EN
openssl - check https status under Linux or Windows
11
points
In this short article, we would like to show how to check connection status, server certificate, etc. for HTTPS connection.
Quick solution (run following command):
openssl s_client -connect dirask.com:443 -status
Where: dirask.com should be replaced by proper domain.
Test under Windows
Simple steps:
1. Check if you have installed OpenSSL on Windows:
Note: OpenSSL installer for Windows can be found here.
2. Open Windows Command Prompt and run the following command:
"C:\Program Files\OpenSSL-Win64\bin\openssl.exe" s_client -connect dirask.com:443 -status
Note: in output we should see information about SSL, TSL, server certificate, etc. that indicates ssl is working so https too.
Example Output:
C:\>"C:\Program Files\OpenSSL-Win64\bin\openssl.exe" s_client -connect dirask.com:443 -status
CONNECTED(00000154)
depth=1 C = US, O = "Cloudflare, Inc.", CN = Cloudflare Inc ECC CA-3
verify error:num=20:unable to get local issuer certificate
verify return:1
depth=0 C = US, ST = CA, L = San Francisco, O = "Cloudflare, Inc.", CN = sni.cloudflaressl.com
verify return:1
OCSP response: no response sent
---
Certificate chain
0 s:C = US, ST = CA, L = San Francisco, O = "Cloudflare, Inc.", CN = sni.cloudflaressl.com
i:C = US, O = "Cloudflare, Inc.", CN = Cloudflare Inc ECC CA-3
1 s:C = US, O = "Cloudflare, Inc.", CN = Cloudflare Inc ECC CA-3
i:C = IE, O = Baltimore, OU = CyberTrust, CN = Baltimore CyberTrust Root
---
Server certificate
-----BEGIN CERTIFICATE-----
MIIEvzCCBGWgAwIBAgIQApY184qHHBEzptuOB+s3qTAKBggqhkjOPQQDAjBKMQsw
CQYDVQQGEwJVUzEZMBcGA1UEChMQQ2xvdWRmbGFyZSwgSW5jLjEgMB4GA1UEAxMX
Q2xvdWRmbGFyZSBJbmMgRUNDIENBLTMwHhcNMjAwNjEwMDAwMDAwWhcNMjEwNjEw
MTIwMDAwWjBtMQswCQYDVQQGEwJVUzELMAkGA1UECBMCQ0ExFjAUBgNVBAcTDVNh
biBGcmFuY2lzY28xGTAXBgNVBAoTEENsb3VkZmxhcmUsIEluYy4xHjAcBgNVBAMT
FXNuaS5jbG91ZGZsYXJlc3NsLmNvbTBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IA
BGYwb/lRPAYMldgxWHkf59rCsEE1+SUF/h+BRUUrwMooBCbQhKbDe06uzc8a+7Qh
9JOQwIyxTnh2yc4m51t778qjggMIMIIDBDAfBgNVHSMEGDAWgBSlzjfq67B1DpRn
iLRF+tkkEIeWHzAdBgNVHQ4EFgQU8v6zbBjLf+dm9zhVAUptzPPpUFwwOgYDVR0R
BDMwMYIVc25pLmNsb3VkZmxhcmVzc2wuY29tggpkaXJhc2suY29tggwqLmRpcmFz
ay5jb20wDgYDVR0PAQH/BAQDAgeAMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEF
BQcDAjB7BgNVHR8EdDByMDegNaAzhjFodHRwOi8vY3JsMy5kaWdpY2VydC5jb20v
Q2xvdWRmbGFyZUluY0VDQ0NBLTMuY3JsMDegNaAzhjFodHRwOi8vY3JsNC5kaWdp
Y2VydC5jb20vQ2xvdWRmbGFyZUluY0VDQ0NBLTMuY3JsMEwGA1UdIARFMEMwNwYJ
YIZIAYb9bAEBMCowKAYIKwYBBQUHAgEWHGh0dHBzOi8vd3d3LmRpZ2ljZXJ0LmNv
bS9DUFMwCAYGZ4EMAQICMHYGCCsGAQUFBwEBBGowaDAkBggrBgEFBQcwAYYYaHR0
cDovL29jc3AuZGlnaWNlcnQuY29tMEAGCCsGAQUFBzAChjRodHRwOi8vY2FjZXJ0
cy5kaWdpY2VydC5jb20vQ2xvdWRmbGFyZUluY0VDQ0NBLTMuY3J0MAwGA1UdEwEB
/wQCMAAwggEEBgorBgEEAdZ5AgQCBIH1BIHyAPAAdgD2XJQv0XcwIhRUGAgwlFaO
400TGTO/3wwvIAvMTvFk4wAAAXKfAdjGAAAEAwBHMEUCIE8RIRK307Djf3TvSJqu
XWN4nA5/boUgmtFyFoB/deLNAiEAosZxQa9yhn5m20MJMekH/iS3jOgZC7N3dwI5
PnRzMiUAdgBc3EOS/uarRUSxXprUVuYQN/vV+kfcoXOUsl7m9scOygAAAXKfAdjy
AAAEAwBHMEUCIQC/qGIEwJ839oFJV7URHK3dmeiqvH9SOcbDG41qjdp+WgIgWoe1
exoByXUD+U5dLEkqNl4Vjk08g8NrNKB0UdtLh8YwCgYIKoZIzj0EAwIDSAAwRQIh
ANuXpm+xap72IWh6ZJNOhImOIIjUp/Z5vTj1PthI8LCZAiBHpOnLTJ6gdExd2uEz
tqsYaHWEBc+OiRpe5WM5OeWI1w==
-----END CERTIFICATE-----
subject=C = US, ST = CA, L = San Francisco, O = "Cloudflare, Inc.", CN = sni.cloudflaressl.com
issuer=C = US, O = "Cloudflare, Inc.", CN = Cloudflare Inc ECC CA-3
---
No client certificate CA names sent
Peer signing digest: SHA256
Peer signature type: ECDSA
Server Temp Key: X25519, 253 bits
---
SSL handshake has read 2509 bytes and written 401 bytes
Verification error: unable to get local issuer certificate
---
New, TLSv1.3, Cipher is TLS_AES_256_GCM_SHA384
Server public key is 256 bit
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
Early data was not sent
Verify return code: 20 (unable to get local issuer certificate)
---
---
Post-Handshake New Session Ticket arrived:
SSL-Session:
Protocol : TLSv1.3
Cipher : TLS_AES_256_GCM_SHA384
Session-ID: D3CC3BC5B06D8844A1008EF80A3D326A988BE114E5E53392EE1A6639996AF86E
Session-ID-ctx:
Resumption PSK: 6590B084146238828254C5669F1E5C83EDBCD1C463B1A5CE6FB4A82B2AA82B9F17C30596EA65F5F773EFB17E76886637
PSK identity: None
PSK identity hint: None
SRP username: None
TLS session ticket lifetime hint: 64800 (seconds)
TLS session ticket:
0000 - f8 a8 b9 9f 32 9f e3 d9-19 82 cf d0 0e 08 b0 04 ....2...........
