EN
openssl - check https status under Linux or Windows
11 points
In this short article, we would like to show how to check connection status, server certificate, etc. for HTTPS connection.
Quick solution (run following command):
xxxxxxxxxx
1
openssl s_client -connect dirask.com:443 -status
Where: dirask.com
should be replaced by proper domain.
Simple steps:
1. Check if you have installed OpenSSL on Windows:
Note: OpenSSL installer for Windows can be found here.
2. Open Windows Command Prompt and run the following command:
xxxxxxxxxx
1
"C:\Program Files\OpenSSL-Win64\bin\openssl.exe" s_client -connect dirask.com:443 -status
Note: in output we should see information about SSL, TSL, server certificate, etc. that indicates ssl is working so https too.
Example Output:
xxxxxxxxxx
1
C:\>"C:\Program Files\OpenSSL-Win64\bin\openssl.exe" s_client -connect dirask.com:443 -status
2
CONNECTED(00000154)
3
depth=1 C = US, O = "Cloudflare, Inc.", CN = Cloudflare Inc ECC CA-3
4
verify error:num=20:unable to get local issuer certificate
5
verify return:1
6
depth=0 C = US, ST = CA, L = San Francisco, O = "Cloudflare, Inc.", CN = sni.cloudflaressl.com
7
verify return:1
8
OCSP response: no response sent
9
---
10
Certificate chain
11
0 s:C = US, ST = CA, L = San Francisco, O = "Cloudflare, Inc.", CN = sni.cloudflaressl.com
12
i:C = US, O = "Cloudflare, Inc.", CN = Cloudflare Inc ECC CA-3
13
1 s:C = US, O = "Cloudflare, Inc.", CN = Cloudflare Inc ECC CA-3
14
i:C = IE, O = Baltimore, OU = CyberTrust, CN = Baltimore CyberTrust Root
15
---
16
Server certificate
17
-----BEGIN CERTIFICATE-----
18
MIIEvzCCBGWgAwIBAgIQApY184qHHBEzptuOB+s3qTAKBggqhkjOPQQDAjBKMQsw
19
CQYDVQQGEwJVUzEZMBcGA1UEChMQQ2xvdWRmbGFyZSwgSW5jLjEgMB4GA1UEAxMX
20
Q2xvdWRmbGFyZSBJbmMgRUNDIENBLTMwHhcNMjAwNjEwMDAwMDAwWhcNMjEwNjEw
21
MTIwMDAwWjBtMQswCQYDVQQGEwJVUzELMAkGA1UECBMCQ0ExFjAUBgNVBAcTDVNh
22
biBGcmFuY2lzY28xGTAXBgNVBAoTEENsb3VkZmxhcmUsIEluYy4xHjAcBgNVBAMT
23
FXNuaS5jbG91ZGZsYXJlc3NsLmNvbTBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IA
24
BGYwb/lRPAYMldgxWHkf59rCsEE1+SUF/h+BRUUrwMooBCbQhKbDe06uzc8a+7Qh
25
9JOQwIyxTnh2yc4m51t778qjggMIMIIDBDAfBgNVHSMEGDAWgBSlzjfq67B1DpRn
26
iLRF+tkkEIeWHzAdBgNVHQ4EFgQU8v6zbBjLf+dm9zhVAUptzPPpUFwwOgYDVR0R
27
BDMwMYIVc25pLmNsb3VkZmxhcmVzc2wuY29tggpkaXJhc2suY29tggwqLmRpcmFz
28
ay5jb20wDgYDVR0PAQH/BAQDAgeAMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEF
29
BQcDAjB7BgNVHR8EdDByMDegNaAzhjFodHRwOi8vY3JsMy5kaWdpY2VydC5jb20v
30
