Languages
[Edit]
EN

openssl - check https status under Linux or Windows

11 points
Created by:
Kate_C
19800

In this short article we would like to show how to check connection status, server certificate, etc. for HTTPS connection.

Quick solution (run following command):

openssl s_client -connect dirask.com:443 -status

Where: dirask.com should be replaced by proper domain.

Windows example

Be sure that you have installed OpenSSL on Windows:

Note: OpenSSL installer for Windows can be found here.

Open Windows Command Prompt and run following command:

"C:\Program Files\OpenSSL-Win64\bin\openssl.exe" s_client -connect dirask.com:443 -status

Note: in output we should see information about SSL, TSLserver certificate, etc. that indicates ssl is working so https too.

Example Output:

C:\>"C:\Program Files\OpenSSL-Win64\bin\openssl.exe" s_client -connect dirask.com:443 -status
CONNECTED(00000154)
depth=1 C = US, O = "Cloudflare, Inc.", CN = Cloudflare Inc ECC CA-3
verify error:num=20:unable to get local issuer certificate
verify return:1
depth=0 C = US, ST = CA, L = San Francisco, O = "Cloudflare, Inc.", CN = sni.cloudflaressl.com
verify return:1
OCSP response: no response sent
---
Certificate chain
 0 s:C = US, ST = CA, L = San Francisco, O = "Cloudflare, Inc.", CN = sni.cloudflaressl.com
   i:C = US, O = "Cloudflare, Inc.", CN = Cloudflare Inc ECC CA-3
 1 s:C = US, O = "Cloudflare, Inc.", CN = Cloudflare Inc ECC CA-3
   i:C = IE, O = Baltimore, OU = CyberTrust, CN = Baltimore CyberTrust Root
---
Server certificate
-----BEGIN CERTIFICATE-----
MIIEvzCCBGWgAwIBAgIQApY184qHHBEzptuOB+s3qTAKBggqhkjOPQQDAjBKMQsw
CQYDVQQGEwJVUzEZMBcGA1UEChMQQ2xvdWRmbGFyZSwgSW5jLjEgMB4GA1UEAxMX
Q2xvdWRmbGFyZSBJbmMgRUNDIENBLTMwHhcNMjAwNjEwMDAwMDAwWhcNMjEwNjEw
MTIwMDAwWjBtMQswCQYDVQQGEwJVUzELMAkGA1UECBMCQ0ExFjAUBgNVBAcTDVNh
biBGcmFuY2lzY28xGTAXBgNVBAoTEENsb3VkZmxhcmUsIEluYy4xHjAcBgNVBAMT
FXNuaS5jbG91ZGZsYXJlc3NsLmNvbTBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IA
BGYwb/lRPAYMldgxWHkf59rCsEE1+SUF/h+BRUUrwMooBCbQhKbDe06uzc8a+7Qh
9JOQwIyxTnh2yc4m51t778qjggMIMIIDBDAfBgNVHSMEGDAWgBSlzjfq67B1DpRn
iLRF+tkkEIeWHzAdBgNVHQ4EFgQU8v6zbBjLf+dm9zhVAUptzPPpUFwwOgYDVR0R
BDMwMYIVc25pLmNsb3VkZmxhcmVzc2wuY29tggpkaXJhc2suY29tggwqLmRpcmFz
ay5jb20wDgYDVR0PAQH/BAQDAgeAMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEF
BQcDAjB7BgNVHR8EdDByMDegNaAzhjFodHRwOi8vY3JsMy5kaWdpY2VydC5jb20v
Q2xvdWRmbGFyZUluY0VDQ0NBLTMuY3JsMDegNaAzhjFodHRwOi8vY3JsNC5kaWdp
Y2VydC5jb20vQ2xvdWRmbGFyZUluY0VDQ0NBLTMuY3JsMEwGA1UdIARFMEMwNwYJ
YIZIAYb9bAEBMCowKAYIKwYBBQUHAgEWHGh0dHBzOi8vd3d3LmRpZ2ljZXJ0LmNv
bS9DUFMwCAYGZ4EMAQICMHYGCCsGAQUFBwEBBGowaDAkBggrBgEFBQcwAYYYaHR0
cDovL29jc3AuZGlnaWNlcnQuY29tMEAGCCsGAQUFBzAChjRodHRwOi8vY2FjZXJ0
cy5kaWdpY2VydC5jb20vQ2xvdWRmbGFyZUluY0VDQ0NBLTMuY3J0MAwGA1UdEwEB
/wQCMAAwggEEBgorBgEEAdZ5AgQCBIH1BIHyAPAAdgD2XJQv0XcwIhRUGAgwlFaO
400TGTO/3wwvIAvMTvFk4wAAAXKfAdjGAAAEAwBHMEUCIE8RIRK307Djf3TvSJqu
XWN4nA5/boUgmtFyFoB/deLNAiEAosZxQa9yhn5m20MJMekH/iS3jOgZC7N3dwI5
PnRzMiUAdgBc3EOS/uarRUSxXprUVuYQN/vV+kfcoXOUsl7m9scOygAAAXKfAdjy
AAAEAwBHMEUCIQC/qGIEwJ839oFJV7URHK3dmeiqvH9SOcbDG41qjdp+WgIgWoe1
exoByXUD+U5dLEkqNl4Vjk08g8NrNKB0UdtLh8YwCgYIKoZIzj0EAwIDSAAwRQIh
ANuXpm+xap72IWh6ZJNOhImOIIjUp/Z5vTj1PthI8LCZAiBHpOnLTJ6gdExd2uEz
tqsYaHWEBc+OiRpe5WM5OeWI1w==
-----END CERTIFICATE-----
subject=C = US, ST = CA, L = San Francisco, O = "Cloudflare, Inc.", CN = sni.cloudflaressl.com