0010 - ca a2 17 5e 1a 55 53 bd-0d 89 1b 8f 0b 80 8f 97 ...^.US.........
0020 - aa 16 a4 31 3a 8b 8c a2-fe 9d c9 1d ea bc 90 a4 ...1:...........
0030 - 72 69 fa a7 00 8a cd e1-e1 a5 b5 c4 47 76 d9 11 ri..........Gv..
0040 - 9f ca 24 8f a5 dd 42 a6-f6 18 39 25 91 cf 59 7c ..$...B...9%..Y|
0050 - 00 16 e1 83 d2 86 51 ad-fa a4 ef 43 c2 e4 16 30 ......Q....C...0
0060 - 00 ba fc 19 27 bc d8 5d-6b b0 cc b8 be 79 b7 b5 ....'..]k....y..
0070 - b6 3b 1b bb 1c ee d8 14-21 5c e8 e4 8d 19 1f af .;......!\......
0080 - 43 c1 94 fc 85 d8 47 8c-a3 48 d2 59 aa f4 ab 99 C.....G..H.Y....
0090 - c3 01 b3 a6 5a 47 ab 18-62 51 14 cd 23 91 70 20 ....ZG..bQ..#.p
00a0 - 3f 1f 13 77 ca 41 23 2b-c0 da 6c 09 26 ff 0c 75 ?..w.A#+..l.&..u
00b0 - 66 9b 8f 3c b6 9d f6 2d-a0 88 51 bf dc 02 f9 3c f..<...-..Q....<
Start Time: 1603549908
Timeout : 7200 (sec)
Verify return code: 20 (unable to get local issuer certificate)
Extended master secret: no
Max Early Data: 0
---
read R BLOCK
---
Post-Handshake New Session Ticket arrived:
SSL-Session:
Protocol : TLSv1.3
Cipher : TLS_AES_256_GCM_SHA384
Session-ID: B79C54F5840518EFB2CF7D06889F3D0237F62B49967D9B281DFDEE45DFFE8EBD
Session-ID-ctx:
Resumption PSK: 05A847B36903D7AFDA5E8480394E1C9432749E5477787D8431A70BDCD136D3F8D8720EA1D6A3EEAEB67B13C397F48FCA
PSK identity: None
PSK identity hint: None
SRP username: None
TLS session ticket lifetime hint: 64800 (seconds)
TLS session ticket:
0000 - f8 a8 b9 9f 32 9f e3 d9-19 82 cf d0 0e 08 b0 04 ....2...........
0010 - a9 8f 2d ff 95 76 35 8d-3d 41 f3 39 56 e2 ce 25 ..-..v5.=A.9V..%
0020 - a7 96 cc 9f f3 ad 55 54-b3 05 67 5d e4 9a f2 af ......UT..g]....
0030 - bf 8f 35 1b 29 5c fb b3-07 7c 1d 42 da 1e d7 88 ..5.)\...|.B....
0040 - 5e d8 76 b2 a2 ab ae 0d-3c 46 2b 9e c4 b5 d9 51 ^.v.....<F+....Q
0050 - 77 62 e8 c7 af 7f c8 18-f1 74 cc 84 8a 21 51 6f wb.......t...!Qo
0060 - fb 19 cc 0f 84 6a b2 a8-71 35 6c 88 23 e8 f1 cd .....j..q5l.#...
0070 - 59 43 9e 74 58 7b 19 95-2b de 40 7f b5 a4 67 2b YC.tX{..+.@...g+
0080 - 57 91 29 7e ef 04 85 c4-7d 7f 1c a6 6a 3a 00 1a W.)~....}...j:..
0090 - 71 b1 6a 81 71 61 2a 2b-24 04 c3 4d 41 fb 5e e6 q.j.qa*+$..MA.^.
00a0 - 4c bd eb b1 9d cd 39 18-cb e5 0f c3 0f ad 23 e9 L.....9.......#.
00b0 - f9 e3 34 d5 33 8d 00 f9-21 2d c6 a7 14 66 cc b3 ..4.3...!-...f..
Start Time: 1603549908
Timeout : 7200 (sec)
Verify return code: 20 (unable to get local issuer certificate)
Extended master secret: no
Max Early Data: 0
---
read R BLOCK
closed
C:\>