From time to time it may be necessary to verify what certificate is being presented by the server that you are connecting to. Sometimes this is a SMTP server or it could be a web server. While there are multiple methods that can be used to validate a certificate presented from a server I am going to be focusing on openssl here.
Transport Layer Security (TLS), and its now-deprecated predecessor, Secure Sockets Layer (SSL), are cryptographic protocols designed to provide communications security over a computer network. Several versions of the protocols are widely used in applications such as email, instant messaging, and voice over IP, but its use as the Security layer in HTTPS remains the most publicly visible. The OpenSSL Project is a collaborative effort to develop a robust, commercial-grade, full-featured, and Open Source toolkit implementing the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols as well as a full-strength general purpose. OpenSSL is a C library that implements the main cryptographic operations like symmetric encryption, public-key encryption, digital signature, hash functions and so on. OpenSSL also OpenSSL is avaible for a wide variety of platforms.
OpenSSL is a robust, commercial-grade, and full-featured toolkit for the Transport Layer Security (TLS) and Secure Sockets Layer (SSL) protocols. OpenSSL is available for multiple platforms including Linux, MacOS & Windows (via gnuwin32). For this article I will be using the Windows version of OpenSSL which can be downloaded from http://gnuwin32.sourceforge.net/packages/openssl.htm.
The syntax that we use depends on what type of server we are querying. To query a web server you would do the following:
To query a smtp server you would do the following:
Where is replaced with the fully qualified domain name (FQDN) of the server we want to check. The output generated contains multiple sections with --- spearators between them. Messenger lite ios. The following example is showing a connection on port 443 against outlook.office365.com. The first section presented is around the connection information:
The next section contains details about the certificate chain:
Amazon prime video roku problems. The actual public server certificate is next:
Following the server certificate we see the Certificate Subject and Issuer:
If there is a client certificate sent it would be presented next:
We next see details about the particular SSL handshake that occurred:
Next if we query a SMTP server on port 25 with the -starttls smtp parameters we will get back the information from that server. Below is an example of one of the output from this type of query:
In both of these examples the typical information that we use in troubleshooting is the certifcate chain.
e.g. 1:
e.g. 2:
Openssl Protocol Reviews
Depending on the problem I'm dealing with I'll make a determination on how I want to proceed next. If the system you are connecting from is receiving regular root certificate updates there shouldn't be any issues with the root certificates.
The syntax that we use depends on what type of server we are querying. To query a web server you would do the following:
To query a smtp server you would do the following:
Where is replaced with the fully qualified domain name (FQDN) of the server we want to check. The output generated contains multiple sections with --- spearators between them. Messenger lite ios. The following example is showing a connection on port 443 against outlook.office365.com. The first section presented is around the connection information:
The next section contains details about the certificate chain:
Amazon prime video roku problems. The actual public server certificate is next:
Following the server certificate we see the Certificate Subject and Issuer:
If there is a client certificate sent it would be presented next:
We next see details about the particular SSL handshake that occurred:
Next if we query a SMTP server on port 25 with the -starttls smtp parameters we will get back the information from that server. Below is an example of one of the output from this type of query:
In both of these examples the typical information that we use in troubleshooting is the certifcate chain.
e.g. 1:
e.g. 2:
Openssl Protocol Reviews
Depending on the problem I'm dealing with I'll make a determination on how I want to proceed next. If the system you are connecting from is receiving regular root certificate updates there shouldn't be any issues with the root certificates.
The most common issue that I see around certificates is missing root certificates. These problems are easily resolved by ensuring that you have installed the most recent root certificate update for your system.
If you find that the proper root certificates have been installed on the system the next thing to check is that you can reach the certificate revolcation list (CRL) to verify that the certificate is still valid. This requires internet access and on a Windows system can be checked using certutil.
At the very bottom of the output you should see:
Openssl Protocol
If you don't have access to the internet you will see an error at this point. Onion deep web browser chrome.