Q2xvdWRmbGFyZUluY0VDQ0NBLTMuY3JsMDegNaAzhjFodHRwOi8vY3JsNC5kaWdp
31
Y2VydC5jb20vQ2xvdWRmbGFyZUluY0VDQ0NBLTMuY3JsMEwGA1UdIARFMEMwNwYJ
32
YIZIAYb9bAEBMCowKAYIKwYBBQUHAgEWHGh0dHBzOi8vd3d3LmRpZ2ljZXJ0LmNv
33
bS9DUFMwCAYGZ4EMAQICMHYGCCsGAQUFBwEBBGowaDAkBggrBgEFBQcwAYYYaHR0
34
cDovL29jc3AuZGlnaWNlcnQuY29tMEAGCCsGAQUFBzAChjRodHRwOi8vY2FjZXJ0
35
cy5kaWdpY2VydC5jb20vQ2xvdWRmbGFyZUluY0VDQ0NBLTMuY3J0MAwGA1UdEwEB
36
/wQCMAAwggEEBgorBgEEAdZ5AgQCBIH1BIHyAPAAdgD2XJQv0XcwIhRUGAgwlFaO
37
400TGTO/3wwvIAvMTvFk4wAAAXKfAdjGAAAEAwBHMEUCIE8RIRK307Djf3TvSJqu
38
XWN4nA5/boUgmtFyFoB/deLNAiEAosZxQa9yhn5m20MJMekH/iS3jOgZC7N3dwI5
39
PnRzMiUAdgBc3EOS/uarRUSxXprUVuYQN/vV+kfcoXOUsl7m9scOygAAAXKfAdjy
40
AAAEAwBHMEUCIQC/qGIEwJ839oFJV7URHK3dmeiqvH9SOcbDG41qjdp+WgIgWoe1
41
exoByXUD+U5dLEkqNl4Vjk08g8NrNKB0UdtLh8YwCgYIKoZIzj0EAwIDSAAwRQIh
42
ANuXpm+xap72IWh6ZJNOhImOIIjUp/Z5vTj1PthI8LCZAiBHpOnLTJ6gdExd2uEz
43
tqsYaHWEBc+OiRpe5WM5OeWI1w==
44
-----END CERTIFICATE-----
45
subject=C = US, ST = CA, L = San Francisco, O = "Cloudflare, Inc.", CN = sni.cloudflaressl.com
46
47
issuer=C = US, O = "Cloudflare, Inc.", CN = Cloudflare Inc ECC CA-3
48
49
---
50
No client certificate CA names sent
51
Peer signing digest: SHA256
52
Peer signature type: ECDSA
53
Server Temp Key: X25519, 253 bits
54
---
55
SSL handshake has read 2509 bytes and written 401 bytes
56
Verification error: unable to get local issuer certificate
57
---
58
New, TLSv1.3, Cipher is TLS_AES_256_GCM_SHA384
59
Server public key is 256 bit
60
Secure Renegotiation IS NOT supported
61
Compression: NONE
62
Expansion: NONE
63
No ALPN negotiated
64
Early data was not sent
65
Verify return code: 20 (unable to get local issuer certificate)
66
---
67
---
68
Post-Handshake New Session Ticket arrived:
69
SSL-Session:
70
Protocol : TLSv1.3
71
Cipher : TLS_AES_256_GCM_SHA384
72
Session-ID: D3CC3BC5B06D8844A1008EF80A3D326A988BE114E5E53392EE1A6639996AF86E
73
Session-ID-ctx:
74
Resumption PSK: 6590B084146238828254C5669F1E5C83EDBCD1C463B1A5CE6FB4A82B2AA82B9F17C30596EA65F5F773EFB17E76886637
75
PSK identity: None
76
PSK identity hint: None
77
SRP username: None
78
TLS session ticket lifetime hint: 64800 (seconds)
79
TLS session ticket:
80
0000 - f8 a8 b9 9f 32 9f e3 d9-19 82 cf d0 0e 08 b0 04 ....2...........
81
0010 - ca a2 17 5e 1a 55 53 bd-0d 89 1b 8f 0b 80 8f 97 ...^.US.........
82
0020 - aa 16 a4 31 3a 8b 8c a2-fe 9d c9 1d ea bc 90 a4 ...1:...........
83
0030 - 72 69 fa a7 00 8a cd e1-e1 a5 b5 c4 47 76 d9 11 ri..........Gv..