issuer=C = US, O = "Cloudflare, Inc.", CN = Cloudflare Inc ECC CA-3

---
No client certificate CA names sent
Peer signing digest: SHA256
Peer signature type: ECDSA
Server Temp Key: X25519, 253 bits
---
SSL handshake has read 2509 bytes and written 401 bytes
Verification error: unable to get local issuer certificate
---
New, TLSv1.3, Cipher is TLS_AES_256_GCM_SHA384
Server public key is 256 bit
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
Early data was not sent
Verify return code: 20 (unable to get local issuer certificate)
---
---
Post-Handshake New Session Ticket arrived:
SSL-Session:
    Protocol  : TLSv1.3
    Cipher    : TLS_AES_256_GCM_SHA384
    Session-ID: D3CC3BC5B06D8844A1008EF80A3D326A988BE114E5E53392EE1A6639996AF86E
    Session-ID-ctx:
    Resumption PSK: 6590B084146238828254C5669F1E5C83EDBCD1C463B1A5CE6FB4A82B2AA82B9F17C30596EA65F5F773EFB17E76886637
    PSK identity: None
    PSK identity hint: None
    SRP username: None
    TLS session ticket lifetime hint: 64800 (seconds)
    TLS session ticket:
    0000 - f8 a8 b9 9f 32 9f e3 d9-19 82 cf d0 0e 08 b0 04   ....2...........
    0010 - ca a2 17 5e 1a 55 53 bd-0d 89 1b 8f 0b 80 8f 97   ...^.US.........
    0020 - aa 16 a4 31 3a 8b 8c a2-fe 9d c9 1d ea bc 90 a4   ...1:...........
    0030 - 72 69 fa a7 00 8a cd e1-e1 a5 b5 c4 47 76 d9 11   ri..........Gv..
    0040 - 9f ca 24 8f a5 dd 42 a6-f6 18 39 25 91 cf 59 7c   ..$...B...9%..Y|
    0050 - 00 16 e1 83 d2 86 51 ad-fa a4 ef 43 c2 e4 16 30   ......Q....C...0
    0060 - 00 ba fc 19 27 bc d8 5d-6b b0 cc b8 be 79 b7 b5   ....'..]k....y..
    0070 - b6 3b 1b bb 1c ee d8 14-21 5c e8 e4 8d 19 1f af   .;......!\......
    0080 - 43 c1 94 fc 85 d8 47 8c-a3 48 d2 59 aa f4 ab 99   C.....G..H.Y....
    0090 - c3 01 b3 a6 5a 47 ab 18-62 51 14 cd 23 91 70 20   ....ZG..bQ..#.p
    00a0 - 3f 1f 13 77 ca 41 23 2b-c0 da 6c 09 26 ff 0c 75   ?..w.A#+..l.&..u
    00b0 - 66 9b 8f 3c b6 9d f6 2d-a0 88 51 bf dc 02 f9 3c   f..<...-..Q....<

