticket:
    0000 - 24 29 83 3e 7e 68 72 88-be fe 43 06 e6 91 6b 2e   $).>~hr...C...k.
    0010 - da 18 c1 ca ff 47 24 95-d8 8a 19 af 0f f5 ca f1   .....G$.........
    0020 - 60 1a bd b5 6a 28 f8 2a-78 d6 37 04 d1 3b cc 9c   `...j(.*x.7..;..
    0030 - 75 1a e7 c1 43 bf 71 79-8c 58 89 0b 75 34 5d aa   u...C.qy.X..u4].
    0040 - 91 a1 51 68 a6 aa 05 17-53 ce c2 7c 56 fb bc 26   ..Qh....S..|V..&
    0050 - b1 2f ff 2c ff 7e 35 13-8e 7a f8 4a bc 85 a2 0b   ./.,.~5..z.J....
    0060 - f2 8b 01 65 4e 71 1e 5e-db 8d 94 4a a8 86 cc e4   ...eNq.^...J....
    0070 - c3 fe 5c ed a3 74 23 82-67 07 a3 5b 8b 3b 08 97   ..\..t#.g..[.;..
    0080 - fc 52 81 c1 7c 6d 46 a6-9f fb c4 33 53 12 21 fc   .R..|mF....3S.!.
    0090 - 34 79 72 8d 40 d1 94 9b-1b 72 b1 37 ee bb 65 dc   4yr.@....r.7..e.
    00a0 - 0d 88 1b e2 35 4e 6e 89-07 b4 53 be 43 6d 7e d2   ....5Nn...S.Cm~.
    00b0 - fa 21 a2 fd ae bb 55 6d-62 c7 38 99 50 31 fd 09   .!....Umb.8.P1..
    00c0 - de 3f 8b cd 1f f6 ec 4a-fa 3b 7f 43 cb b7 c6 1d   .?.....J.;.C....

    Start Time: 1595760096
    Timeout   : 7200 (sec)
    Verify return code: 0 (ok)
    Extended master secret: no
    Max Early Data: 14336
---
read R BLOCK
closed
```

<hr/>

Every little helps! I hope this helps!


**Steem On!~**
------------------
*[Reposted to Computing & Technology](https://helloacm.com/using-the-openssl-command-to-test-the-ssl-certificate/)*

If you like my work, please consider voting for me, thanks!
https://steemit.com/~witnesses type in **justyy** and click ***VOTE***
https://steemyy.com/images/vote-for-justyy.jpg
<BR/>
**Alternatively, you could [proxy to me](https://steemyy.com/witness-voting/?witness=justyy&action=proxy)  if you are too lazy to vote!**

Also: you can vote me at the tool I made:  https://steemyy.com/witness-voting/?witness=justyy
👍  , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , and 80 others
properties (23)
post_id86,841,825
authorjustyy
permlinkusing-the-openssl-command-to-test-the-ssl-certificate
categorywherein
json_metadata{"tags":["wherein","wherein-daka","whaleplower","zzan","upfundme","palnet","marlians"],"image":["https:\/\/cdn.steemitimages.com\/DQmS2t6tXpGfFWXHXuH1Z6YBiiZmUhcMbBY3xsM8FwRsiim\/image.png","https:\/\/cdn.steemitimages.com\/DQmRsMgkAPyos1nee7PfVnfcnb2ensTXfXfYXsmXN1kywFu\/image.png","https:\/\/steemyy.com\/images\/vote-for-justyy.jpg"],"links":["https:\/\/helloacm.com\/using-the-openssl-command-to-test-the-ssl-certificate\/","https:\/\/steemit.com\/~witnesses","https:\/\/steemyy.com\/witness-voting\/?witness=justyy&action=proxy","https:\/\/steemyy.com\/witness-voting\/?witness=justyy"],"app":"steemit\/0.2","format":"markdown"}
created2020-07-26 11:18:33
last_update2020-07-26 11:18:33
depth0
children0
net_rshares35,597,148,524,840
last_payout2020-08-02 11:18:33
cashout_time1969-12-31 23:59:59
total_payout_value12.127 SBD
curator_payout_value11.147 SBD
pending_payout_value0.000 SBD
promoted0.000 SBD
body_length7,560
author_reputation2,046,968,271,807,515
root_title"Using the OpenSSL command to Test the SSL Certificate"
beneficiaries[]
max_accepted_payout1,000,000.000 SBD
percent_steem_dollars10,000
author_curate_reward""
vote details (144)
Help/Feedback