84
0040 - 9f ca 24 8f a5 dd 42 a6-f6 18 39 25 91 cf 59 7c ..$...B...9%..Y|
85
0050 - 00 16 e1 83 d2 86 51 ad-fa a4 ef 43 c2 e4 16 30 ......Q....C...0
86
0060 - 00 ba fc 19 27 bc d8 5d-6b b0 cc b8 be 79 b7 b5 ....'..]k....y..
87
0070 - b6 3b 1b bb 1c ee d8 14-21 5c e8 e4 8d 19 1f af .;......!\......
88
0080 - 43 c1 94 fc 85 d8 47 8c-a3 48 d2 59 aa f4 ab 99 C.....G..H.Y....
89
0090 - c3 01 b3 a6 5a 47 ab 18-62 51 14 cd 23 91 70 20 ....ZG..bQ..#.p
90
00a0 - 3f 1f 13 77 ca 41 23 2b-c0 da 6c 09 26 ff 0c 75 ?..w.A#+..l.&..u
91
00b0 - 66 9b 8f 3c b6 9d f6 2d-a0 88 51 bf dc 02 f9 3c f..<...-..Q....<
92
93
Start Time: 1603549908
94
Timeout : 7200 (sec)
95
Verify return code: 20 (unable to get local issuer certificate)
96
Extended master secret: no
97
Max Early Data: 0
98
---
99
read R BLOCK
100
---
101
Post-Handshake New Session Ticket arrived:
102
SSL-Session:
103
Protocol : TLSv1.3
104
Cipher : TLS_AES_256_GCM_SHA384
105
Session-ID: B79C54F5840518EFB2CF7D06889F3D0237F62B49967D9B281DFDEE45DFFE8EBD
106
Session-ID-ctx:
107
Resumption PSK: 05A847B36903D7AFDA5E8480394E1C9432749E5477787D8431A70BDCD136D3F8D8720EA1D6A3EEAEB67B13C397F48FCA
108
PSK identity: None
109
PSK identity hint: None
110
SRP username: None
111
TLS session ticket lifetime hint: 64800 (seconds)
112
TLS session ticket:
113
0000 - f8 a8 b9 9f 32 9f e3 d9-19 82 cf d0 0e 08 b0 04 ....2...........
114
0010 - a9 8f 2d ff 95 76 35 8d-3d 41 f3 39 56 e2 ce 25 ..-..v5.=A.9V..%
115
0020 - a7 96 cc 9f f3 ad 55 54-b3 05 67 5d e4 9a f2 af ......UT..g]....
116
0030 - bf 8f 35 1b 29 5c fb b3-07 7c 1d 42 da 1e d7 88 ..5.)\...|.B....
117
0040 - 5e d8 76 b2 a2 ab ae 0d-3c 46 2b 9e c4 b5 d9 51 ^.v.....<F+....Q
118
0050 - 77 62 e8 c7 af 7f c8 18-f1 74 cc 84 8a 21 51 6f wb.......t...!Qo
119
0060 - fb 19 cc 0f 84 6a b2 a8-71 35 6c 88 23 e8 f1 cd .....j..q5l.#...
120
0070 - 59 43 9e 74 58 7b 19 95-2b de 40 7f b5 a4 67 2b YC.tX{..+.@...g+
121
0080 - 57 91 29 7e ef 04 85 c4-7d 7f 1c a6 6a 3a 00 1a W.)~....}...j:..
122
0090 - 71 b1 6a 81 71 61 2a 2b-24 04 c3 4d 41 fb 5e e6 q.j.qa*+$..MA.^.
123
00a0 - 4c bd eb b1 9d cd 39 18-cb e5 0f c3 0f ad 23 e9 L.....9.......#.
124
00b0 - f9 e3 34 d5 33 8d 00 f9-21 2d c6 a7 14 66 cc b3 ..4.3...!-...f..
125
126
Start Time: 1603549908
127
Timeout : 7200 (sec)
128
Verify return code: 20 (unable to get local issuer certificate)
129
Extended master secret: no
130
Max Early Data: 0
131
---
132
read R BLOCK
133
closed
134
135
C:\>