OpenSSL to check and verify SSL/TLS of Website/Webserver
command which is used to connect, check ,list https ,SSL/TLS related information.
We can check SSL/TLS connection with s_client command.
>>CHECKING TLS/SSL of Website
The basic and most popular use of s_client is just connecting remote SSL/TLS website.We have to provide just the website with the port number as shown below:
The most important information here is the protocol version(TLSv1.2) and the cipher suite used
(ECDHE-RSA-AES128-GCM-SHA256).You can also determine that the server has issued to you a session id and TLS session ticket(truncated in above image) which is a way of resuming sessions without having the server mainatian state.
Now we know that the TLS communication layer is working: we got through to the http server,submitted a request and received a response back.
>>Checking TLS/SSL of Website with Specifying Certificate Authority
If the website certificates are created in house or web browsers means they are not signed with the Global Certificate Authorities in that case it gives the verification-error as shown below:
In this case we can provide the Signing certificate or Certificate Authority with the -CAfile option of s_client as follows:
The basic command looks like this:
$ openssl s_client -connect "website:port" -CAfile "self-signed-certificate-location"
$ openssl s_client -connect self-signed.badssl.com:443 -CAfile /etc/ssl/certs/self.crt
**Note - For the above command to be worked you need to have self signed certificate.
After this, instead of s_client complaining, it verifies each certificate from the certificate chain and doesn't give the verification-error anymore.