    Start Time: 1603549908
    Timeout   : 7200 (sec)
    Verify return code: 20 (unable to get local issuer certificate)
    Extended master secret: no
    Max Early Data: 0
---
read R BLOCK
---
Post-Handshake New Session Ticket arrived:
SSL-Session:
    Protocol  : TLSv1.3
    Cipher    : TLS_AES_256_GCM_SHA384
    Session-ID: B79C54F5840518EFB2CF7D06889F3D0237F62B49967D9B281DFDEE45DFFE8EBD
    Session-ID-ctx:
    Resumption PSK: 05A847B36903D7AFDA5E8480394E1C9432749E5477787D8431A70BDCD136D3F8D8720EA1D6A3EEAEB67B13C397F48FCA
    PSK identity: None
    PSK identity hint: None
    SRP username: None
    TLS session ticket lifetime hint: 64800 (seconds)
    TLS session ticket:
    0000 - f8 a8 b9 9f 32 9f e3 d9-19 82 cf d0 0e 08 b0 04   ....2...........
    0010 - a9 8f 2d ff 95 76 35 8d-3d 41 f3 39 56 e2 ce 25   ..-..v5.=A.9V..%
    0020 - a7 96 cc 9f f3 ad 55 54-b3 05 67 5d e4 9a f2 af   ......UT..g]....
    0030 - bf 8f 35 1b 29 5c fb b3-07 7c 1d 42 da 1e d7 88   ..5.)\...|.B....
    0040 - 5e d8 76 b2 a2 ab ae 0d-3c 46 2b 9e c4 b5 d9 51   ^.v.....<F+....Q
    0050 - 77 62 e8 c7 af 7f c8 18-f1 74 cc 84 8a 21 51 6f   wb.......t...!Qo
    0060 - fb 19 cc 0f 84 6a b2 a8-71 35 6c 88 23 e8 f1 cd   .....j..q5l.#...
    0070 - 59 43 9e 74 58 7b 19 95-2b de 40 7f b5 a4 67 2b   YC.tX{..+.@...g+
    0080 - 57 91 29 7e ef 04 85 c4-7d 7f 1c a6 6a 3a 00 1a   W.)~....}...j:..
    0090 - 71 b1 6a 81 71 61 2a 2b-24 04 c3 4d 41 fb 5e e6   q.j.qa*+$..MA.^.
    00a0 - 4c bd eb b1 9d cd 39 18-cb e5 0f c3 0f ad 23 e9   L.....9.......#.
    00b0 - f9 e3 34 d5 33 8d 00 f9-21 2d c6 a7 14 66 cc b3   ..4.3...!-...f..

    Start Time: 1603549908
    Timeout   : 7200 (sec)
    Verify return code: 20 (unable to get local issuer certificate)
    Extended master secret: no
    Max Early Data: 0
---
read R BLOCK
closed

C:\>
Native Advertising
50 000 ad impressions - 449$
🚀
Get your tech brand or product in front of software developers.
For more information contact us:
Red dot
Dirask - friendly IT community for everyone.

❤️💻 🙂

Join